olssonm/l5-zxcvbn

Implementation of the zxcvbn project by @dropbox for Laravel. Uses zxcvbn-php by @bjeavons.

v4.2 2020-03-11 14:04 UTC

This package is auto-updated.

Last update: 2020-06-11 14:42:50 UTC


README

Latest Version on Packagist Total downloads Software License Build Status Scrutinizer Score

zxcvbn

A simple implementation of zxcvbn for Laravel. This package allows you to access "zxcvbn-related" data on a passphrase in the application and also to use zxcvbn as a standard validator.

Uses Zxcvbn-PHP by @mkopinsky (originally by @bjeavons), which in turn is inspired by zxcvbn by @dropbox.

Install

Via Composer

$ composer require olssonm/l5-zxcvbn

If you wish to have the ability to use Zxcvbn via dependency injection, or just have a quick way to access the class – add an alias to the facades:

'aliases' => [
    'Zxcvbn' => Olssonm\Zxcvbn\Facades\Zxcvbn::class
]

Usage

If you've added Olssonm\Zxcvbn as an alias, your can access Zxcvbn easily from anywhere in your application:

"In app"

<?php

use Zxcvbn;

class MyClass extends MyOtherClass
{
    public function myFunction()
    {
        $zxcvbn = Zxcvbn::passwordStrength('password');
        dd($zxcvbn);

        // array:9 [
        //     "password" => "password"
        //     "guesses" => 3
        //     "guesses_log10" => 0.47712125471966
        //     "sequence" => array:1 []
        //     "crack_times_seconds" => array:4 []
        //     "crack_times_display" => array:4 []
        //     "score" => 0
        //     "feedback" => array:2 []
        //     "calc_time" => 0.042769908905029
        // ]
    }
}

Play around with different passwords and phrases, the results may surprise you. Check out Zxcvbn-PHP for more uses and examples.

As a validator

The package gives you two different validation rules that you may use; zxcvbn_min and zxcvbn_dictionary.

zxcvbn_min

zxcvbn_min allows you to set up a rule for minimum score that the value beeing tested should adhere to.

Syntax

input' => 'zxcvbn_min:min_value'

Example

<?php
    $data = ['password' => 'password'];
    $validator = Validator::make($data, [
        'password' => 'zxcvbn_min:3|required',
    ], [
        'password.zxcvbn_min' => 'Your password is not strong enough!'
    ]);

In this example the password should at least have a "score" of three (3) to pass the validation. Of course, you should probably use the zxcvbn-library on the front-end too to allow the user to know this before posting the form...

zxcvbn_dictionary

This is a bit more interesting. zxcvbn_dictionary allows you to input both the users username and/or email, and their password. The validator checks that the password doesn't exist in the username, or that they are too similar.

Syntax

'input' => 'xcvbn_dictionary:username,email'

Example

<?php
    /**
     * Example 1, pass
     */
    $password = '31??2sa//"dhjd2askjd19sad19!!&!#"';
    $data = [
        'username'  => 'user',
        'email'     => 'trash@thedumpster.com'
    ];
    $validator = Validator::make($password, [
        'password' => 'zxcvbn_dictionary:' . $data['username'] . ',' . $data['email'] . '|required',
    ]);

    dd($validator->passes());
    // true

    /**
     * Example 2, fail
     */
    $password = 'mycomplicatedphrase';
    $data = [
        'username'  => 'mycomplicatedphrase',
        'email'     => 'mycomplicatedphrase@thedumpster.com'
    ];
    $validator = Validator::make($password, [
        'password' => 'zxcvbn_dictionary:' . $data['username'] . ',' . $data['email'] . '|required',
    ]);

    dd($validator->passes());
    // false

Testing

$ composer test

or

$ phpunit

License

The MIT License (MIT). Please see the License File for more information.

© 2019 Marcus Olsson.