photogabble / laravel-registration-validator
Solid credential validation for Laravel.
Requires
- php: >=7.0.0
- photogabble/php-confusable-homoglyphs: ^1.0
Requires (Dev)
- orchestra/testbench: ~3.5
- phpunit/phpunit: 6.*|7.*
This package is auto-updated.
Last update: 2024-11-07 16:11:41 UTC
README
Solid credential validation for Laravel >= 5.5
About this package
An all-Latin username containing confusables is probably fine, and an all-Cyrillic username containing confusables is probably fine, but a username containing mostly Latin plus one Cyrillic code point which happens to be confusable with a Latin one… is not. - James Bennet
This package is a Laravel validation wrapper around the PHP Confusable Homoglyphs library to provide your application the ability to validate user input as not containing dangerous confusables.
I began writing this package soon after reading the above quote from this article by James Bennett on registration credential validation that referenced how Django’s auth system validates new users credentials.
In addition to unicode confusables validation this package also includes a PHP port of the reserved name validation that Django's auth system uses.
This is a PHP7 project built for use with Laravel versions 5.5 and above.
Install
Install this library with composer: composer require photogabble/laravel-registration-validator
.
Usage
This package provides three validators: not-reserved-name
, not-confusable-string
and not-confusable-email
.
Not Reserved Name Validator
This validator checks the input to ensure it does not contain any strings listed within config key registration-validation.reserved_list
. To extend this list use the php artisan vendor:publish
command to copy this config to your project.
Not Confusable String Validator
This validator checks the input using the PHP Confusable Homoglyphs library to ensure it does not contain any confusable unicode characters.
Not Confusable Email Validator
This validator does not validate that the input is a valid email address, instead it validates that a string containing an @
does not contain any confusable unicode characters for each part either side of the @
symbol.