rebelinblue / laravel-zxcvbn
Service provider to use the zxcvbn project by @dropbox in Laravel 5.4 and above
Installs: 45 763
Dependents: 1
Suggesters: 0
Security: 0
Stars: 12
Watchers: 3
Forks: 10
Open Issues: 2
Requires
- php: >=8.0
- bjeavons/zxcvbn-php: ^0.3||^1.2||^1.3
- illuminate/support: ^5.4||^6.0||^7.0||^8.0||^9.0||^10.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.14
- orchestra/testbench: ~3.4.10 || ~3.6.7 || ~3.7.8 || ~3.8.6 || ^4.8 || ^5.2 || ^6.0 || ^7.0
- php-parallel-lint/php-console-highlighter: ^1.0
- php-parallel-lint/php-parallel-lint: ^0.9.2||^1.2
- phpmd/phpmd: ^2.6
- phpunit/phpunit: ^5.7||^9.5
- squizlabs/php_codesniffer: ^2.8||^3.5.8
README
This package provides a validator which uses Dropbox's zxcvbn password strength estimator; it uses the PHP implementation from bjeavons.
Installation
This package can be installed through Composer.
composer require rebelinblue/laravel-zxcvbn
In Laravel 5.5 the package will auto-register the service provider. In Laravel 5.4 you must register this
service provider manually in config/app.php by adding REBELinBLUE\Zxcvbn\ZxcvbnServiceProvider::class to the
providers array
There is also an optional facade for Zxcvbn; in Laravel 5.5 it will be auto-registered. In Laravel 5.4
you must register the facade manually by adding the following to the aliases array in config/app.php
'Zxcvbn' => REBELinBLUE\Zxcvbn\ZxcvbnFacade::class,
Optionally, you can publish the translations for this package with, however it is only required if you wish to change them
php artisan vendor:publish --provider="REBELinBLUE\Zxcvbn\ZxcvbnServiceProvider"
Usage
If you have added the alias you can access Zxcvbn from anywhere in your code using the façade
<?php use Zxcvbn; class MyCustomClass { public function someMethod() { $strength = Zxcvbn::passwordStrength('Pa$$w0rd'); dd($strength); } }
However, you probably want to use it as a validator. The package add a single rule "zxcvbn"
Example
<?php $input = [ /* user input */ ]; $validator = Validator::make($input, [ 'password' => 'required|min:6|zxcvbn', ]);
There are 2 optional parameters, the required score from 0 to 4 and a comma separate list of other fields to compare against, for example to ensure a strong password which doesn't contain the username or email you would use
'password' => 'required|min:6|zxcvbn:4,username,email',
The scores are rated as follows:
- 0 - Too guessable: risky password. (guesses < 10^3)
- 1 - Very guessable: protection from throttled online attacks. (guesses < 10^6)
- 2 - Somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
- 3 - Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
- 4 - Very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)