Password-strength validator for Symfony
This package provides various password strength validators for the Symfony Validator component.
To use this bundle with a Symfony application use the RollerworksPasswordStrengthBundle.
Passwords can be validated using either strength-levels (weak, medium, strong etc) or by configuring explicit requirements (needs letters, numbers etc).
This library provides the same level of functionality as the PasswordStrengthBundle created by John Bafford.
To install this package, add
rollerworks/password-strength-validator to your composer.json:
$ php composer.phar require rollerworks/password-strength-validator
Now, Composer will automatically download all required files, and install them for you.
You need at least PHP 5.6 or PHP 7.0, mbstring is recommended but not required. For the provided blacklist providers you may need SQLite3 or PDO compatible driver.
The password validators do not enforce that the field must have a value! To make a field "required" use the NotBlank constraint in combination with the password validator(s).
All examples assume you have the Composer autoloader already in your code, see also How to Install and Use the Symfony Components for more information.
Validates the passwords strength-level (weak, medium, strong etc).
Validates the passwords using explicitly configured requirements (letters, caseDiff, numbers, requireSpecialCharacter).
There are times you want forbid (blacklist) a password from usage.
Passwords are blacklisted using providers which can either be an array or (flat-file) database (which you can update regularly).
With the default installation the following providers can be used.
Noop: Default provider, does nothing.
Array: Simple in memory blacklist provider (not recommended for big lists)
Sqlite: Provides the blacklist using a SQLite3 database file.
Pdo: Provides the blacklist using the PDO extension.
But building your own is also possible. Documentation on this is currently missing, see current providers for more information.
Validates that the requested password was not found in a trove of compromised passwords found at https://haveibeenpwned.com/.
To enable this you must install the suggested package "guzzlehttp/psr7" as well as a HttpClient such as "php-http/guzzle6-adapter".
For transparency and insight into the release cycle, and for striving to maintain backward compatibility, this package is maintained under the Semantic Versioning guidelines as much as possible.
Releases will be numbered with the following format:
And constructed with the following guidelines:
- Breaking backward compatibility bumps the major (and resets the minor and patch)
- New additions without breaking backward compatibility bumps the minor (and resets the patch)
- Bug fixes and misc changes bumps the patch
For more information on SemVer, please visit http://semver.org/.
This library is released under the MIT license.
This is an open source project. If you'd like to contribute, please read the Contributing Guidelines. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section.