tadah-dev / laravel-zxcvbn
Implementation of the zxcvbn project by @dropbox for Laravel. Uses zxcvbn-php by @bjeavons.
Requires
- php: ^7.3|^8.0
- bjeavons/zxcvbn-php: ^1.2
- illuminate/support: ^7.0|^8.0|^9.0
Requires (Dev)
- orchestra/testbench: >=4.0
- phpunit/phpunit: ^8.0|^9.0
This package is not auto-updated.
Last update: 2022-09-10 00:16:52 UTC
README
A simple implementation of zxcvbn for Laravel. This package allows you to access "zxcvbn-related" data on a passphrase in the application and also to use zxcvbn as a standard validator.
Uses Zxcvbn-PHP by @bjeavons and @mkopinsky, which in turn is inspired by zxcvbn by @dropbox.
Install
Via Composer
$ composer require olssonm/l5-zxcvbn
If you wish to have the ability to use Zxcvbn via dependency injection, or just have a quick way to access the class – add an alias to the facades:
'aliases' => [ 'Zxcvbn' => Olssonm\Zxcvbn\Facades\Zxcvbn::class ]
Usage
If you've added Olssonm\Zxcvbn as an alias, your can access Zxcvbn easily from anywhere in your application:
"In app"
<?php use Zxcvbn; class MyClass extends MyOtherClass { public function myFunction() { $zxcvbn = Zxcvbn::passwordStrength('password'); dd($zxcvbn); // array:9 [ // "password" => "password" // "guesses" => 3 // "guesses_log10" => 0.47712125471966 // "sequence" => array:1 [] // "crack_times_seconds" => array:4 [] // "crack_times_display" => array:4 [] // "score" => 0 // "feedback" => array:2 [] // "calc_time" => 0.042769908905029 // ] } }
Play around with different passwords and phrases, the results may surprise you. Check out Zxcvbn-PHP for more uses and examples.
As a validator
The package gives you two different validation rules that you may use; zxcvbn_min and zxcvbn_dictionary.
zxcvbn_min
zxcvbn_min allows you to set up a rule for minimum score that the value beeing tested should adhere to.
Syntax
input' => 'zxcvbn_min:min_value'
Example
<?php $data = ['password' => 'password']; $validator = Validator::make($data, [ 'password' => 'zxcvbn_min:3|required', ], [ 'password.zxcvbn_min' => 'Your password is not strong enough!' ]);
In this example the password should at least have a "score" of three (3) to pass the validation. Of course, you should probably use the zxcvbn-library on the front-end too to allow the user to know this before posting the form...
zxcvbn_dictionary
This is a bit more interesting. zxcvbn_dictionary allows you to input both the users username and/or email, and their password. The validator checks that the password doesn't exist in the username, or that they are too similar.
Syntax
'input' => 'xcvbn_dictionary:username,email'
Example
<?php /** * Example 1, pass */ $password = '31??2sa//"dhjd2askjd19sad19!!&!#"'; $data = [ 'username' => 'user', 'email' => 'trash@thedumpster.com' ]; $validator = Validator::make($password, [ 'password' => sprintf('required|zxcvbn_dictionary:%s,%s', $data['username'], $data['email']) ]); dd($validator->passes()); // true /** * Example 2, fail */ $password = 'mycomplicatedphrase'; $data = [ 'username' => 'mycomplicatedphrase', 'email' => 'mycomplicatedphrase@thedumpster.com' ]; $validator = Validator::make($password, [ 'password' => sprintf('required|zxcvbn_dictionary:%s,%s', $data['username'], $data['email']) ]); dd($validator->passes()); // false
Testing
$ composer test
or
$ phpunit
License
The MIT License (MIT). Please see the License File for more information.
© 2020 Marcus Olsson.