ziming / laravel-zxcvbn
Zxcvbn Password validation rule for Laravel
Fund package maintenance!
ziming
Installs: 23 350
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 2
Forks: 1
Open Issues: 1
Requires
- php: ^8.1
- bjeavons/zxcvbn-php: ^1.3
- illuminate/contracts: ^10.0 | ^11.0
- spatie/laravel-package-tools: ^1.9.2
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.8
- nunomaduro/collision: ^6.0 | ^7.0 | ^8.0
- nunomaduro/larastan: ^2.0.1
- orchestra/testbench: ^8.0 | ^9.0
- pestphp/pest: ^1.21
- pestphp/pest-plugin-laravel: ^1.1
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
- phpunit/phpunit: ^9.5|^10.0
- spatie/laravel-ray: ^1.26
README
Laravel Zxcvbn Password Validation Rule. Nothing more, nothing less.
For an introdution to Zxcvbn, see the following link
https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation
Installation
You can install the package via composer:
composer require ziming/laravel-zxcvbn
You can publish the config file with:
php artisan vendor:publish --tag="zxcvbn-config"
This is the contents of the published config file. The default min score is set to 3.
<?php return [ // If you wish to override the default min score in the config, // you can do so by passing in a second argument to the ZxcvbnRule constructor. // e.g. new ZxcvbnRule([], 4) 'min_score' => env('ZXCVBN_MIN_SCORE', 3), ];
bjeavons/zxcvbn-php provides a good overview on the zxcvbn score.
Scores are integers from 0 to 4:
- 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
- 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1
- 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks
- 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario
- 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario
Usage
// In your validation rules use Illuminate\Validation\Rules\Password; use Ziming\LaravelZxcvbn\Rules\ZxcvbnRule; [ 'name' => ['required'] 'email' => ['required', 'email'], 'password' => [ 'required', 'confirmed', 'min:8', new ZxcvbnRule([ request('email'), request('name'), ]), ], ]
## Testing
```bash
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.