ziming/laravel-zxcvbn

Zxcvbn Password validation rule for Laravel

Fund package maintenance!
ziming

2.2 2024-08-09 08:38 UTC

This package is auto-updated.

Last update: 2024-12-13 02:51:46 UTC


README

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

Laravel Zxcvbn Password Validation Rule. Nothing more, nothing less.

For an introdution to Zxcvbn, see the following link

https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation

Installation

You can install the package via composer:

composer require ziming/laravel-zxcvbn

You can publish the config file with:

php artisan vendor:publish --tag="zxcvbn-config"

This is the contents of the published config file. The default min score is set to 3.

<?php

return [
    // If you wish to override the default min score in the config,
    // you can do so by passing in a second argument to the ZxcvbnRule constructor.
    // e.g. new ZxcvbnRule([], 4)
    'min_score' => env('ZXCVBN_MIN_SCORE', 3),
];

bjeavons/zxcvbn-php provides a good overview on the zxcvbn score.

Scores are integers from 0 to 4:

- 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
- 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1
- 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks
- 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario
- 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario

Usage

// In your validation rules
use Illuminate\Validation\Rules\Password;
use Ziming\LaravelZxcvbn\Rules\ZxcvbnRule;

[
    'name' => ['required']
    'email' => ['required', 'email'],
    'password' => [
        'required', 
        'confirmed', 
        'min:8',
        new ZxcvbnRule([
            request('email'),
            request('name'),
        ]),
    ],
]
## Testing

```bash
composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.