Zxcvbn for Laravel 5

A simple implementation of zxcvbn for Laravel 5. This package allows you to access "zxcvbn-related" data on a passphrase in the application, but also use zxcvbn as a standard validator.

Uses Zxcvbn-PHP by @bjeavons, which in turn is inspired by zxcvbn by @dropbox.

Install

Via Composer

$ composer require olssonm/l5-zxcvbn

Add the package to your providers array:

'providers' => [
    Olssonm\Zxcvbn\ZxcvbnServiceProvider::class,
]

If you wish to have the ability to use Zxcvbn via dependency injection, or just have a quick way to access the class – add an alias to the facades:

'aliases' => [
    'Zxcvbn' => Olssonm\Zxcvbn\Facades\Zxcvbn::class
]

Usage

If you've added Olssonm\Zxcvbn as an alias, your can access Zxcvbn easily from anywhere in your application:

"In app"

<?php

use Zxcvbn;

class MyClass extends MyOtherClass
{
    public function myFunction()
    {
        $zxcvbn = Zxcvbn::passwordStrength('password');
        dd($zxcvbn);

        // array:6 [▼
        //   "crack_time" => 5.0E-5
        //   "calc_time" => 0.12961101531982
        //   "password" => "password"
        //   "entropy" => 0.0
        //   "match_sequence" => array:1 []
        //   "score" => 0
        // ]
    }
}
?>

Play around with different passwords and phrases, the results may surprise you. Check out Zxcvbn-PHP for more uses and examples.

As a validator

The package gives you two different validation rules that you may use; zxcvbn_min and zxcvbn_dictionary.

zxcvbn_min

zxcvbn_min allows you to set up a rule for minimum score that the value beeing tested should adhere to.

Syntax

input' => 'zxcvbn_min:min_value'

Example

<?php
    $data = ['password' => 'password'];
    $validator = Validator::make($data, [
        'password' => 'zxcvbn_min:3|required',
    ], [
        'password.zxcvbn_min' => 'Your password is not strong enough!'
    ]);

In this example the password should at least have a "score" of three (3) to pass the validation. Of course, you should probably use the zxcvbn-library on the front-end too to allow the user to know this before posting the form...

zxcvbn_dictionary

This is a bit more interesting. zxcvbn_dictionary allows you to input both the users username and/or email, and their password. The validator checks that the password doesn't exist in the username, or that they are too similar.

Syntax

'input' => 'xcvbn_dictionary:username,email'

Example

<?php
    /**
     * Example 1, pass
     */
    $password = '31??2sa//"dhjd2askjd19sad19!!&!#"';
    $data = [
        'username'  => 'user',
        'email'     => 'trash@thedumpster.com'
    ];
    $validator = Validator::make($password, [
        'password' => 'zxcvbn_dictionary:' . $data['username'] . ',' . $data['email'] . '|required',
    ]);

    dd($validator->passes());
    // true

    /**
     * Example 2, fail
     */
    $password = 'mycomplicatedphrase';
    $data = [
        'username'  => 'mycomplicatedphrase',
        'email'     => 'mycomplicatedphrase@thedumpster.com'
    ];
    $validator = Validator::make($password, [
        'password' => 'zxcvbn_dictionary:' . $data['username'] . ',' . $data['email'] . '|required',
    ]);

    dd($validator->passes());
    // false

Testing

$ composer test

or

$ phpunit

License

The MIT License (MIT). Please see License File for more information.

© 2016 Marcus Olsson.