1ea671c7fe
* Add Laravel 9 requirement * Remove scrutinizer test * Create test.yml * Fix directory name * Fix issue on older PHP-ver |
||
|---|---|---|
| .github/workflows | ||
| src | ||
| tests | ||
| .editorconfig | ||
| .gitignore | ||
| LICENSE.md | ||
| README.md | ||
| composer.json | ||
| phpunit.xml | ||
README.md
Zxcvbn for Laravel
A simple implementation of zxcvbn for Laravel. This package allows you to access "zxcvbn-related" data on a passphrase in the application and also to use zxcvbn as a standard validator.
Uses Zxcvbn-PHP by @bjeavons and @mkopinsky, which in turn is inspired by zxcvbn by @dropbox.
Install
Via Composer
$ composer require olssonm/l5-zxcvbn
If you wish to have the ability to use Zxcvbn via dependency injection, or just have a quick way to access the class – add an alias to the facades:
'aliases' => [
'Zxcvbn' => Olssonm\Zxcvbn\Facades\Zxcvbn::class
]
Usage
If you've added Olssonm\Zxcvbn as an alias, your can access Zxcvbn easily from anywhere in your application:
"In app"
<?php
use Zxcvbn;
class MyClass extends MyOtherClass
{
public function myFunction()
{
$zxcvbn = Zxcvbn::passwordStrength('password');
dd($zxcvbn);
// array:9 [
// "password" => "password"
// "guesses" => 3
// "guesses_log10" => 0.47712125471966
// "sequence" => array:1 []
// "crack_times_seconds" => array:4 []
// "crack_times_display" => array:4 []
// "score" => 0
// "feedback" => array:2 []
// "calc_time" => 0.042769908905029
// ]
}
}
Play around with different passwords and phrases, the results may surprise you. Check out Zxcvbn-PHP for more uses and examples.
As a validator
The package gives you two different validation rules that you may use; zxcvbn_min and zxcvbn_dictionary.
zxcvbn_min
zxcvbn_min allows you to set up a rule for minimum score that the value beeing tested should adhere to.
Syntax
input' => 'zxcvbn_min:min_value'
Example
<?php
$data = ['password' => 'password'];
$validator = Validator::make($data, [
'password' => 'zxcvbn_min:3|required',
], [
'password.zxcvbn_min' => 'Your password is not strong enough!'
]);
In this example the password should at least have a "score" of three (3) to pass the validation. Of course, you should probably use the zxcvbn-library on the front-end too to allow the user to know this before posting the form...
zxcvbn_dictionary
This is a bit more interesting. zxcvbn_dictionary allows you to input both the users username and/or email, and their password. The validator checks that the password doesn't exist in the username, or that they are too similar.
Syntax
'input' => 'xcvbn_dictionary:username,email'
Example
<?php
/**
* Example 1, pass
*/
$password = '31??2sa//"dhjd2askjd19sad19!!&!#"';
$data = [
'username' => 'user',
'email' => 'trash@thedumpster.com'
];
$validator = Validator::make($password, [
'password' => sprintf('required|zxcvbn_dictionary:%s,%s', $data['username'], $data['email'])
]);
dd($validator->passes());
// true
/**
* Example 2, fail
*/
$password = 'mycomplicatedphrase';
$data = [
'username' => 'mycomplicatedphrase',
'email' => 'mycomplicatedphrase@thedumpster.com'
];
$validator = Validator::make($password, [
'password' => sprintf('required|zxcvbn_dictionary:%s,%s', $data['username'], $data['email'])
]);
dd($validator->passes());
// false
Testing
$ composer test
or
$ phpunit
License
The MIT License (MIT). Please see the License File for more information.
© 2020 Marcus Olsson.