Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 
 
 
 
 

readme.md

Laravel Pwned Password Validator

Adds a Laravel validator rule that checks if a password has been pwned in any public data breaches. This uses Troy Hunt's Pwned Password API https://haveibeenpwned.com/API/v2 to check for pwned passwords.

Installation

Using composer:

composer require "payfast/laravel-validate-pwned-password":"^1.0"

For old verions of Laravel (<5.5) and Lumen you may need to manually register the service provider. Add in bootstrap/app.php

    $app->register('PayFast\\Providers\\PwnedPasswordServiceProvider');

Usage

When using Laravel Validation you can now add a new rule pwnedpassword to any field that will contain a password. This rule will fail the input if the supplied value matches a known pwned password.

Example:

return Validator::make($data, [
    'password' => 'required|string|min:8|pwnedpassword|confirmed',
]);

Customization

To change the error message add a language string to resources/lang/en/validation.php

    'pwnedpassword' => 'This :attribute is not secure. It appears :count times in the Pwned Passwords database of security breaches. For more information: https://haveibeenpwned.com/Passwords'

About

Laravel validator rule that checks if a password has been pwned in any public data breaches. This uses Troy Hunt's Pwned Password API https://haveibeenpwned.com/API/v2 to check for pwned passwords.

Resources

License

Packages

No packages published

Languages