Skip to content
Laravel validator using Dropbox's zxcvbn password strength estimator
PHP Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources/lang
src
tests
.codecov.yml
.editorconfig
.gitattributes
.gitignore
.php_cs.dist
.styleci.yml
.travis.yml
LICENSE.md
Makefile
README.md
composer.json
composer.lock
phpunit.xml.dist

README.md

Laravel Zxcvbn validator

Build Status Code Coverage Software License

This package provides a validator which uses Dropbox's zxcvbn password strength estimator; it uses the PHP implementation from bjeavons.

Installation

This package can be installed through Composer.

composer require rebelinblue/laravel5-zxcvbn

In Laravel 5.5 the package will auto-register the service provider. In Laravel 5.4 you must register this service provider manually in config/app.php by adding REBELinBLUE\Zxcvbn\ZxcvbnServiceProvider::class to the providers array

There is also an optional facade for Zxcvbn; in Laravel 5.5 it will be auto-registered. In Laravel 5.4 you must register the facade manually by adding the following to the aliases array in config/app.php

    'Zxcvbn' => REBELinBLUE\Zxcvbn\ZxcvbnFacade::class,

Optionally, you can publish the translations for this package with, however it is only required if you wish to change them

php artisan vendor:publish --provider="REBELinBLUE\Zxcvbn\ZxcvbnServiceProvider"

Usage

If you have added the alias you can access Zxcvbn from anyone in your code using the façade

<?php

use Zxcvbn;

class MyCustomClass
{
    public function someMethod()
    {
        $strength = Zxcvbn::passwordStrength('Pa$$w0rd');
        dd($strength);
    }    
}

However, you probably want to use it as a validator. The package add a single rule "zxcvbn"

Example

<?php

$input = [ /* user input */ ];
$validator = Validator::make($input, [
    'password' => 'required|min:6|zxcvbn',
]); 

There are 2 optional parameters, the required score from 0 to 4 and a comma separate list of other fields to compare against, for example to ensure a strong password which doesn't contain the username or email you would use

'password' => 'required|min:6|zxcvbn:4,username,email',

The scores are rated as follows:

  • 0 - Too guessable: risky password. (guesses < 10^3)
  • 1 - Very guessable: protection from throttled online attacks. (guesses < 10^6)
  • 2 - Somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
  • 3 - Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
  • 4 - Very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
You can’t perform that action at this time.