Skip to content

georgringer/password_validation

Repository files navigation

🔐 Password Validation

Live, server-side password policy feedback (a "password meter") for TYPO3 backend password fields. As you type, each requirement of the configured password policy is checked and the requirement list turns green ✅ / red ❌ in real time — no more guessing why the record won't save.

Example

⚠️ Security warning — read this first

This extension sends the typed password to the server (over your normal authenticated backend HTTPS connection) on every debounced keystroke, so the policy can be validated with the same server-side logic used on save.

  • The password is transmitted in clear text within the request body (like any normal login/save already does).
  • HTTPS is enforced. The meter only sends from a secure context (window.isSecureContext — HTTPS, or localhost in development), and the controller rejects any non-HTTPS request. Over plain HTTP nothing is sent and nothing is validated.
  • Do not install it if sending the in-progress password to the server is unacceptable in your threat model.

📦 Installation

Composer (recommended):

composer require georgringer/password-validation

⚙️ Configuration

None required. The meter uses the backend password policy configured in

$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordPolicy']   // default: 'default'

Every backend type=password field that declares a passwordPolicy in its TCA automatically gets the live meter.

🧩 Compatibility

  • TYPO3 13.4 LTS and 14.3
  • PHP 8.2+

📄 License

GPL-2.0-or-later

About

Live validation of your password

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors