feat: implement laravel password strength (#5821)

monicahq · Jan 1, 2022 · 8295be3 · 8295be3
1 parent 1b491d1
commit 8295be3
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 1 deletion.
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -57,7 +57,28 @@ public function boot()
         );
 
         Password::defaults(function () {
-            return Password::min(6);
+            if (! $this->app->environment('production')) {
+                return Password::min(6);
+            }
+            $rules = Password::min(config('app.password_min'));
+            $config = explode(',', config('app.password_rules'));
+            if (in_array('mixedCase', $config)) {
+                $rules = $rules->mixedCase();
+            }
+            if (in_array('letters', $config)) {
+                $rules = $rules->letters();
+            }
+            if (in_array('numbers', $config)) {
+                $rules = $rules->numbers();
+            }
+            if (in_array('symbols', $config)) {
+                $rules = $rules->symbols();
+            }
+            if (in_array('uncompromised', $config)) {
+                $rules = $rules->uncompromised();
+            }
+
+            return $rules;
         });
 
         if (config('database.use_utf8mb4')

diff --git a/config/app.php b/config/app.php
@@ -122,6 +122,23 @@
 
     'cipher' => 'AES-256-CBC',
 
+    /*
+    |--------------------------------------------------------------------------
+    | Password strength
+    |--------------------------------------------------------------------------
+    |
+    | You can configure password strength requirements here.
+    | - password_min is the minimum length of the password.
+    | - password_rules are requirements that can be added on the password:
+    |   mixedCase, letters, numbers, symbols, uncompromised.
+    |   See https://laravel.com/docs/8.x/validation#validating-passwords
+    |
+    */
+
+    'password_min' => (int) env('APP_PASSWORD_MIN', 8),
+
+    'password_rules' => env('APP_PASSWORD_RULES', 'mixedCase,letters,numbers,symbols,uncompromised'),
+
     /*
     |--------------------------------------------------------------------------
     | Autoloaded Service Providers

diff --git a/resources/lang/en.json b/resources/lang/en.json
@@ -0,0 +1,7 @@
+{
+    "The :attribute must contain at least one uppercase and one lowercase letter.": "The :attribute must contain at least one uppercase and one lowercase letter.",
+    "The :attribute must contain at least one letter.": "The :attribute must contain at least one letter.",
+    "The :attribute must contain at least one symbol.": "The :attribute must contain at least one symbol.",
+    "The :attribute must contain at least one number.": "The :attribute must contain at least one number.",
+    "The given :attribute has appeared in a data leak. Please choose a different :attribute.": "The given :attribute has appeared in a data leak. Please choose a different :attribute."
+}
diff --git a/resources/lang/fr.json b/resources/lang/fr.json
@@ -0,0 +1,7 @@
+{
+    "The :attribute must contain at least one uppercase and one lowercase letter.": "Le champ :attribute doit avoir au moins une lettre majuscule et une lettre minuscule.",
+    "The :attribute must contain at least one letter.": "Le champ :attribute doit avoir au moins une lettre.",
+    "The :attribute must contain at least one symbol.": "Le champ :attribute doit avoir au moins un symbole.",
+    "The :attribute must contain at least one number.": "Le champ :attribute doit avoir au moins un numéro.",
+    "The given :attribute has appeared in a data leak. Please choose a different :attribute.": "La valeur du champ :attribute est apparue dans une fuite de données. Veuillez choisir une valeur différente."
+}