Skip to content
Implementation of the zxcvbn project by @dropbox for Laravel 5. Uses zxcvbn-php by @bjeavons.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
tests
.editorconfig
.gitignore
.scrutinizer.yml
.travis.yml
LICENSE.md
README.md
composer.json
phpunit.xml

README.md

Zxcvbn for Laravel 5

Latest Version on Packagist Total downloads Software License Build Status Scrutinizer Score

zxcvbn

A simple implementation of zxcvbn for Laravel 5. This package allows you to access "zxcvbn-related" data on a passphrase in the application and also to use zxcvbn as a standard validator.

Uses Zxcvbn-PHP by @bjeavons, which in turn is inspired by zxcvbn by @dropbox.

Install

Via Composer

$ composer require olssonm/l5-zxcvbn

Add the package to your providers array (will be added automatically in Laravel 5.5+):

'providers' => [
    Olssonm\Zxcvbn\ZxcvbnServiceProvider::class,
]

If you wish to have the ability to use Zxcvbn via dependency injection, or just have a quick way to access the class – add an alias to the facades:

'aliases' => [
    'Zxcvbn' => Olssonm\Zxcvbn\Facades\Zxcvbn::class
]

Usage

If you've added Olssonm\Zxcvbn as an alias, your can access Zxcvbn easily from anywhere in your application:

"In app"

<?php

use Zxcvbn;

class MyClass extends MyOtherClass
{
    public function myFunction()
    {
        $zxcvbn = Zxcvbn::passwordStrength('password');
        dd($zxcvbn);

        // array:6 [▼
        //   "crack_time" => 5.0E-5
        //   "calc_time" => 0.12961101531982
        //   "password" => "password"
        //   "entropy" => 0.0
        //   "match_sequence" => array:1 []
        //   "score" => 0
        // ]
    }
}
?>

Play around with different passwords and phrases, the results may surprise you. Check out Zxcvbn-PHP for more uses and examples.

As a validator

The package gives you two different validation rules that you may use; zxcvbn_min and zxcvbn_dictionary.

zxcvbn_min

zxcvbn_min allows you to set up a rule for minimum score that the value beeing tested should adhere to.

Syntax

input' => 'zxcvbn_min:min_value'

Example

<?php
    $data = ['password' => 'password'];
    $validator = Validator::make($data, [
        'password' => 'zxcvbn_min:3|required',
    ], [
        'password.zxcvbn_min' => 'Your password is not strong enough!'
    ]);

In this example the password should at least have a "score" of three (3) to pass the validation. Of course, you should probably use the zxcvbn-library on the front-end too to allow the user to know this before posting the form...

zxcvbn_dictionary

This is a bit more interesting. zxcvbn_dictionary allows you to input both the users username and/or email, and their password. The validator checks that the password doesn't exist in the username, or that they are too similar.

Syntax

'input' => 'xcvbn_dictionary:username,email'

Example

<?php
    /**
     * Example 1, pass
     */
    $password = '31??2sa//"dhjd2askjd19sad19!!&!#"';
    $data = [
        'username'  => 'user',
        'email'     => 'trash@thedumpster.com'
    ];
    $validator = Validator::make($password, [
        'password' => 'zxcvbn_dictionary:' . $data['username'] . ',' . $data['email'] . '|required',
    ]);

    dd($validator->passes());
    // true

    /**
     * Example 2, fail
     */
    $password = 'mycomplicatedphrase';
    $data = [
        'username'  => 'mycomplicatedphrase',
        'email'     => 'mycomplicatedphrase@thedumpster.com'
    ];
    $validator = Validator::make($password, [
        'password' => 'zxcvbn_dictionary:' . $data['username'] . ',' . $data['email'] . '|required',
    ]);

    dd($validator->passes());
    // false

Testing

$ composer test

or

$ phpunit

License

The MIT License (MIT). Please see the License File for more information.

© 2018 Marcus Olsson.

You can’t perform that action at this time.