Skip to content

photogabble/laravel-registration-validator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Laravel Registration Validator

Solid credential validation for Laravel >= 5.5

Build Status Latest Stable Version License

About this package

An all-Latin username containing confusables is probably fine, and an all-Cyrillic username containing confusables is probably fine, but a username containing mostly Latin plus one Cyrillic code point which happens to be confusable with a Latin one… is not. - James Bennet

This package is a Laravel validation wrapper around the PHP Confusable Homoglyphs library to provide your application the ability to validate user input as not containing dangerous confusables.

I began writing this package soon after reading the above quote from this article by James Bennett on registration credential validation that referenced how Django’s auth system validates new users credentials.

In addition to unicode confusables validation this package also includes a PHP port of the reserved name validation that Django's auth system uses.

This is a PHP7 project built for use with Laravel versions 5.5 and above.

Install

Install this library with composer: composer require photogabble/laravel-registration-validator.

Usage

This package provides three validators: not-reserved-name, not-confusable-string and not-confusable-email.

Not Reserved Name Validator

This validator checks the input to ensure it does not contain any strings listed within config key registration-validation.reserved_list. To extend this list use the php artisan vendor:publish command to copy this config to your project.

Not Confusable String Validator

This validator checks the input using the PHP Confusable Homoglyphs library to ensure it does not contain any confusable unicode characters.

Not Confusable Email Validator

This validator does not validate that the input is a valid email address, instead it validates that a string containing an @ does not contain any confusable unicode characters for each part either side of the @ symbol.