Usage of the Rollerworks\Bundle\PasswordStrengthBundle\Validator\Constraints\Blacklist
constraint is very simple.
**Note.** The blacklisted passwords are case-sensitive.
First you need to configure a blacklist provider.
**Tip.** You can use the ChainProvider for using multiple providers at once.
default_provider contains the service-name you want to use for BlackListValidator.
You can choose from:
- rollerworks_password_strength.blacklist.provider.noop: Default implementation, always returns false.
- rollerworks_password_strength.blacklist.provider.array: In-memory-array blacklist, not recommended for big lists.
- rollerworks_password_strength.blacklist.provider.sqlite: SQLite3 database file, updatable using the rollerworks-password:blacklist:update console command.
- rollerworks_password_strength.blacklist.provider.chain: Allows using multiple blacklist providers.
Or create your own service.
Your blacklist provider must implement the Rollerworks\Bundle\PasswordStrengthBundle\Blacklist\BlacklistProviderInterface.
Add the following to your config file:
# app/config/config.yml
rollerworks_password_strength:
blacklist:
# Replace rollerworks_password_strength.blacklist.provider.noop with the service you want to use
default_provider: rollerworks_password_strength.blacklist.provider.noopAdd the following to your config file:
# app/config/config.yml
rollerworks_password_strength:
blacklist:
default_provider: rollerworks_password_strength.blacklist.provider.array
providers:
# The 'array' contains a list with all the blacklisted words
array: [blacklisted-word-1, blacklisted-word-2]Add the following to your config file:
# app/config/config.yml
rollerworks_password_strength:
blacklist:
default_provider: rollerworks_password_strength.blacklist.provider.sqlite
providers:
sqlite:
# Make sure the location is outside the cache dir
dsn: "file:%kernel.root_dir%/Resources/password_blacklist.db"The chain provider works by searching in the registered providers.
You can add as many providers as you want.
Add the following to your config file:
# app/config/config.yml
rollerworks_password_strength:
blacklist:
default_provider: rollerworks_password_strength.blacklist.provider.sqlite
providers:
chain:
providers:
# Add a list of services to search in
- rollerworks_password_strength.blacklist.provider.array
- rollerworks_password_strength.blacklist.provider.sqliteIf you are using annotations for validation, include the constraints namespace:
use Rollerworks\Bundle\PasswordStrengthBundle\Validator\Constraints as RollerworksPassword;and then add the PasswordStrength validator to the relevant field:
/**
* @RollerworksPassword\Blacklist()
*/
protected $password;You can use the following app/console commands to manage your blacklist-database.
To add new passwords to the blacklist:
$ app/console rollerworks-password:blacklist:update password password2 "this pass word has spaces"To remove passwords from the blacklist.
$ app/console rollerworks-password:blacklist:delete password password2 "this pass word has spaces"Or when you want import a list of passwords from a file, use the --file parameter.
Every line in the file is considered a password.
$ app/console rollerworks-password:blacklist:update --file="/tmp/passwords-blacklist.txt"To remove the database completely (warning this will remove all the blacklisted passwords from your database).
$ app/console rollerworks-password:blacklist:purgeTo export the database, this will display all the blacklisted passwords (one per line).
You can then forward the result to a text file.
$ app/console rollerworks-password:blacklist:list > /tmp/exported-blacklist.txtTo get started you can use the bad/leaked passwords databases provider by Skull Security.
Its recommended to use at least the 500-worst-passwords database. Especially when not enforcing strong passwords using the PasswordStrengthValidator.