A simple implementation of zxcvbn for Laravel. This package allows you to access "zxcvbn-related" data on a passphrase in the application and also to use zxcvbn as a standard validator.
Uses Zxcvbn-PHP by @bjeavons, which in turn is inspired by zxcvbn by @dropbox.
Via Composer
$ composer require olssonm/l5-zxcvbn
If you wish to have the ability to use Zxcvbn
via dependency injection, or just have a quick way to access the class – add an alias to the facades:
'aliases' => [
'Zxcvbn' => Olssonm\Zxcvbn\Facades\Zxcvbn::class
]
If you've added Olssonm\Zxcvbn
as an alias, your can access Zxcvbn easily from anywhere in your application:
use Zxcvbn;
class MyClass extends MyOtherClass
{
public function myFunction()
{
$zxcvbn = Zxcvbn::passwordStrength('password');
dd($zxcvbn);
// array:9 [
// "password" => "password"
// "guesses" => 3.0
// "guesses_log10" => 0.47712125471966
// "sequence" => [],
// "crack_times_seconds" => array:4 [
// "online_throttling_100_per_hour" => 108.0
// "online_no_throttling_10_per_second" => 0.3
// "offline_slow_hashing_1e4_per_second" => 0.0003
// "offline_fast_hashing_1e10_per_second" => 3.0E-10
// ]
// "crack_times_display" => array:4 [
// "online_throttling_100_per_hour" => "2 minutes"
// "online_no_throttling_10_per_second" => "less than a second"
// "offline_slow_hashing_1e4_per_second" => "less than a second"
// "offline_fast_hashing_1e10_per_second" => "less than a second"
// ]
// "score" => 0
// "feedback" => array:2 [
// "warning" => "This is a top-10 common password"
// "suggestions" => array:1 [
// 0 => "Add another word or two. Uncommon words are better."
// ]
// ]
// "calc_time" => 0.020488977432251
// ]
}
}
Play around with different passwords and phrases, the results may surprise you. Check out Zxcvbn-PHP for more uses and examples.
The package makes two types of validations available for your application. zxcvbn
and zxcvbn_dictionary
.
With this rule you set the lowest score that the phrase need to score wuth Zxcvbn to pass.
Syntax
'input' => 'zxcvbn:min_value'
Examples
$request->validate([
'password' => 'required|zxcvbn:3'
]);
You may also initialize the rule as an object:
use Olssonm\Zxcvbn\Rules\Zxcvbn;
function rules()
{
return [
'password' => ['required', new Zxcvbn($minScore = 3)]
];
}
In this example the password should at least have a "score" of three (3) to pass the validation. Of course, you should probably use the zxcvbn-library on the front-end too to allow the user to know this before posting the form.
This is a bit more interesting. zxcvbn_dictionary
allows you to input both the users username and/or email together with their password (you need suply one piece of user input). The validator checks that the password doesn't exist in the username, or that they are too similar.
Syntax
'input' => 'zxcvbn_dictionary:input1,input2'
Examples
$request->validate([
'password' => sprintf('required|zxcvbn_dictionary:%s,%s', $request->username, $request->email)
]);
use Olssonm\Zxcvbn\Rules\ZxcvbnDictionary;
function rules()
{
return [
'password' => ['required', new ZxcvbnDictionary($this->username)]
];
}
$ composer test
or
$ phpunit
The MIT License (MIT). Please see the License File for more information.
© 2022 Marcus Olsson.