PHP download

Download the PHP package bakerkretzmar/laravel-pwned-password-rule without Composer

On this page you can find all versions of the php package bakerkretzmar/laravel-pwned-password-rule. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download bakerkretzmar/laravel-pwned-password-rule
More information about bakerkretzmar/laravel-pwned-password-rule
Files in bakerkretzmar/laravel-pwned-password-rule

Vendor bakerkretzmar
Package laravel-pwned-password-rule
Short Description A Laravel validation rule to check passwords against Have I Been Pwned
License MIT
Homepage https://github.com/bakerkretzmar/laravel-pwned-password-rule

Keywords validation password laravel rule hibp

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of bakerkretzmar/laravel-pwned-password-rule

Informations about the package laravel-pwned-password-rule

Laravel Pwned Password Rule

Validate passwords against the Have I Been Pwned database.

Have I Been Pwned is a service that lets you check if any of your accounts have been compromised in a data breach. In addition to their website and account search functionality, they operate a Pwned Passwords tool that allows securely and anonymously searching just for passwords found in breaches. Under the hood, this validation rule queries the Pwned Passwords API and checks if and how often the value being validated appears in HIBP's breach database.

This package does NOT share your users’ passwords with third parties. Values being validated using this rule are hashed in your application, and the first five characters of the hash are sent to the Pwned Password API. The API returns all password hash suffixes matching these five characters, and back in your application this rule determines which hash matches the value you sent. This package also supports response padding to further obscure the API's responses to hash queries.

For more information please read the launch announcement of Pwned Passwords, Introducing 306 Million Freely Downloadable Pwned Passwords, the V2 announcement, I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download, and the Have I Been Pwned API documentation.

Installation

You can install the package with Composer:

Usage

Use this rule like any other Laravel validation rule:

You can also use the rule's string alias:

By default, the rule will fail any value that has ever appeared in Have I Been Pwned's breach database, which contains over 500,000,000 passwords. To allow passwords that have been breached but don't appear in the database often, you can pass an integer to the rule as its first argument. Values appearing that many times or fewer will then pass validation.

Pwned Passwords also offers additional security with optional response padding, which pads responses with fake hashes to a length of 800–1,000 lines, to defend against attacks that inspect the size of the response to determine how many matches the API returned. You can enable response padding by passing true as the second argument to this rule.

Security

If you find any security related issues with this package, please email [email protected] instead of submitting an issue.

Credits

Troy Hunt created and maintains Have I Been Pwned

License

This package is release under the MIT License. See LICENSE.md.

All versions of laravel-pwned-password-rule with dependencies

PHP Build Version

Package Version

Version 1.0.0 Release 06. Sep 2020
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of laravel-pwned-password-rule from vendor bakerkretzmar

Requires php Version ^7.4
guzzlehttp/guzzle Version ^7.0
illuminate/http Version ^7.0
illuminate/support Version ^7.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package bakerkretzmar/laravel-pwned-password-rule contains the following files

Loading the files please wait ....