Download the PHP package danhunsaker/laravel-topology without Composer

On this page you can find all versions of the php package danhunsaker/laravel-topology. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-topology

laravel-topology

Liberapay receiving

A Laravel package for password-topology-check

What is it?

The password-topology-check package provides a simple utility for converting passwords to their topologies. It also offers the ability to compare the result against the top 100 most common topologies (also known as the [PathWell Topologies][]), and reject any new passwords that match. The idea is to reduce your sites' attack planes, by making passwords harder to guess.

So what is a password topology? Well, it goes back to the "character classes" used on many sites to improve security. There are four of those, in general: upper case, lower case, digits, and symbols. The topology of a password, then, is the pattern of its character classes. P@5s, for example, has the topology upper, symbol, digit, lower, or usdl for short, while w0®D is ldsu. Ensuring your users don't re-use a PathWell Topology ensures hackers need to work through all of those before they start reaching ones they can break. Many will move on before they get that far.

Of course, even that isn't enough, just as requiring all four character classes isn't. The real benefit isn't from blocking the most common, though that's a good start. Instead, the true benefit comes from the other things we can do with it. On a per-user level, it's easy to convert both a new and an old password to their repsective topologies, then calculate the Levenshtein Distance between them. If the topology hasn't changed by a high enough factor (the default, here, is 2), the password hasn't changed enough, either. Then, as an added layer, the concept of wear-leveling can be added in to prevent users from re-using a topology already in use by other users (or their previous passwords). Wear-leveling your password topologies requires a second data store of some kind, to prevent attackers from getting too much information about which topologies are in use, but spreads your passwords out more, making them harder to crack, and reducing the chances that cracking one will help reveal several others.

OK, so what is this?

This package hooks the password-topology-check package into Laravel projects. It registers two new validation rules you can use to compare topologies and provide wear-leveling. The configuration file provides some options for how each of these features should be handled. Other than that, it tries to stay out of the way.

Usage

If your Laravel version is older than 5.5, you'll need to add the service provider to your config/app.php manually:

Unless the defaults are fine for your app, you'll want to publish the configuration and language files:

Validations: topology

Out of the box, you'll have access to two new validation rules. The first is topology, and there are two ways to use it. The first is checking the input against the internal forbidden topologies list:

The internal list can be modified directly at startup, and also automatically as passwords are created/updated – that is, they can also be wear-leveled. See the configuration section, below, for more on how to set that up.

Validations: topology:{list}

The second way to use the topology rule is checking it against a hard-coded topologies list:

Or perhaps:

Topologies with a leading ! are forbidden, while bare topologies are allowed. So the examples above would allow 555-55-5555 and 555555555, but not 555-555-555; and 555-555-5555 and (555) 555-5555 but not 555-5555 or 5555555. If any topologies are explicitly allowed (that is, if the list includes a bare topology), then only the allowed topologies will pass validation.

Validations: topo-dist:{field}

The second new validation rule is topo-dist, and checks that a new password's topology is at least the configured Levenshtein Distance from the old one's:

NOTE: Password resets can't take advantage of this functionality, as the previous password won't be available to compare against.

Topology Usage Tracking

This package also provides support for auditing your topology usage, and wear-leveling your topologies, but it takes a bit of extra setup to use. The first step is to update your ResetPasswordController to use the ResetsPasswords trait from this package instead of Laravel's. This is super simple, though – just change:

to:

The second step is to update your RegisterController to use the updateTopologyUsage method of this package's TracksTopologyUsage trait when creating new users:

Then just do the same thing you did to the RegisterController to any/all controllers you use to update users, and you're set to collect the topology usage data you need, either for auditing or for wear leveling (or potentially both?).

Configuration

The configuration file has a number of options for enabling and disabling additional features. Each is described below, along with their default values so you can decide whether to publish the configuration file or not.


All versions of laravel-topology with dependencies

PHP Build Version
Package Version
Requires php Version ^7.1.3
danhunsaker/password-topology-check Version dev-master
illuminate/support Version ^5.6 || ^6.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package danhunsaker/laravel-topology contains the following files

Loading the files please wait ....