Download the PHP package lukasjankowski/laravel-safepass without Composer
On this page you can find all versions of the php package lukasjankowski/laravel-safepass. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download lukasjankowski/laravel-safepass
More information about lukasjankowski/laravel-safepass
Files in lukasjankowski/laravel-safepass
Package laravel-safepass
Short Description A laravel 5 password validation package for checking if passwords are really secure
License MIT
Informations about the package laravel-safepass
Unmaintained
Laravel-Safepass for Laravel 5
This package allows you to check the given password based on Zxcvbn and use it to validate its strength / entropy.
Note: Depending on how heavy the load on your application is, it might be wiser to use something else as the checks can be quite expensive on computing time.
The why
I got tired of solutions using some arbitrary regex to validate that the password contains at least one uppercase character, lowercase character, digit etc. Those requirements are not safe, not to mention that they advocate the exact opposite of what you were trying to accomplish.
See: xkcd or codinghorror for explanations.
This package uses - as mentioned above - https://github.com/bjeavons/zxcvbn-php/ as a means to calculate the passwords entropy and estimated cracking time. It will then go ahead and convert that value to a percentage in order to make writing rules more convenient.
The percentage is based off 10^8 seconds.
- So 100% is ~ 3 years,
- 50% would be ~ 1.5 years,
- 10% would be ~ 115 days etc.
The default value is 50%.
Installation
Require via composer:
Include the service provider within your .
Usage
Simply add the as a rule to your request validation.
Examples:
If you want to override the standard of 50% you can add a parameter to the rule:
The default error message is:
which you can override just like you would with other rules.
TODO
- Unit tests