A simple package to validate against common passwords and help keep your application secure.

Overview

common-passwords

A simple package to validate against common passwords and help keep your application secure.

composer require crumbls/common-passwords
  • php artisan common-passwords:install
  • Add the \Crumbls\CommonPasswords\Rules\NotCommonPassword() rule to your password field.
    • Best practice says that the best place to do this is to put it into your registration and password recovery validators.
  • You can add any extra passwords using the \Crumbls\CommonPasswords\Models\Password model. It only has one field: password

Attached is a simple example that can be ran from anywhere. It will throw a validation exception because we are verifying the password "password" which is a commonly used password.

try {
    $validator = \Illuminate\Support\Facades\Validator::make([
        'password' => 'password'
    ], [
        'password' => [
            'required',
            'string',
            'min:1',
            'max:256',
            new \Crumbls\CommonPasswords\Rules\NotCommonPassword()
        ],
    ]);
    print_r($validator->validated());
} catch (\Illuminate\Validation\ValidationException $e) {
    echo $e->getMessage();
}

Since authentication and registration are commonly reinvented based on the application, this is an example of how you could do it in a very basic RegistrationController out of Laravel 8.x. This would overwrite your validator method.

 /**
     * Get a validator for an incoming registration request.
     *
     * @param  array $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'password' => ['required', 'string', 'min:8', 'confirmed', new \Crumbls\CommonPasswords\Rules\NotCommonPassword()],
        ]);
    }

I've had a people ask if you can use this to directly check if a user's password is on this list. It's a horrible idea because of the resources it consumes and this is just brute force testing. That is why you should verify it when you are setting the password. But, if you need to for some reason, here is a simple sample on how to do it.

// Take a random user.  You should be more pointed than this.
$user = \App\Models\User::inRandomOrder()->take(1)->first();
    $passwords = \Crumbls\CommonPasswords\Models\Password::orderBy(
        with(new \Crumbls\CommonPasswords\Models\Password())->getKeyName(),
        'asc'
    )->get();
    foreach($passwords as $password) {
        if (\Hash::check($password->password, $user->password)) {
            printf('User had an invalid password: %s .', $password->password);
            break;
        }
    }

The documentation is sparse. If you have any questions, feel free to ask here or on twitter @chasecmiller Remember that this is only designed to be a validation rule.

You might also like...
Lightweight and feature-rich PHP validation and filtering library. Support scene grouping, pre-filtering, array checking, custom validators, custom messages. 轻量且功能丰富的PHP验证、过滤库。支持场景分组,前置过滤,数组检查,自定义验证器,自定义消息。

PHP Validate 一个简洁小巧且功能完善的php验证、过滤库。 简单方便,支持添加自定义验证器 支持前置验证检查, 自定义如何判断非空 支持将规则按场景进行分组设置。或者部分验证 支持在进行验证前对值使用过滤器进行净化过滤内置过滤器 支持在进行验证前置处理和后置处理独立验证处理 支持自定义每

File uploads with validation and storage strategies

Upload This component simplifies file validation and uploading. Usage Assume a file is uploaded with this HTML form: form method="POST" enctype="mult

Abstracts HTTP request input handling, providing an easy interface for data hydration and validation

Linio Input Linio Input is yet another component of the Linio Framework. It aims to abstract HTTP request input handling, allowing a seamless integrat

Light and extendable schema validation library

Light PHP validation library For everyone who uses MongoDB or other NoSQL solution and cares about what client sends to his/her database and looking f

Improved abstraction for dealing with union and named types.
Improved abstraction for dealing with union and named types.

Check whether a reflection type or method accepts a given input

Validation rules for Money and Currency

money-validation-laravel Validation rules for Money and Currency Installation composer require brokeyourbike/money-validation-laravel Usage Package us

Argentinian CUIT and CUIL Validator

CUIT/CUIL Validator Argentinian CUIT and CUIL Rules for laravel validation Installation $ composer require iutrace/laravel-cuit-validator Usage Exampl

Modern PHP validator on steroids for validating forms and/or array's.

Modern PHP Validator - Standalone Validation on Steroids Introduction Head first example Installation Adding fields for validation Execute validation

Validates passwords against PHP's password_hash function using PASSWORD_DEFAULT. Will rehash when needed, and will upgrade legacy passwords with the Upgrade decorator.

Password Validator Password Validator validates password_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords.

Otpify is a Laravel package that provides a simple and elegant way to generate and validate one time passwords.

Laravel Otpify 🔑 Introduction Otpify is a Laravel package that provides a simple and elegant way to generate and validate one time passwords. Install

Self-hosted platform to keep and share your content: web links, posts, passwords and pictures.
Self-hosted platform to keep and share your content: web links, posts, passwords and pictures.

Shaark is a self-hosted platform to keep and share your content: web links, posts, passwords and pictures. All of your data can be private, public or

MySecureVault is the most secure passwords, notes and files vault on the Internet.

MySecureVault MySecureVault is the most secure passwords, notes and files vault on the Internet. It has been developed with ultimate privacy and secur

DaybydayCRM an open-source CRM, to help you keep track of your daily workflow.
DaybydayCRM an open-source CRM, to help you keep track of your daily workflow.

====================== DaybydayCRM is an everyday customer relationship management system (CRM) to help you keep track of your customers, tasks, appoi

DaybydayCRM an open-source CRM, to help you keep track of your daily workflow.
DaybydayCRM an open-source CRM, to help you keep track of your daily workflow.

====================== DaybydayCRM is an everyday customer relationship management system (CRM) to help you keep track of your customers, tasks, appoi

A script to help setup Laravel project with common packages and configurations

About Snap Snap allow developer to create scaffold Laravel project. Installation Clone this repository in your user home directory. cd ~ git clone htt

A package to keep track of outgoing emails in your Laravel application.

Keep track of outgoing emails and associate sent emails with Eloquent models This package helps you to keep track of outgoing emails in your Laravel a

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

A package to keep track of your pages & understand your audience
A package to keep track of your pages & understand your audience

A clean way to track your pages & understand your user's behavior Installation You can install the package via composer: composer require coderflexx/l

Releases(v1.1.1)
Owner
Crumbls
I don't focus on customer service, I focus on customer solutions.
Crumbls
PHP Email address validator - A library for validating emails against several RFC.

EmailValidator A library for validating emails against several RFC. Supported RFCs This library aims to support RFCs: 5321, 5322, 6530, 6531, 6532, 10

Eduardo Gulias Davis 10.7k Jun 13, 2022
Validate and sanitize arrays and objects.

Aura.Filter This package provides tools to validate and sanitize objects and arrays. Foreword Installation This library requires PHP 5.4 or later; we

Aura for PHP 153 Jan 2, 2023
PHP library to validate and convert ISBNs and EANs

biblys/isbn biblys/isbn can be used to: validate a string against the ISBN-10, ISBN-13 and EAN-13 formats convert an ISBN to ISBN-10, ISBN-13, EAN-13

Biblys 48 Apr 10, 2022
PHP library to validate and format license plate numbers.

License plate validator and formatter CI Status Lint Coverage Tests This library can be used to validate and format license plate numbers. Countries s

Automex.website 1 Oct 19, 2022
PHP library for ArCaptcha. This package supports PHP 7.3+.

PHP ArCaptcha Library PHP library for ArCaptcha. This package supports PHP 7.3+. List of contents PHP ArCaptcha Library List of contents Installation

Mohammad Abbasi 10 Aug 12, 2022
A PHP package for validating/generating/formatting an IRS document number (CPF/CNPJ)

A PHP package for validating/generating/formatting an IRS document number (CPF/CNPJ)

null 7 Dec 15, 2022
This package contains validatiors of data used in Poland (PESEL, NIP, REGON etc.)

This package contains validatiors of data used in Poland (PESEL, NIP, REGON etc.)

Pawel Lukas 2 Mar 18, 2022
Valitron is a simple, elegant, stand-alone validation library with NO dependencies

Valitron: Easy Validation That Doesn't Suck Valitron is a simple, minimal and elegant stand-alone validation library with NO dependencies. Valitron us

Vance Lucas 1.5k Dec 30, 2022
A simple filtering library for PHP

Filterus - A flexible PHP 5.3 filter package Filter Methods: Each filter class has two primary methods: $filter->filter($var) - returns a modified ver

Anthony Ferrara 451 Dec 27, 2022
An extensible validation library for your data with sane defaults.

Hird Hirds, also known as housecarls, was a gathering of hirdmen, who functioned as the king's personal guards during the viking age and the early mid

Asko Nõmm 13 Apr 23, 2022