Light

unicodeveloper / laravel-password Goto Github PK

View Code? Open in Web Editor NEW

425.0 15.0 58.0 66 KB

:closed_lock_with_key: :smiling_imp: Guard your users against entering dumb passwords in your Laravel 5 apps

Home Page: http://goodheads.io/2016/07/03/introducing-laravel-password-v1-0/

License: MIT License

PHP 100.00%

laravel-password's Introduction

laravel-password

Guard your users from security problems by preventing them from having dumb passwords

Introduction

This package can be used to verify the user provided password is not one of the top 10,000 worst passwords as analyzed by a respectable IT security analyst. Read about all here, here(wired) or here(telegram)

Installation

PHP 5.5+ or HHVM 3.3+, and Composer are required.

To get the latest version of Laravel Password, simply add the following line to the require block of your composer.json file.

"unicodeveloper/laravel-password": "1.0.*"

You'll then need to run composer install or composer update to download it and have the autoloader updated.

If you're on Laravel 5.5 or above, that's all you need to do! Check out the usage examples below.
If you're on Laravel < 5.5, you'll need to register the service provider. Open up config/app.php and add the following to the providers array:

Unicodeveloper\DumbPassword\DumbPasswordServiceProvider::class

Usage

Use the rule dumbpwd in your validation like so:

/**
 * Get a validator for an incoming registration request.
 *
 * @param  array  $data
 * @return \Illuminate\Contracts\Validation\Validator
 */
protected function validator(array $data)
{
    return Validator::make($data, [
        'name' => 'required|max:255',
        'email' => 'required|email|max:255|unique:users',
        'password' => 'required|min:6|dumbpwd|confirmed',
    ]);
}

Error shows on the page like so:

By default, the error message returned is This password is just too common. Please try another!.

You can customize the error message by opening resources/lang/en/validation.php and adding to the array like so:

  'dumbpwd' => 'You are using a dumb password abeg',

Change log

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please feel free to fork this package and contribute by submitting a pull request to enhance the functionalities.

Inspiration

Eugene Mutai

How can I thank you?

Why not star the github repo? I'd love the attention! Why not share the link for this repository on Twitter or HackerNews? Spread the word!

Don't forget to follow me on twitter!

Thanks! Prosper Otemuyiwa.

License

The MIT License (MIT). Please see License File for more information.

laravel-password's People

Contributors

Stargazers

Watchers

laravel-password's Issues

Is the flip needed?

Hey there,

Thanks for this package, it's great :)

I'm just wondering, why do you need to flip the array of dumb passwords? No scientific measures here, but this operation seems to be kind of memory intensive and take a bit of time to run. It is causing some of my tests in a project to fail due to running out of memory.

If I remove it, everything still seems to work as expected, and run a bit faster and use less memory.

Let me know. I'd be happy to submit a PR to remove it.

Thanks! 😄

refactor

Hi @unicodeveloper

I want to contribute to this project a bit more to get my feet wet with open source projects and seems like this one is the perfect starting point for me. I'm thinking we can do a refactor on this to separate the logic for parsing and searching the file to it's own class. What do you think? Overkill? Also was looking at maybe writing out some tests.

Just wanting feedback before I start working on it :)

Thanks,
Shaun

Improvements

I'm thinking of making a password package and just came across yours.

Aside from checking the common 10k passwords I had this in mind:

Making the password list localizable
Speed up common password checking (3s is not acceptable IMO)
Checking unicode password lengths like 💩💀 equals 2 and not 4
Checks for common patterns like: dates, repeats (aaa), sequences (abcd), and qwerty patterns

Let me know if you're interesting in me extending this package or if I should make a separate one.

Refactor: Separate logic into it's own class & write tests for it

Write tests for the service provider

Caching in Database

Caching the bad passwords list in the default Laravel migration for the cache table using MySQL (text with maximum length of 65k characters) is to big and crops the end of list which causes a decryption error "The payload is invalid." next time someone tries to change their password.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.