Laravel Pwned Passwords

Installation

Install this package with composer:

composer require nickurt/laravel-pwned-passwords

Copy the config files for the PwnedPasswords-plugin

php artisan vendor:publish --provider="nickurt\PwnedPasswords\ServiceProvider" --tag="config"

Examples

Validation Rule - IsPwnedPassword

// FormRequest ...

public function rules()
{
    return [
        'password' => ['required', new \nickurt\PwnedPasswords\Rules\IsPwnedPassword(20)]
    ];
}

// Manually ...

$validator = validator()->make(request()->all(), ['password' => ['required', new \nickurt\PwnedPasswords\Rules\IsPwnedPassword(20)]]);

The IsPwnedPassword-rule has one optional paramter frequency (default 10) to validate the request.

Manually Usage - IsPwnedPassword

$isPwnedPassword = \PwnedPasswords::setFrequency(20)
    ->setPassword('laravel-pwned-passwords')
    ->isPwnedPassword();

Events

You can listen to the IsPwnedPassword event, e.g. if you want to log the IsPwnedPassword-requests in your application

IsPwnedPassword Event

This event will be fired when the password is above the frequency of pwned passwords nickurt\PwnedPasswords\Events\IsPwnedPassword

Tests

composer test

---