├── .coveralls.yml
├── .gitignore
├── .travis.yml
├── LICENSE
├── README.md
├── assets
└── images
│ └── laravel-password-exposed.png
├── composer.json
├── phpunit.xml
├── src
├── Factories
│ └── PasswordExposedCheckerFactory.php
└── PasswordExposed.php
└── tests
└── Unit
└── PasswordExposedTest.php
/.coveralls.yml:
--------------------------------------------------------------------------------
1 | coverage_clover: tests/Logs/clover.xml
2 | json_path: tests/Logs/coveralls-upload.json
3 | service_name: travis-ci
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | vendor/
2 | composer.lock
3 | .idea
4 | .phpunit.result.cache
5 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: php
2 | distro: bionic
3 | php:
4 | - '7.1'
5 | - '7.2'
6 | - '7.3'
7 | - '7.4'
8 | - '8.0'
9 | - '8.1'
10 | install:
11 | - composer update
12 | script:
13 | - ./vendor/bin/phpunit --coverage-clover ./tests/Logs/clover.xml
14 | after_script:
15 | - php vendor/bin/php-coveralls -v
16 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU LESSER GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 |
9 | This version of the GNU Lesser General Public License incorporates
10 | the terms and conditions of version 3 of the GNU General Public
11 | License, supplemented by the additional permissions listed below.
12 |
13 | 0. Additional Definitions.
14 |
15 | As used herein, "this License" refers to version 3 of the GNU Lesser
16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU
17 | General Public License.
18 |
19 | "The Library" refers to a covered work governed by this License,
20 | other than an Application or a Combined Work as defined below.
21 |
22 | An "Application" is any work that makes use of an interface provided
23 | by the Library, but which is not otherwise based on the Library.
24 | Defining a subclass of a class defined by the Library is deemed a mode
25 | of using an interface provided by the Library.
26 |
27 | A "Combined Work" is a work produced by combining or linking an
28 | Application with the Library. The particular version of the Library
29 | with which the Combined Work was made is also called the "Linked
30 | Version".
31 |
32 | The "Minimal Corresponding Source" for a Combined Work means the
33 | Corresponding Source for the Combined Work, excluding any source code
34 | for portions of the Combined Work that, considered in isolation, are
35 | based on the Application, and not on the Linked Version.
36 |
37 | The "Corresponding Application Code" for a Combined Work means the
38 | object code and/or source code for the Application, including any data
39 | and utility programs needed for reproducing the Combined Work from the
40 | Application, but excluding the System Libraries of the Combined Work.
41 |
42 | 1. Exception to Section 3 of the GNU GPL.
43 |
44 | You may convey a covered work under sections 3 and 4 of this License
45 | without being bound by section 3 of the GNU GPL.
46 |
47 | 2. Conveying Modified Versions.
48 |
49 | If you modify a copy of the Library, and, in your modifications, a
50 | facility refers to a function or data to be supplied by an Application
51 | that uses the facility (other than as an argument passed when the
52 | facility is invoked), then you may convey a copy of the modified
53 | version:
54 |
55 | a) under this License, provided that you make a good faith effort to
56 | ensure that, in the event an Application does not supply the
57 | function or data, the facility still operates, and performs
58 | whatever part of its purpose remains meaningful, or
59 |
60 | b) under the GNU GPL, with none of the additional permissions of
61 | this License applicable to that copy.
62 |
63 | 3. Object Code Incorporating Material from Library Header Files.
64 |
65 | The object code form of an Application may incorporate material from
66 | a header file that is part of the Library. You may convey such object
67 | code under terms of your choice, provided that, if the incorporated
68 | material is not limited to numerical parameters, data structure
69 | layouts and accessors, or small macros, inline functions and templates
70 | (ten or fewer lines in length), you do both of the following:
71 |
72 | a) Give prominent notice with each copy of the object code that the
73 | Library is used in it and that the Library and its use are
74 | covered by this License.
75 |
76 | b) Accompany the object code with a copy of the GNU GPL and this license
77 | document.
78 |
79 | 4. Combined Works.
80 |
81 | You may convey a Combined Work under terms of your choice that,
82 | taken together, effectively do not restrict modification of the
83 | portions of the Library contained in the Combined Work and reverse
84 | engineering for debugging such modifications, if you also do each of
85 | the following:
86 |
87 | a) Give prominent notice with each copy of the Combined Work that
88 | the Library is used in it and that the Library and its use are
89 | covered by this License.
90 |
91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license
92 | document.
93 |
94 | c) For a Combined Work that displays copyright notices during
95 | execution, include the copyright notice for the Library among
96 | these notices, as well as a reference directing the user to the
97 | copies of the GNU GPL and this license document.
98 |
99 | d) Do one of the following:
100 |
101 | 0) Convey the Minimal Corresponding Source under the terms of this
102 | License, and the Corresponding Application Code in a form
103 | suitable for, and under terms that permit, the user to
104 | recombine or relink the Application with a modified version of
105 | the Linked Version to produce a modified Combined Work, in the
106 | manner specified by section 6 of the GNU GPL for conveying
107 | Corresponding Source.
108 |
109 | 1) Use a suitable shared library mechanism for linking with the
110 | Library. A suitable mechanism is one that (a) uses at run time
111 | a copy of the Library already present on the user's computer
112 | system, and (b) will operate properly with a modified version
113 | of the Library that is interface-compatible with the Linked
114 | Version.
115 |
116 | e) Provide Installation Information, but only if you would otherwise
117 | be required to provide such information under section 6 of the
118 | GNU GPL, and only to the extent that such information is
119 | necessary to install and execute a modified version of the
120 | Combined Work produced by recombining or relinking the
121 | Application with a modified version of the Linked Version. (If
122 | you use option 4d0, the Installation Information must accompany
123 | the Minimal Corresponding Source and Corresponding Application
124 | Code. If you use option 4d1, you must provide the Installation
125 | Information in the manner specified by section 6 of the GNU GPL
126 | for conveying Corresponding Source.)
127 |
128 | 5. Combined Libraries.
129 |
130 | You may place library facilities that are a work based on the
131 | Library side by side in a single library together with other library
132 | facilities that are not Applications and are not covered by this
133 | License, and convey such a combined library under terms of your
134 | choice, if you do both of the following:
135 |
136 | a) Accompany the combined library with a copy of the same work based
137 | on the Library, uncombined with any other library facilities,
138 | conveyed under the terms of this License.
139 |
140 | b) Give prominent notice with the combined library that part of it
141 | is a work based on the Library, and explaining where to find the
142 | accompanying uncombined form of the same work.
143 |
144 | 6. Revised Versions of the GNU Lesser General Public License.
145 |
146 | The Free Software Foundation may publish revised and/or new versions
147 | of the GNU Lesser General Public License from time to time. Such new
148 | versions will be similar in spirit to the present version, but may
149 | differ in detail to address new problems or concerns.
150 |
151 | Each version is given a distinguishing version number. If the
152 | Library as you received it specifies that a certain numbered version
153 | of the GNU Lesser General Public License "or any later version"
154 | applies to it, you have the option of following the terms and
155 | conditions either of that published version or of any later version
156 | published by the Free Software Foundation. If the Library as you
157 | received it does not specify a version number of the GNU Lesser
158 | General Public License, you may choose any version of the GNU Lesser
159 | General Public License ever published by the Free Software Foundation.
160 |
161 | If the Library as you received it specifies that a proxy can decide
162 | whether future versions of the GNU Lesser General Public License shall
163 | apply, that proxy's public statement of acceptance of any version is
164 | permanent authorization for you to choose that version for the
165 | Library.
166 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # 🔒 Laravel Password Exposed Validation Rule
2 |
3 | This package provides a Laravel validation rule that checks if a password has been exposed in a data breach. It uses the haveibeenpwned.com passwords API via the [`divineomega/password_exposed`](https://github.com/DivineOmega/password_exposed) library.
4 |
5 |
6 | 
7 |
8 |
9 |
10 | 
11 | 
12 | 
13 | 
14 |
15 |
16 | ## Installation
17 |
18 | To install, just run the following Composer command.
19 |
20 | ```
21 | composer require divineomega/laravel-password-exposed-validation-rule
22 | ```
23 |
24 | Please note that this package requires Laravel 5.1 or above.
25 |
26 | ## Usage
27 |
28 | The following code snippet shows an example of how to use the password exposed validation rule.
29 |
30 | ```php
31 | use DivineOmega\LaravelPasswordExposedValidationRule\PasswordExposed;
32 |
33 | $request->validate([
34 | 'password' => ['required', new PasswordExposed()],
35 | ]);
36 | ```
37 |
38 | If you wish, you can also set a custom validation message, as shown below.
39 |
40 | ```php
41 | use DivineOmega\LaravelPasswordExposedValidationRule\PasswordExposed;
42 |
43 | $request->validate([
44 | 'password' => ['required', (new PasswordExposed())->setMessage('This password is not secure.')],
45 | ]);
46 | ```
47 |
--------------------------------------------------------------------------------
/assets/images/laravel-password-exposed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DivineOmega/laravel-password-exposed-validation-rule/2d0e5d5e6d9c7f822556f2fe77bc59e71366741d/assets/images/laravel-password-exposed.png
--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "divineomega/laravel-password-exposed-validation-rule",
3 | "description": "Laravel validation rule that checks if a password has been exposed in a data breach",
4 | "type": "library",
5 | "require": {
6 | "php": "^7.1||^8.0||8.1",
7 | "divineomega/password_exposed": "^3.2.0",
8 | "illuminate/contracts": "^5.1||^6.0||^7.0||^8.0||^9.0"
9 | },
10 | "license": "LGPL-3.0-only",
11 | "authors": [
12 | {
13 | "name": "Jordan Hall",
14 | "email": "jordan@hall05.co.uk"
15 | }
16 | ],
17 | "autoload": {
18 | "psr-4": {
19 | "DivineOmega\\LaravelPasswordExposedValidationRule\\": "./src/"
20 | }
21 | },
22 | "autoload-dev": {
23 | "psr-4": {
24 | "Tests\\": "tests/"
25 | }
26 | },
27 | "require-dev": {
28 | "phpunit/phpunit": "^7.0||^8.0||^9.0",
29 | "php-coveralls/php-coveralls": "^2.0"
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/phpunit.xml:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
13 | ./tests/Unit
14 |
15 |
16 |
17 |
18 | src
19 |
20 | src/Examples
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/src/Factories/PasswordExposedCheckerFactory.php:
--------------------------------------------------------------------------------
1 | changeConfig([
23 | 'cacheDirectory' => $this->getCacheDirectory(),
24 | ]);
25 |
26 | return new PasswordExposedChecker(null, $cache);
27 | }
28 |
29 | /**
30 | * Gets the directory to store the cache files.
31 | *
32 | * @return string
33 | */
34 | private function getCacheDirectory()
35 | {
36 | if (function_exists('storage_path')) {
37 | return storage_path('app/password-exposed-cache/');
38 | }
39 |
40 | return sys_get_temp_dir().'/password-exposed-cache/';
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/src/PasswordExposed.php:
--------------------------------------------------------------------------------
1 | instance();
34 | }
35 |
36 | $this->passwordExposedChecker = $passwordExposedChecker;
37 | }
38 |
39 | /**
40 | * Determine if the validation rule passes.
41 | *
42 | * @param string $attribute
43 | * @param mixed $value
44 | *
45 | * @return bool
46 | */
47 | public function passes($attribute, $value)
48 | {
49 | $passwordStatus = $this->passwordExposedChecker->passwordExposed($value);
50 |
51 | return $passwordStatus !== PasswordStatus::EXPOSED;
52 | }
53 |
54 | /**
55 | * Get the validation error message.
56 | *
57 | * @return string
58 | */
59 | public function message()
60 | {
61 | return $this->message;
62 | }
63 |
64 | /**
65 | * Set a custom validation error message.
66 | *
67 | * @param string $customMessage
68 | *
69 | * @return \DivineOmega\LaravelPasswordExposedValidationRule\PasswordExposed
70 | */
71 | public function setMessage($message)
72 | {
73 | $this->message = $message;
74 |
75 | return $this;
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/tests/Unit/PasswordExposedTest.php:
--------------------------------------------------------------------------------
1 | passwordExposed = new PasswordExposed();
13 | }
14 |
15 | /** @test */
16 | public function defaultMessageIsReturned()
17 | {
18 | $message = $this->passwordExposed->message();
19 | $this->assertEquals('The :attribute has been exposed in a data breach.', $message);
20 | }
21 |
22 | /** @test */
23 | public function customMessageCanBeSet()
24 | {
25 | $customMessage = 'Custom message';
26 | $passwordExposedObject = $this->passwordExposed->setMessage($customMessage);
27 | $setMessage = $passwordExposedObject->message();
28 | $this->assertEquals($customMessage, $setMessage);
29 | }
30 |
31 | /** @test */
32 | public function passwordFailsValidation()
33 | {
34 | $password = 'password';
35 | $passed = $this->passwordExposed->passes('password', $password);
36 | $this->assertFalse($passed);
37 | }
38 |
39 | /** @test */
40 | public function passwordPassesValidation()
41 | {
42 | $password = uniqid();
43 | $passed = $this->passwordExposed->passes('password', $password);
44 | $this->assertTrue($passed);
45 | }
46 | }
47 |
--------------------------------------------------------------------------------