Quick Tip Forcing More Complex Passwords in Laravel

Posted: 2015-10-21 20:10:35

With the great Laravel Docs I will quickly show how to "encourage" the user to set a better password.

Going through the standard docs for Authentication we end up with a registration form.

Then in the AuthController that comes with Laravel I modify it a bit.

    protected function validator(array $data)
    {
        $messages = ['password.regex' => "Your password must contain 1 lower case character 1 upper case character one number"];
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|confirmed|min:8|regex:/^(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$/',
        ], $messages);
    }

Using the regex rule seen in the docs http://php.net/manual/en/function.preg-match.php and the Laravel docs I can then set an expression to check for these characters, and I can also set a custom message if it fails.

And with that little bit of work we get an error message to help the user make a better password.

https://dl.dropboxusercontent.com/s/y9jloa191jwryfg/regex_error.png?dl=0

btw this is coming about as I start this Web Security Course and try to consider some of these ideas in my day to day Laravel work.