Quick Tip Forcing More Complex Passwords in Laravel
With the great Laravel Docs I will quickly show how to “encourage” the user to set a better password.
Going through the standard docs for Authentication we end up with a registration form.
Then in the AuthController that comes with Laravel I modify it a bit.
protected function validator(array $data)
{
$messages = ['password.regex' => "Your password must contain 1 lower case character 1 upper case character one number"];
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:8|regex:/^(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$/',
], $messages);
}
Using the regex
rule seen in the docs http://php.net/manual/en/function.preg-match.php and the Laravel docs I can then set an expression to check for these characters, and I can also set a custom message if it fails.
And with that little bit of work we get an error message to help the user make a better password.
btw this is coming about as I start this Web Security Course and try to consider some of these ideas in my day to day Laravel work.
comments powered by Disqus