Supercharging User Password input in Laravel
Websites are easily hacked when a weak and commonly use password is used by the user, and if they fall victim to an attack, the users will attribute this to your website as not been secured meanwhile, they are the ones that shoot themselves in the leg.
Without much ado, let quickly look at how we can prevent users from using common words and numbers as password e.g. 12345, password etc.
Laravel has many authentications packages, but we are going to use Laravel breeze for practical, mind you this trick works with any of the Laravel authentication packages.
Create a new Laravel project, or use the existing one
Let visit laravel documentation to install the breeze package.
By now you are done setting up your breeze, let dive into the business of the day.
Let create a rule file using this artisan command
php artisan make:rule RejectCommonPassword
This file can found on the app/Rules.
<?phpnamespace App\Rules;use Illuminate\Contracts\Validation\Rule;class RejectCommonPassword implements Rule{/*** Create a new rule instance.** @return void*/public function __construct(){//}/*** Determine if the validation rule passes.** @param string $attribute* @param mixed $value* @return bool*/public function passes($attribute, $value){return !in_array($value, [ '12345', '123456789', 'Password', 'abc123']);}/*** Get the validation error message.** @return string*/public function message(){return 'Use a stronger password';}}
If you are using breeze package to follow this tutorial, go to app/HTTP/Controllers/Auth/RegisteredUserController.php and add the validation rule class to the password array.
$request->validate(['name' => 'required|string|max:255','email' => 'required|string|email|max:255|unique:users','password' => ['required', 'confirmed', Rules\Password::defaults(), new RejectCommonPassword()],]);
Now let go test this in the browser and see the outcome
Note that this is not a replacement for the Password::uncompromised() method in Laravel, incase you need to get rid of a third party, you can bet on this.
Conclusion
With this implemented hackers will find it using the common used passwords to manipulate our users account.
Thanks for reading.
