README

Extension for the Contao CMS

The extension can be used to check if a user's password has been leaked using the Have I Been Pwned Api. It utilizes the NotCompromisedPassword - Feature by Symfony for doing so. This functionality is automatically triggered after an user logs into the backend.

Installation

Run composer require agonyz/contao-haveibeenpwned-bundle in your CLI to install the extension.

Configuration

# config/config.yml
# Agonyz Contao Have I Been Pwned Bundle
agonyz_contao_have_i_been_pwned:
  user_notice: 'Hello User<br>Your Password was found on a leaked password list<br>Please change your password.' # the notice that should be displayed to the user in the backend

Please remember to always clear the cache after each change in the config.yml.

Disable Notifications

You can disable the notifications for the users in the user settings.

Example

This screenshot shows an example after a user has logged in with a leaked password.