effectix/passwordchecker 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

effectix/passwordchecker

Composer 安装命令:

composer require effectix/passwordchecker

包简介

A Laravel package for robust password strength validation.

README 文档

README

Latest Version on Packagist Total Downloads

This is an opinionated strength check intended for password validation in registration forms. Take a look at contributing.md to see how to do so.

Things taken into account for the scoring:

  • Common Patterns
  • Length
  • Character Variety
  • Entropy of the string (based on Shannon's Entropy formula)

The common patterns verification uses a set of included .txt files with common plain text terms, words and phrases that have already been compromised on earlier breaches. This is the most penalizing factor in the scoring as if your string has a full match with any of these values, you get instant -100 on the score and go into negative territory.

This is done on purpose to prevent users from creating accounts with already known weak passwords that have been distributed in a very common wordlist for pentesting purposes.

The other factors add to the scoring based on their respective weights, so the higher the score, the stronger the password.

⚠ The scoring is still being tweaked and played with so future versions of this package will have a different scoring for sure, but for now, it works as intended.

Installation

Via Composer

composer require effectix/passwordchecker

Configuration

Run artisan vendor:publish --provider="Effectix\PasswordChecker\PasswordCheckerServiceProvider" to publish everything this package offers:

  • Password score Validation rule
  • Locale files for es and en
  • Config file

Alternatively, you can publish the config file only: Run artisan vendor:publish --tag=passwordchecker.config to publish the config file.

Usage

You can apply it as a validation rule like this:

//...
$validated = $this->validate([
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class],
            'password' => ['required', 'string', 'confirmed', new PasswordScoreRule(20)],
        ]);
//...

On your validation logic, call the Effectix\PasswordChecker\Rules\PasswordScoreRule rule class and pass the score threshold you want to enforce on that validation.

If you run artisan vendor:publish --tag=passwordchecker.config you will get a config file where you can manage a default score threshold for all your uses of this rule, without specifying it in each validation usage.

⚠ Explicit score threshold specification takes precedence over the configuration default.

Included Password Strength Bar Livewire component

The livewire component has been tested so far to work with Livewire v3 on a site using a Volt registration form. More tests and use cases to come later.

The score property is reactive, so it might cause some issues in some implementations. Maybe. I'm not totally certain.

So long as you can pass the score to the component you should have no problems. Use it in your registration form like this:

<div class="mt-4">
    <x-input-label for="password" :value="__('Password')"/>

    <input id="password"
           class="border-gray-300 focus:border-indigo-500 focus:ring-indigo-500 rounded-md shadow-sm block mt-1 w-full"
           type="password"
           name="password"
           required
           autocomplete="new-password"
           wire:model.live.debounce.500ms="password"
    />

    <livewire:EffectixPasswordCheckerPasswordStrengthBar :score="$score" />

    <x-input-error :messages="$errors->get('password')" class="mt-2"/>
</div>

Your parent livewire component if you are using volt, should contain something like this:

public int $score = 0;

public function updated($prop): void
{
    if($prop === 'password') {
        $this->score = PasswordScorer::calculate($this->password);
    }
}

This will evaluate the score everytime the debounced update to the password model is hit. The reactive property of the child component will pick up the new score and show the bar accordingly.

Change log

Please see the changelog for more information on what has changed recently.

Testing

composer test

Contributing

Please see contributing.md for details and a todolist.

Security

If you discover any security related issues, please email jlm@effectix.net instead of using the issue tracker.

Credits

License

AGPL. Please see the license file for more information.

effectix/passwordchecker 适用场景与选型建议

effectix/passwordchecker 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 4 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 01 月 24 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「laravel」 「PasswordChecker」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 effectix/passwordchecker 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 effectix/passwordchecker 我们能提供哪些服务?
定制开发 / 二次开发

基于 effectix/passwordchecker 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 4
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 18
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-01-24