Laravel Force User Setup Strong Password

Sovary August 20, 2022 832
3 minutes read

Commonly password are vulnerable for user setup with weak passwords which attacker and exploit hack into their account. To prevent user using very simple/regular passwords like "qwerty" , "123456" , "admin" etc...Laravel have no built in function to check these kind of password but you can validate with regular expression. Another way you can use "unicodeveloper/laravel-password" package which provide easily setup and can prevent user from using weak password.

Force User Setup Strong Account Password

So let's get into the topic and follow the steps below:

  • Step 1 - Install Laravel
  • Step 2 - Install Package
  • Step 3 - Run Migration
  • Step 4 - Create Auth using Scaffold
  • Step 4 - Modify RegisterController
  • Step 5 - Run Larvel Server

NOTE: Well tested in Laravel 9

Step 1 - Install Laravel

First we are going to install Laravel and we need to use database because we need table to store registerd users. To install Laravel project and connect to database you can read this short article.

Step 2 - Install Package

Install the latest package required composer installed and run to following command

composer require unicodeveloper/laravel-password

For those who use Laravel < 5.5 you have to register class in service provider. Open the file and add the following to array providers

Open file app -> config.php

'providers' => [

    ....

    Unicodeveloper\DumbPassword\DumbPasswordServiceProvider::class

]

Step 3 - Run Migration

If you already configure connection to database then run following command to create tables in database.

php artisan migrate

Step 4 - Create Auth using Scaffold

This step we will run following command to create auth scaffold which are login, register page.

Install Laravel UI:

composer require laravel/ui:*

Add Auth Bootstrap UI Scaffold:

php artisan ui bootstrap --auth 

If you don't care how UI formed with bootstrap you may skip the below.

To able run command npm you have to install node.js, in my case I use version v17.4.0, the command will compile css and javascript for layout authentication page. By default Laravel 9 will use vite plugin I will install Laravel mix instead 

Open file package.json you may update following object to install laravel mix

"scripts": {
     "dev": "npm run development",
     "development": "mix"
},

 Then command in terminal

npm install laravel-mix@latest --save-dev

npm install

npm run dev

Step 5 - Modify RegisterController

Next we are going to use validate rule from the package with password validation in RegisterController with function validator(). The rule that we are going to use is dumbpwd

Open file App -> Http -> Controllers -> Auth -> RegisterController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use App\Models\User;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Support\Facades\Validator;

class RegisterController extends Controller
{
    use RegistersUsers;

    protected $redirectTo = RouteServiceProvider::HOME;

    public function __construct()
    {
        $this->middleware('guest');
    }

    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'password' => ['required', 'string', 'min:6', 'confirmed','dumbpwd'],
        ]);
    }

    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => Hash::make($data['password']),
        ]);
    }
}

That's done! if you want to change default message "This password is just too common. Please try another!" . You can customized error message in file below. Modified and add an array below.

Open file lang -> en -> validation.php

'dumbpwd' => 'You are using a weak password'

Step 6 - Run Larvel Server

Now we are going to test the application, we are using following command to start server.

php artisan serve

Open your browser naviaged to URL http://localhost:8000/register and try to register with common password which easily to guess.

laravel password too common

You might Also Like:

Laravel  PHP  Laravel 9 
Author

As the founder and passionate educator behind this platform, I’m dedicated to sharing practical knowledge in programming to help you grow. Whether you’re a beginner exploring Machine Learning, PHP, Laravel, Python, Java, or Android Development, you’ll find tutorials here that are simple, accessible, and easy to understand. My mission is to make learning enjoyable and effective for everyone. Dive in, start learning, and don’t forget to follow along for more tips and insights!. Follow him