Password Validation Rule Object in Laravel 8
A new Password Rule object is coming to Laravel, thanks to the efforts of Nuno Maduro. The Password object has a fluent API for common password requirements as well as compromised passwords:
Coming to @laravelphp: Password Rule Object. 🔒
This rule object allows to easily customise the password complexity requirements. You may also ensure the password has not been compromised in data leaks by using the `uncompromised()` method. 🔥
🔗 https://t.co/eedKLQuZwp. pic.twitter.com/OBEyliQ7gw
— Nuno Maduro (@enunomaduro) April 23, 2021
Originally released in Laravel 5.5, custom validation rule objects offer a fluent alternative to string-based rules. In its simplest form, the
Password rule object replaces string-based validation rules:
// String-based $request->validate([ 'password' => 'required|string|confirmed|min:8', ]); // Using the Password rule object $request->validate([ 'password' => ['required', 'confirmed', Password::min(8)], ]);
In addition to replacing string rules with a fluent password rule object, the custom password rule object includes built-in methods for ensuring strong passwords:
$request->validate([ 'password' => [ 'required', 'confirmed', Password::min(8) ->mixedCase() ->letters() ->numbers() ->symbols() ->uncompromised(), ], ]);
Never write custom regex logic for typical scenarios such as requiring mixed-case, letters, symbols, etc. The cherry on the top is the
uncompromised() method which checks the password against a verification API to see if the password appears in data leaks. The release will ship with a NotPwnedVerifier implementation which uses the Have I Been Pwned API.
In addition to this excellent new custom validation object, Pull Request #36960 contains some good examples of using Laravel to test API calls and validation.
Depending on when Laravel 8.39 gets tagged, this feature might be available at the time of publication Tuesday, April 27th. Keep your eyes peeled for the release of this awesome feature!
Credit: Source link