jord-jd/laravel-password-exposed-validation-rule

Laravel validation rule that checks if a password has been exposed in a data breach

Maintainers

👁 Jord-JD

Package info

github.com/Jord-JD/laravel-password-exposed-validation-rule

pkg:composer/jord-jd/laravel-password-exposed-validation-rule

Fund package maintenance!

DivineOmega

Statistics

Installs: 436

Dependents: 0

Suggesters: 0

Stars: 89

Open Issues: 0

v6.0.0 2026-02-16 09:35 UTC

Requires

Requires (Dev)

Suggests

None

Provides

None

Conflicts

None

LGPL-3.0-only 433a17acf18b6fb2eb8c982a22e535919397b064

  • Jordan Hall <jordan.woop@hall05.co.uk>

README

This package provides a Laravel validation rule that checks if a password has been exposed in a data breach. It uses the haveibeenpwned.com passwords API via the jord-jd/password_exposed library.

// composer require jord-jd/laravel-password-exposed-validation-rule

use JordJD\LaravelPasswordExposedValidationRule\PasswordNotExposed;

$request->validate([
 'password' => ['required', new PasswordNotExposed()],
]);

Compatibility

  • PHP: 7.4+ and 8.x
  • Laravel: 8.x through 12.x

Installation

To install, just run the following Composer command.

composer require jord-jd/laravel-password-exposed-validation-rule

Please note that this package requires Laravel 8.0 or above.

Usage

The following code snippet shows an example of how to use the password exposed validation rule.

use JordJD\LaravelPasswordExposedValidationRule\PasswordNotExposed;

$request->validate([
 'password' => ['required', new PasswordNotExposed()],
]);

If you wish, you can also set a custom validation message, as shown below.

use JordJD\LaravelPasswordExposedValidationRule\PasswordNotExposed;

$request->validate([
 'password' => ['required', (new PasswordNotExposed())->setMessage('This password is not secure.')],
]);

Backward Compatibility

PasswordExposed remains available as a backwards-compatible alias for PasswordNotExposed.

Testing / Mocking

If you need deterministic tests, you can inject a checker directly or use a resolver.

use JordJD\LaravelPasswordExposedValidationRule\PasswordNotExposed;
use JordJD\PasswordExposed\Interfaces\PasswordExposedCheckerInterface;

$fakeChecker = new class implements PasswordExposedCheckerInterface {
 // Implement interface methods for your test scenario...
};

PasswordNotExposed::resolvePasswordExposedCheckerUsing(function () use ($fakeChecker) {
 return $fakeChecker;
});