terminal42/contao-password-validation
A Contao bundle that validates user passwords against your password policy
Maintainers
Package info
github.com/terminal42/contao-password-validation
Type:contao-bundle
pkg:composer/terminal42/contao-password-validation
Requires
- php: ^8.2
- contao/core-bundle: ^4.13 || ^5.0
- doctrine/dbal: ^3.3
- paragonie/hidden-string: ^1.0
- symfony/config: ^5.0 || ^6.0 || ^7.0
- symfony/dependency-injection: ^5.0 || ^6.0 || ^7.0
- symfony/http-client-contracts: ^3
- symfony/http-foundation: ^5.0 || ^6.0 || ^7.0
- symfony/http-kernel: ^5.0 || ^6.0 || ^7.0
- symfony/password-hasher: ^5.0 || ^6.0 || ^7.0
- symfony/security-core: ^5.0 || ^6.0 || ^7.0
- symfony/string: ^5.0 || ^6.0 || ^7.0
- symfony/translation-contracts: ^3
Requires (Dev)
- contao/manager-plugin: ^2.7
- terminal42/contao-build-tools: dev-main
Suggests
None
Provides
None
Conflicts
None
Replaces
None
README
A Contao bundle that validates user passwords against your password policy.
Features
- Validate a password against your organization policies
- Force members to do a password-change
Installation
Choose the installation method that matches your workflow!
Installation via Contao Manager
Search for terminal42/contao-password-validation in the Contao Manager and add it to your installation. Finally,
update the packages.
Manual installation
Add a composer dependency for this bundle. Therefore, change in the project root and run the following:
composer require terminal42/contao-password-validation
Depending on your environment, the command can differ, i.e. starting with php composer.phar โฆ if you do not have
composer installed globally.
Then, update the database via the Contao install tool.
Configuration
Password validation
Add the following configuration parameters to your app/config/config.yml:
(Skip options that you do not need)
terminal42_password_validation: Contao\FrontendUser: min_length: 10 max_length: 20 require: uppercase: 1 lowercase: 1 numbers: 1 other: 1 other_chars: "+*รง%&/()=?" password_history: 10 change_days: 90 haveibeenpwned: 1 Contao\BackendUser: min_length: 10 haveibeenpwned: 1
| Parameter | Purpose |
|---|---|
password_history: |
Keep track of the latest n passwords, and force the users not to choose one of their recent passwords. |
change_days: |
Ask the user to change their password after certain days. |
haveibeenpwned: |
Check the user password against known data breaches reported to ';--have i been pwned?. The configuration allows you to specify an integer to define the minimum number of data breaches the password needs to occur in to fail password validation. |
Password-change
- Create a "password-change" page and place a password-change module on it. Select this page as password-change page in the page root.
- You can now force members to change their passwords by ticking the corresponding checkbox in the member edit-mask.
Add your own password validator
You can add your own validation rule, e.g. a dictionary check.
Create a class that implements PasswordValidatorInterface. Then, create and tag a corresponding service.
app.password_validation.validator.dictionary:
class: App\PasswordValidation\Validator\Dictionary
tags:
- { name: terminal42_password_validation.validator, alias: dictionary }
License
This bundle is released under the MIT license