Initial Commit

Author: johanrosenson

.gitattributes

@@ -0,0 +1,2 @@
+/.gitignore     export-ignore
+/.gitattributes export-ignore

.gitignore

@@ -0,0 +1,2 @@
+/vendor
+composer.lock

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) Johan Rosenson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,71 @@
+<p align="center">
+    <a href="https://packagist.org/packages/devlop/secure-password-rule"><img src="https://img.shields.io/packagist/v/devlop/secure-password-rule" alt="Latest Stable Version"></a>
+    <a href="https://github.com/devlop-ab/secure-password-rule/blob/master/LICENSE.md"><img src="https://img.shields.io/packagist/l/devlop/secure-password-rule" alt="License"></a>
+</p>
+
+# SecurePasswordRule
+
+An extendable password validation rule for Laravel to make it easy to have the same password requirements across the whole system.
+
+The initial settings are very permissive and pretty much only checks the length of the password, see ```Configuration``` for how to
+change it for your needs.
+
+# Installation
+
+```composer require devlop/secure-password-rule```
+
+# Usage
+
+Add it to the ```rules``` of a ```FormRequest```
+
+```
+<?php
+
+namespace App\Http\Requests;
+
+use Devlop\SecurePasswordRule\SecurePasswordRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class ChangePasswordRequest extends FormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'new_password' => [
+                'required',
+                'string',
+                new SecurePasswordRule,
+            ],
+        ];
+    }
+}
+```
+
+# Configuration
+
+The class is open for extension and does not accept any arguments when instantiating since that would open the possibility of
+ending up with different password requirements in different parts of your system.
+
+The recommended way is to create your own sub class of SecurePasswordRule and change the parameters you wish to change, and then
+reference that sub class instead in your FormRequests.
+
+```
+<?php
+
+namespace App\Rules;
+
+use Devlop\SecurePasswordRule\SecurePasswordRule as BaseSecurePasswordRule;
+
+class SecurePasswordRule extends BaseSecurePasswordRule
+{
+    /**
+     * Require the use of X special characters
+     */
+    protected int $requireSpecial = 10;
+}
+```

composer.json

@@ -0,0 +1,22 @@
+{
+    "name": "devlop/secure-password-rule",
+    "description": "Extendable SecurePassword rule for Laravel",
+    "type": "library",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Johan Rosenson",
+            "email": "johan@devlop.se"
+        }
+    ],
+    "require": {
+        "php": "^7.4|^8.0",
+        "laravel/framework": "^7.0|^8.0",
+        "roave/dont": "^1.1"
+    },
+    "autoload": {
+        "psr-4": {
+            "Devlop\\SecurePasswordRule\\": "src/"
+        }
+    }
+}

src/SecurePasswordRule.php

@@ -0,0 +1,223 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Devlop\SecurePasswordRule;
+
+use Dont\JustDont;
+use Illuminate\Contracts\Validation\Rule;
+
+class SecurePasswordRule implements Rule
+{
+    use JustDont;
+
+    /**
+     * The minimum length
+     */
+    protected int $minLength = 6;
+
+    /**
+     * Require the use of at least X letters
+     */
+    protected int $minLetters = 0;
+
+    /**
+     * Require the use of at least X lowercase letters
+     */
+    protected int $minLowercaseLetters = 0;
+
+    /**
+     * Require the use of at least X uppercase letters
+     */
+    protected int $minUppercaseLetters = 0;
+
+    /**
+     * Require the use of at least X numbers
+     */
+    protected int $minNumbers = 0;
+
+    /**
+     * Require the use of at least X special characters
+     */
+    protected int $minSpecial = 0;
+
+    /**
+     * No more than X of consecutive whitespace characters (null to disable check)
+     */
+    protected ?int $maxConsecutiveWhitespace = 2;
+
+    /**
+     * No more than X of consecutive identical characters (null to disable check)
+     */
+    protected ?int $maxConsecutiveIdentical = null;
+
+    /**
+     * The errors for the password being tested
+     *
+     * @var array<string>
+     */
+    protected array $errors = [];
+
+    /**
+     * Create a new rule instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Determine if the validation rule passes.
+     *
+     * @param  string  $attribute
+     * @param  mixed  $value
+     * @return bool
+     */
+    public function passes($attribute, $value) : bool
+    {
+        if (mb_strlen($value) < $this->minLength) {
+            // must be of a minimum length
+            $this->errors[] = $this->minLengthMessage(
+                'The password must be at least :min characters.',
+            );
+        }
+
+        if (preg_match_all('/\p{L}/', $value) < $this->minLetters) {
+            $this->errors[] = $this->minLettersMessage(
+                'The password must contain letters.|The password must contain at least :min letters.',
+            );
+        }
+
+        if (preg_match_all('/\p{Ll}/', $value) < $this->minLowercaseLetters) {
+            $this->errors[] = $this->minLowercaseLettersMessage(
+                'The password must contain lowercase letters.|The password must contain at least :min lowercase letters.',
+            );
+        }
+
+        if (preg_match_all('/\p{Lu}/', $value) < $this->minUppercaseLetters) {
+            $this->errors[] = $this->minUppercaseLettersMessage(
+                'The password must contain uppercase letters.|The password must contain at least :min uppercase letters.',
+            );
+        }
+
+        if (preg_match_all('/\p{N}/', $value) < $this->minNumbers) {
+            $this->errors[] = $this->minNumbersMessage(
+                'The password must contain numbers.|The password must contain at least :min numbers.',
+            );
+        }
+
+        if (preg_match_all('/[^\p{L}\p{N}]/', $value) < $this->minSpecial) {
+            $this->errors[] = $this->minSpecialMessage(
+                'The password must contain special characters.|The password must contain at least :min special characters.',
+            );
+        }
+
+        // TODO: add check disallowing whitespace totally
+
+        if ($this->maxConsecutiveWhitespace !== null && preg_match('/\s{' . max(0, $this->maxConsecutiveWhitespace) . ',}/', $value) === 1) {
+            $this->errors[] = $this->maxConsecutiveWhitespaceMessage(
+                'The password can not contain more than :max consecutive space.|The password can not contain more than :max consecutive spaces.',
+            );
+        }
+
+        if ($this->maxConsecutiveIdentical !== null && preg_match('/(.)\1{' . max(0, $this->maxConsecutiveIdentical) . ',}/', $value) === 1)   {
+            $this->errors[] = $this->maxConsecutiveIdenticalMessage(
+                'The password can not contain more than :max consecutive identical character.|The password can not contain more than :max consecutive identical characters.',
+            );
+        }
+
+        return count($this->errors) === 0;
+    }
+
+    /**
+     * Get the validation error message.
+     */
+    public function message() : string
+    {
+        return __('The password is not good enough: :error', [
+            'error' => $this->errors[0] ?? '',
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $minLength
+     */
+    protected function minLengthMessage(string $default) : string
+    {
+        return trans_choice($default, $this->minLetters, [
+            'min' => $this->minLetters,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $minLetters
+     */
+    protected function minLettersMessage(string $default) : string
+    {
+        return trans_choice($default, $this->minLetters, [
+            'min' => $this->minLetters,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $minLowercaseLetters
+     */
+    protected function minLowercaseLettersMessage(string $default) : string
+    {
+        return trans_choice($default, $this->minLowercaseLetters, [
+            'min' => $this->minLowercaseLetters,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $minUppercaseLetters
+     */
+    protected function minUppercaseLettersMessage(string $default) : string
+    {
+        return trans_choice($default, $this->minUppercaseLetters, [
+            'min' => $this->minUppercaseLetters,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $minNumbers
+     */
+    protected function minNumbersMessage(string $default) : string
+    {
+        return trans_choice($default, $this->minNumbers, [
+            'min' => $this->minNumbers,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $minSpecial
+     */
+    protected function minSpecialMessage(string $default) : string
+    {
+        return trans_choice($default, $this->minSpecial, [
+            'min' => $this->minSpecial,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $maxConsecutiveWhitespaceMessage
+     */
+    protected function maxConsecutiveWhitespaceMessage(string $default) : string
+    {
+        return trans_choice($default, $this->maxConsecutiveWhitespace, [
+            'max' => $this->maxConsecutiveWhitespace,
+        ]);
+    }
+
+    /**
+     * Get the validation error message for $maxConsecutiveIdentical
+     */
+    protected function maxConsecutiveIdenticalMessage(string $default) : string
+    {
+        return trans_choice($default, $this->maxConsecutiveIdentical, [
+            'max' => $this->maxConsecutiveIdentical,
+        ]);
+    }
+}