divineomega/symfony-password-exposed-bundle

检查密码是否在数据泄露中暴露的Symfony包

维护者

详细信息

github.com/DivineOmega/symfony-password-exposed-bundle

来源

问题

Wiki

资助包维护!
DivineOmega

安装: 204

依赖者: 0

建议者: 0

安全性: 0

星标: 1

关注者: 4

分支: 0

开放问题: 0

类型:symfony-bundle

1.0.0 2019-06-24 14:52 UTC

Requires

LGPL-3.0-only f2216be20b97a9dec52593faddaa0b0e82b8d8f7

  • Jordan Hall <jordan.woop@hall05.co.uk>
  • Nikita Loges <dev.woop@loges.one>

symfonybundlepasswordpwnedhaveibeenpawndexposed

This package is auto-updated.

Last update: 2024-08-25 06:16:57 UTC

README

此包提供了一个检查密码是否在数据泄露中暴露的Symfony包。它通过divineomega/password_exposed库使用haveibeenpwned.com密码API。

安装

可以使用Composer轻松安装password_exposed symfony包。只需从项目根目录运行以下命令。

composer require divineomega/symfony-password-exposed-bundle

如果您以前从未使用过Composer依赖关系管理器,请访问Composer网站了解如何开始。

配置

您可以使用一些简单的配置来调整此包

password_exposed:
    enable: true // optional; for example disable this in dev env 
    http_client: null // optional; a custom http client
    cache: cache.app // optional; a custom cache
    cache_lifetime: 2592000 // optional; cache lifetime in seconds
    request_factory: null // optional; a custom request factory. see psr-7
    uri_factory: null // optional; a custom uri factory. see psr-7

使用方法

在控制器中

要检查密码是否在数据泄露中暴露,只需将其传递给isExposed方法。

以下是一个控制器的基本使用示例

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use DivineOmega\PasswordExposed\Interfaces\PasswordExposedCheckerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class StandardController extends AbstractController
{

    /** @var PasswordExposedCheckerInterface */
    protected $checker;
    
    /**
     * @param PasswordExposedCheckerInterface $checker
     */
    public function __construct(PasswordExposedCheckerInterface $checker) 
    {
        $this->checker = $checker;
    }
    
    /**
     * @param Request $request
     * @return Response
     */
    public function simpleAction(Request $request): Response
    {
        $password = $request->get('password');
        
        if($this->checker->isExposed($password)) {
            // do something
            // password is exposed
        }
        
        return new Response();
    }
}

作为表单类型的约束

您还可以使用约束在表单类型中使用password_exposed检查器。

<?php

namespace App\Form\Type;

use DivineOmega\PasswordExposed\Symfony\Validator\Constraints\PasswordExposed;
use App\Entity\User;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Component\Form\AbstractType;

/**
 * Class RegisterType
 */
class RegisterType extends AbstractType
{

    /**
     * @inheritdoc
     */
    public function buildForm(FormBuilderInterface $builder, array $options): void
    {
        $builder->add('username', TextType::class, [
            'label'       => 'Username',
            'constraints' => [
                new Assert\NotBlank(),
            ],
        ]);

        $builder->add('plainPassword', PasswordType::class, [
            'label' => 'Password',
            'constraints'     => [
                new Assert\NotBlank(),
                new PasswordExposed(),
            ],
        ]);
    }


    /**
     * @inheritdoc
     */
    public function configureOptions(OptionsResolver $resolver): void
    {
        $resolver->setDefaults([
            'data_class' => User::class,
        ]);
    }
}