Skip to content

Security

Jump to bottom
Pieter Hordijk edited this page Jan 1, 2019 · 2 revisions

TOC

NotPwnedPassword

Validates the input (string) against the list of pwned passwords of the HIBP service. If the number of hits exceeds the threshold (int)this validator will fail.

Version information

Available since: 1.0.0

Usage

<?php declare(strict_types);

use Amp\Artax\DefaultClient;
use Amp\Redis\Client;
use HarmonyIO\Cache\Provider\Redis;
use HarmonyIO\HttpClient\Client\ArtaxClient;
use HarmonyIO\Validation\Rule\Security\NotPwnedPassword;

$httpClient = new ArtaxClient(new DefaultClient(), new Redis(new Client('tcp://127.0.0.1:6379')));

(new NotPwnedPassword($httpClient, 6))->validate('password');

Note: the HIBP results are cached for 1 hour.

Failure reasons

  • Type.String when the validated value is not a string
  • Security.NotPwnedPassword when the validated value has been mentioned in the HIBP database more than threshold number of times
Clone this wiki locally