[Proposal] Password Complexity Validation Rule.

[SketchNI]

One thing I find myself writing over and over is the ability to accept/reject passwords based on their simplicity/complexity.

My proposal is a validation rule password with the following parameters:

Presets

• complex - Requires a capitalised letter, number and punctuation character.
• relaxed - Required either a capitalised letter, number or punctuation character.
• lax - Requires none of those.

Composites

• capitali(s|z)ed - Requires at least one capitalised character.
• numeric - Requires at least one numeric character.
• punctuation - Requires at least one punctuation character.
• strong_capital(s|z)ed - Requires more than two capitalised characters.
• strong_numeric - Requires more than two numeric characters.
• strong_punctuation - Requires more than two punctuation characters.

I realise this will not be suited to a majority of use-cases but I'm hopeful that in time, this list can be expanded. This is all my currently sleep-deprived brain can think of.

Also note that either spelling of capitalized|capitalised will be accepted. I've already sacrificed my ability to spell colour correctly thanks to CSS. :stuck_out_tongue_winking_eye:

[martinbean]

@SketchNI Nice idea. I think this could be a cool use for a fluently-built validation rule. Something like:

'password' => [
    'required',
    'confirmed',
    Rule::password()
        ->minLength(8)
        ->numbers()
        ->lowercaseLetters()
        ->uppercaseLetters()
        ->specialCharacters(),
],

The numbers() / lowercaseLetters() / uppercaseLetters() / specialCharacters() methods could take a count parameter, specifying the number of each a password needs, i.e. specialCharacters(3).

[SketchNI]

I like your suggestion better. specialCharacters() could take an array of special char.. that's a dumb idea security-wise but the fluent method sounds much better than presets.