Skip to content
This repository was archived by the owner on Apr 23, 2021. It is now read-only.

Commit 2a3a991

Browse files
claudiodekkerclaudiodekker
authored
Add README.md, CHANGELOG.md & CONTRIBUTING.md (#4)
1 parent 788e280 commit 2a3a991

File tree

3 files changed

+152
-0
lines changed

3 files changed

+152
-0
lines changed

CHANGELOG.md

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# Changelog
2+
3+
All notable changes to `ubient/laravel-pwned-passwords` will be documented in this file
4+
5+
## 1.0.0 - 2018-10-08
6+
7+
- Initial release

CONTRIBUTING.md

+55
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
# Contributing
2+
3+
Contributions are **welcome** and will be fully **credited**.
4+
5+
Please read and understand the contribution guide before creating an issue or pull request.
6+
7+
## Etiquette
8+
9+
This project is open source, and as such, the maintainers give their free time to build and maintain the source code
10+
held within. They make the code freely available in the hope that it will be of use to other developers. It would be
11+
extremely unfair for them to suffer abuse or anger for their hard work.
12+
13+
Please be considerate towards maintainers when raising issues or presenting pull requests. Let's show the
14+
world that developers are civilized and selfless people.
15+
16+
It's the duty of the maintainer to ensure that all submissions to the project are of sufficient
17+
quality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used.
18+
19+
## Viability
20+
21+
When requesting or submitting new features, first consider whether it might be useful to others. Open
22+
source projects are used by many developers, who may have entirely different needs to your own. Think about
23+
whether or not your feature is likely to be used by other users of the project.
24+
25+
## Procedure
26+
27+
Before filing an issue:
28+
29+
- Attempt to replicate the problem, to ensure that it wasn't a coincidental incident.
30+
- Check to make sure your feature suggestion isn't already present within the project.
31+
- Check the pull requests tab to ensure that the bug doesn't have a fix in progress.
32+
- Check the pull requests tab to ensure that the feature isn't already in progress.
33+
34+
Before submitting a pull request:
35+
36+
- Check the codebase to ensure that your feature doesn't already exist.
37+
- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
38+
39+
## Requirements
40+
41+
If the project maintainer has any additional requirements, you will find them listed here.
42+
43+
- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer).
44+
45+
- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
46+
47+
- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date.
48+
49+
- **Consider our release cycle** - We try to follow [SemVer v2.0.0](http://semver.org/). Randomly breaking public APIs is not an option.
50+
51+
- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
52+
53+
- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](http://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting.
54+
55+
**Happy coding**!

README.md

+90
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
# Pwned Passwords
2+
3+
[![Latest Version](https://img.shields.io/github/release/ubient/laravel-pwned-passwords.svg?style=flat-square)](https://github.com/ubient/laravel-pwned-passwords/releases)
4+
[![Build Status](https://img.shields.io/travis/ubient/laravel-pwned-passwords/master.svg?style=flat-square)](https://travis-ci.org/ubient/laravel-pwned-passwords)
5+
[![Quality Score](https://img.shields.io/scrutinizer/g/ubient/laravel-pwned-passwords.svg?style=flat-square)](https://scrutinizer-ci.com/g/ubient/laravel-pwned-passwords)
6+
[![StyleCI](https://styleci.io/repos/151966705/shield)](https://styleci.io/repos/151966705)
7+
[![Total Downloads](https://img.shields.io/packagist/dt/ubient/laravel-pwned-passwords.svg?style=flat-square)](https://packagist.org/packages/ubient/laravel-pwned-passwords)
8+
9+
This package provides a Laravel validation rule that can be used to check a password
10+
against TroyHunt's [Pwned Passwords (haveibeenpwned.com)](https://haveibeenpwned.com/Passwords),
11+
a database containing 517,238,891 real world passwords previously exposed in data breaches.
12+
13+
By using this validation rule, you can prevent re-use of passwords that are unsuitable for ongoing usage,
14+
resulting in a more secure application, as your users will have a much lower risk of having their accounts taken over.
15+
16+
##### How it works
17+
18+
In order to protect the value of the source password being searched for, Pwned Passwords implements a [k-Anonymity model](https://en.wikipedia.org/wiki/K-anonymity) that allows a password to be searched for by partial hash.
19+
This works by hashing the source password with SHA-1, and only sending the first 5 characters of that hash to the API.
20+
By checking whether the rest of the SHA-1 hash occurs within the output, we can verify both whether the password was pwned previously, and how frequently.
21+
22+
### Usage
23+
24+
Here's a few short examples of what you can do:
25+
26+
```php
27+
/**
28+
* Get a validator for an incoming registration request.
29+
*
30+
* @param array $data
31+
* @return \Illuminate\Contracts\Validation\Validator
32+
*/
33+
protected function validator(array $data)
34+
{
35+
return Validator::make($data, [
36+
'name' => 'required|string|max:255',
37+
'email' => 'required|string|email|max:255|unique:users',
38+
'password' => 'required|string|min:6|confirmed|pwned',
39+
]);
40+
}
41+
```
42+
43+
You can also relax the rule, allowing passwords that have been pwned multiple times.
44+
In the example below, passwords that have been pwned between 0 and 4 times are allowed:
45+
46+
```php
47+
$request->validate([
48+
'password' => 'required|string|min:6|confirmed|pwned:5',
49+
]);
50+
```
51+
52+
Of course, you can also use a Rule object instead:
53+
54+
```php
55+
use Ubient\PwnedPasswords\Rules\Pwned;
56+
57+
$request->validate([
58+
'password' => ['required', 'string', 'min:6', 'confirmed', new Pwned(5)],
59+
]);
60+
```
61+
62+
## Installation
63+
64+
You can install the package via composer:
65+
66+
```bash
67+
composer require ubient/laravel-pwned-passwords
68+
```
69+
70+
### Testing
71+
72+
``` bash
73+
composer test
74+
```
75+
76+
### Changelog
77+
78+
Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.
79+
80+
## Contributing
81+
82+
Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
83+
84+
### Security
85+
86+
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
87+
88+
## License
89+
90+
The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

0 commit comments

Comments
 (0)