Defining Default Password Validation Rules in Laravel

Tutorials

May 19th, 2021

default-password-validation-featured.png

In Laravel 8.43, the Password Validation Rule Object now supports the ability to define default password rules you can use across your application.

The ability to define default password rules means that you can centralize the expected validation behavior for a password by defining them in a service provider (i.e., AppServiceProvider)

1use Illuminate\Validation\Rules\Password;
2
3/**
4 * Bootstrap any application services.
5 *
6 * @return void
7 */
8public function boot()
9{
10 Password::defaults(function () {
11 return Password::min(8)
12 ->mixedCase()
13 ->uncompromised();
14 });
15}

Defaults are stored, and you can retrieve them later on in a validator with the Password::defaults() method:

1use Illuminate\Validation\Rules\Password;
2
3$request->validate([
4 'password' => ['required', Password::defaults()],
5]);

The Password validation rule introduces convenient password conventions designed to enforce strong passwords, including checking if the password was compromised in known data leaks.

To learn more about this feature, check out the documentation on Defining Default Password Rules. See Validating Passwords for usage details on rules provided by the password validation object.

Filed in:

Paul Redmond

Full stack web developer. Author of Lumen Programming Guide and Docker for PHP Developers.