How to Prevent User Registration with Insecure Passwords in Laravel 11

programing tips August 05, 2021



When building web applications, ensuring user account security is paramount. One effective way to enhance security is by enforcing strong password policies during user registration. In this guide, we'll show you how to prevent users from registering with insecure passwords in Laravel 11.

Step 1: Install Laravel 11

If you haven't set up a Laravel application yet, you can create one by executing the following command:

composer create-project laravel/laravel example-app

Note: This step is optional if you already have a Laravel application running.

Step 2: Create a Custom Validation Rule

To prevent users from registering with common passwords, we’ll create a custom validation rule. This rule will compare the provided password against a list of known weak passwords.

Create the Custom Rule

Run the following command to create the PreventCommonPassword validation rule:

php artisan make:rule PreventCommonPassword

Update the Validation Rule

Open the newly created file located at app/Rules/PreventCommonPassword.php and update it with the following code:

<?php

namespace App\Rules;

use Closure;
use Illuminate\Contracts\Validation\ValidationRule;

class PreventCommonPassword implements ValidationRule
{
    public function validate(string $attribute, mixed $value, Closure $fail): void
    {
        $commonPasswords = [
            'picture1', 'password', 'password1', '12345678', '111111', 
            '123123', '12345', '1234567890', 'senha', '1234567', 
            'qwerty', 'abc123', 'Million2', 'OOOOOO', '1234', 
            'iloveyou', 'aaron431', 'qqww1122', '123', 'omgpop', 
            '123321', '654321', '123456789', 'qwerty123', '1q2w3e4r', 
            'admin', 'qwertyuiop', '555555', 'lovely', '7777777', 
            'welcome', '888888', 'princess', 'dragon', '123qwe', 
            'sunshine', '666666', 'football', 'monkey', '!@#$%^&*', 
            'charlie', 'aa123456', 'donald',
        ];

        if (in_array($value, $commonPasswords)) {
            $fail('The chosen password is not strong enough. Try again with a more secure string.');
        }
    }
}

Step 3: Create Authentication Scaffolding

Next, we’ll set up authentication scaffolding to handle user registration and login functionality. Run the following commands:

Install Laravel UI Package

composer require laravel/ui

Generate Authentication Scaffolding

php artisan ui bootstrap --auth

Install Dependencies and Build Assets

npm install
npm run build

Step 4: Add the Validation Rule to the Registration Controller

Now, let’s incorporate the PreventCommonPassword rule into the user registration process. Open the RegisterController.php located at app/Http/Controllers/Auth/RegisterController.php and update it as follows:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use App\Rules\PreventCommonPassword;

class RegisterController extends Controller
{
    use RegistersUsers;

    protected $redirectTo = '/home';

    public function __construct()
    {
        $this->middleware('guest');
    }

    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'password' => ['required', 'string', 'min:8', 'confirmed', new PreventCommonPassword],
        ]);
    }

    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => Hash::make($data['password']),
        ]);
    }
}

Step 5: Run Your Laravel Application

With everything set up, you can now run your Laravel application. Execute the following command:

php artisan serve

Now, open your web browser and navigate to:

http://localhost:8000/register

Try registering with a common password, and you will see a validation error message prompting users to choose a more secure password.

Conclusion

By implementing a custom password validation rule, you can significantly enhance the security of user registrations in your Laravel 11 applications. For further improvements, consider integrating additional security measures such as multi-factor authentication or password strength meters. Happy coding!

Post a Comment

0 Comments