rollerworks/password-strength-bundle
Symfony bundle integrating Rollerworks PasswordStrengthValidator. Adds configurable password strength constraints to Symfony’s Validator component, providing functionality comparable to the original PasswordStrengthBundle. Requires PHP 8.4+ and Symfony 7.4+.
rollerworks/password-strength-validator component, allowing granular control over validation rules (e.g., length, entropy, blacklist checks).@PasswordStrength, @PasswordRequirements), enabling reusable, declarative validation in forms, APIs, and DTOs.Illuminate\Validation\Rules\Password) via custom validation rules.FormRequest or Validator facade to delegate to Symfony’s validator.config/validation.php or environment variables.| Risk Area | Assessment | Mitigation Strategy |
|---|---|---|
| Symfony Dependency | Requires Symfony’s Validator component (not native to Laravel). | Use a lightweight Symfony bridge (e.g., symfony/validator as a Composer dependency). |
| Breaking Changes | v4.0.0 introduced BC breaks in constraint constructors. | Test thoroughly in a staging environment before production rollout. |
| Performance | Additional validation layer may introduce minor overhead. | Benchmark against Laravel’s native Password rule; optimize if critical. |
| Unicode Handling | Some edge cases (e.g., multibyte characters) may need tuning. | Configure mbstring extension and test with non-ASCII passwords. |
| Laravel Ecosystem | No native Laravel packages depend on this bundle (0 dependents). | Build custom Laravel validation rules to abstract Symfony-specific logic. |
| Laravel Component | Integration Strategy |
|---|---|
| Validation | Extend Illuminate\Validation\Rules\Password or create a custom rule wrapping Symfony’s validator. |
| Forms (Livewire/FF) | Use Symfony constraints in Livewire form validation via a custom validator. |
| APIs (Lumen/Symfony) | Directly use Symfony’s validator in Lumen controllers or API Platform. |
| Auth (Breeze/Jetstream) | Override RegistersUsers trait to inject Symfony validation. |
| Testing | Mock Symfony’s validator in Pest/PHPUnit tests or use a test container. |
rules('password', 'min:8')).composer require symfony/validator rollerworks/password-strength-bundle
# config/packages/rollerworks_password_strength.yaml
rollerworks_password_strength:
constraints:
PasswordStrength:
min_length: 12
max_length: 64
min_entropy: 80
// config/validation.php
'password' => [
'rollerworks' => [
'min_length' => 12,
'min_entropy' => 80,
],
],
use Rollerworks\PasswordStrengthValidator\Constraints\PasswordStrength;
use Symfony\Component\Validator\Validator\ValidatorInterface;
class SymfonyPasswordRule extends FormRequest {
protected function validator() {
$validator = app(ValidatorInterface::class);
return Validator::make($this->all(), [
'password' => [
new PasswordStrength([
'minLength' => 12,
'minEntropy' => 80,
]),
],
], [], $validator);
}
}
ValidationException.| Compatibility Check | Status |
|---|---|
| Laravel 10.x | ✅ Compatible (Symfony 7.4+ required; Laravel 10 uses Symfony 7.0+). |
| PHP 8.4 | ✅ Required by bundle (Laravel 10+ supports PHP 8.2+; upgrade needed). |
| Livewire/FF | ✅ Possible via custom validation (see above). |
| Lumen | ✅ Direct Symfony integration possible. |
| Jetstream/Breeze | ⚠️ Requires trait overrides (medium effort). |
| Database Seeders | ✅ No impact (validation is runtime-only). |
| Task | Effort | Notes |
|---|---|---|
| Dependency Updates | Medium | Bundle follows SemVer; Laravel’s Symfony deps may drift. |
| Configuration Drift | Low | Centralized in config/rollerworks_password_strength.yaml. |
| Error Handling | Medium | Symfony errors must be translated to Laravel’s format. |
| Deprecation Warnings | Low | Symfony 7.4+ is stable; minimal risk from deprecations. |
ValidatorInterface::validate() in Tinker for ad-hoc testing.Password rule or zizaco/entrust for ACL-based validation.validator.cache).How can I help you explore Laravel packages today?