In this article, we will discuss how to make secure user authentication with regex validation. With this validation, we are forcing the user to add the password in a specific format. For example, User forced to add minimum 8 character length with upper/lower characters, digits and special character.
Before continuing, make sure you have ready with followings:
Modification in User Registration Controller
Open the registration controller RegisterController.php which is located in app/Http/Controller/Auth directory. Here modify the password validation rule and add the regex rule in the validator() method.
...
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6|confirmed|regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{6,}$/',
]);
}
...
Here we have added the regex rule to password validation.
regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{6,}$/
The above regex provides the following.
- At least one uppercase, one lowercase letter, one numeric value, one special character and must be more than 6 characters long.
Now, time to update registration form. Open your register.blade.php which are located in resources/views/auth directory and update the following.
...
<div class="form-group row">
<label for="password" class="col-md-4 col-form-label text-md-right">{{ __('Password') }}</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" required>
<p class="text-muted">Your password must be more than 8 characters long, should contain at-least 1 Uppercase, 1 Lowercase, 1 Numeric and 1 special character.</p>
@if ($errors->has('password'))
<span class="invalid-feedback">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
</div>
...
Let’s see our view look like:
Modification in Reset Password Controller
Open the reset password controller ResetPasswordController.php which is located in app/Http/Controller/Auth directory. Here add the rules method in this controller. The rules() method is available in ResetPassword trait. When we apply this rules method in the ResetPasswordController.php. It overrides the default validation rules.
...
protected function rules()
{
return [
'token' => 'required',
'email' => 'required|email',
'password' => 'required|string|min:6|confirmed|regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{6,}$/',
];
}
...
Now, time to update reset password form. Open your reset.blade.php which are located in resources/views/auth/passwords directory and update the following.
...
<div class="form-group row">
<label for="password" class="col-md-4 col-form-label text-md-right">{{ __('Password') }}</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" required>
<p class="text-muted">Your password must be more than 8 characters long, should contain at-least 1 Uppercase, 1 Lowercase, 1 Numeric and 1 special character.</p>
@if ($errors->has('password'))
<span class="invalid-feedback">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
</div>
...
Everythings has done, Now you have a secure password validation on Laravel Authentication.
Please check back our other tutorials. And feel free to add comments for any query.
If you like our content, please consider buying us a coffee.
Thank you for your support!
Buy Me a Coffee