ubient / laravel-pwned-passwords Goto Github PK

Hi there,

First of all, thank you for the package.

I think i found a little bug, when the validation fails it always tells me the password has been found 1 time, because for my test i will not except more. Now i know for sure the password 'Welcome01' has more then 1 security incident.

it seems you're replacing the :min with the configured threshold, probably you want to replace it with the result of $this->gateway->search($value)?

besides, the message doesn't seem to be overwriteable, or translatable. maybe you could move this to a publishable language file?

Howdy 👋🏼

Before submitting a PR to rectify this, is there a reason that you opted not to bump Guzzle inline with the L8 upgrade guide -> https://laravel.com/docs/8.x/upgrade ?

v3.3 appears to still use a v6 version of Guzzle, whereas 8 mandates 7.0.1

Apparently, the combination of PHP 7.2 and the current Guzzle version causes breakage.

See: googleapis/google-api-php-client#1377

After seeing this tweet earlier today, I figured it would be a great idea to have a similar feature for usage in Laravel.

In order to get the library to do what it should do, it should contain the following abilities:

• String-based or Object-based implementation of the Validation rule
• Ability to 'relax' the validation rule by allowing passwords that have been pwned a with a maximum of x-times.