Password Details Strength Validator

Latest Stable Version Latest Unstable Version Total Downloads Monthly Downloads Daily Downloads
Thankful to Krajee!
to get more out of us.

NOTE: This extension depends on the kartik-v/yii2-krajee-base extension which in turn depends on the yiisoft/yii2-bootstrap extension. Check the composer.json for this extension's requirements and dependencies that may be updated by composer.

StrengthValidator is a password strength validator for your model attributes. The strength validator allows you to configure the following parameters for validating passwords or strings.

  1. Whether password contains the username
  2. Whether password contains an email string
  3. Minimum number of characters
  4. Maximum number of characters
  5. Minimum number of lower space characters
  6. Minimum number of upper space characters
  7. Minimum number of numeric / digit characters
  8. Minimum number of special characters

Other features:

  1. Includes 5 presets (simple, normal, fair, medium, and strong). Instead of setting each parameter above, you can call a preset which will auto-set each of the parameters above.
  2. It includes both server and client validation.
  3. This can work with the PasswordInput widget (described next) as per your needs. The strength validation routines for both are a bit different. The PasswordInput widget focuses on displaying the strength only, and does not restrict the user input in any way.
NOTE: The StrengthValidator does not validate if the password field is required. You need to use Yii's required rule for this.

The model validation rule settings for using StrengthValidator to validate an attribute are:
  • hasUser: boolean, check whether attribute contains the username field

  • userAttribute: string, name of the username attribute field. Defaults to username. This will be used to check whether username is contained in the attribute.

  • usernameValue: string, the value of the username to cross check for hasUser rule. This will override the userAttribute setting if this is set.

  • hasEmail: boolean, check whether password contains an email pattern

  • min: int, minimum number of characters. If not set, defaults to 4.

  • max: int, maximum length. If not set, it means no maximum length limit.

  • length: int, specifies the exact length that the value should be of

  • allowSpaces: bool, whether to allow spaces in the input (defaults to false)

  • lower: int, minimal number of lower case characters (defaults to 2)

  • upper: int, minimal number of upper case characters (defaults to 2)

  • digit: int, minimal number of numeric / digit characters (defaults to 2)

  • special: int, minimal number of special characters (defaults to 2)

  • preset: string, one of the preset settings (refer presets section). If this is not null, the preset parameters will override the validator level params

  • presetsSource: string, presets configuration PHP source file with a readable path. Defaults to presets.php in the current directory

  • encoding: string, the encoding of the string value to be validated (e.g. 'UTF-8'). If this property is not set, \yii\base\Application::charset will be used.

  • i18n: array, the internalization configuration for this validator.

    Defaults to:

    [
        'class' => 'yii\i18n\PhpMessageSource',
        'basePath' => '@kvpwdstrength/messages',
        'forceTranslation' => true
    ]
    

    Note:

    The validator has i18n / translation features enabled. You can edit the kvpwdstrength.php file in the messages folder for your language by submitting a new pull request.

Note

Refer to the messages section for additional message related settings for the validator and the presets section for using and setting up presets.

View a complete demo.

use kartik\password\StrengthValidator;

// Model Rules Setup
public function rules() {
    return [
        [['username', 'password'], 'required'],
        [['password'], StrengthValidator::className(), 'min'=>8, 'digit'=>0, 'special'=>3]
    ];
}

You can pass a preset, instead of setting each rule parameter for strength validation as described in the previous section.There are 5 default presets available in the presets configuration file and summarized below. You can override and create your own presets configuration. Just set the value of presetsSource to a valid path to point to your presets file.

  • StrengthValidator::SIMPLE or simple

  • StrengthValidator::NORMAL or normal

  • StrengthValidator::FAIR or fair

  • StrengthValidator::MEDIUM or medium

  • StrengthValidator::COMPLEX or Complex

NOTE: If you pass a preset, it will override any other settings you may have passed.

Example of using the MEDIUM preset is described below. Try out if each rule is valid in the password input in the form below:

StrengthValidator::MEDIUM => [
    'min' => 10,
    'upper' => 1,
    'lower' => 1,
    'digit' => 2,
    'special' => 1,
    'hasUser' => true,
    'hasEmail' => true
];

View a complete demo.

use kartik\password\StrengthValidator;
// Model Rules Setup
public function rules() {
    return [
        [['username', 'password'], 'required'],
        [['password'], StrengthValidator::className(), 'preset'=>StrengthValidator::MEDIUM]
    ];
}

The `StrengthValidator` displays various validation messages based on the validated rule. Each rule validation parameter contains a validation message which is shown if the rule fails. The message properties available in the validator are:

  • message: string, the user-defined error message used when the value is not a string.

  • minError: user-defined error message used when the length of the value is smaller than min

  • maxError: user-defined error message used when the length of the value is greater than max

  • lengthError: user-defined error message used when the length of the value is not equal to length

  • allowSpacesError: user-defined error message used when allowSpaces is set to false and spaces are found in the input.

  • hasUserError: user-defined error message used when hasUser is true and value contains the username

  • hasEmailError: user-defined error message used when hasEmail is true and value contains an email pattern

  • lowerError: user-defined error message used when value contains less than lower characters

  • upperError: user-defined error message used when value contains less than upper characters

  • digitError: user-defined error message used when value contains less than digit characters

  • specialError: user-defined error message used when value contains less than special characters

NOTE: These variables will be populated automatically within each error message:
  • {attribute}: The label of the attribute being validated

  • {found}: The number of characters found for min, lower, upper, digit, special

  • {required}: The required number of characters as set in these rules

Example of using a custom rule message is described below.

View a complete demo.

use kartik\password\StrengthValidator;
// Model Rules Setup
public function rules() {
    return [
        [['username', 'password'], 'required'],
        [
            ['password'], 
            StrengthValidator::className(), 
            'min' => 5,
            'minError'=>'You entered only {found} characters. Minimum is {required}, dude.'
        ]
    ];
}