agonyz / contao-haveibeenpwned-bundle
This extensions automatically checks the user's password when logging in via the HaveIBeenPwned Api
Installs: 7
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:contao-bundle
pkg:composer/agonyz/contao-haveibeenpwned-bundle
Requires
- php: ^7.4 || ^8.0
- contao/core-bundle: ^4.13
- symfony/config: ^5.4
- symfony/dependency-injection: ^5.4
- symfony/http-kernel: ^5.4
- symfony/validator: ^5.4
Requires (Dev)
- bamarni/composer-bin-plugin: ^1.5
- contao/manager-plugin: ^2.0
- phpunit/phpunit: ^9.5
- symfony/phpunit-bridge: ^6.1
Conflicts
- contao/manager-plugin: <2.0 || >=3.0
This package is auto-updated.
Last update: 2025-09-27 04:40:38 UTC
README
Extension for the Contao CMS
The extension can be used to check if a user's password has been leaked using the Have I Been Pwned Api. It utilizes the NotCompromisedPassword - Feature by Symfony for doing so. This functionality is automatically triggered after an user logs into the backend.
Installation
Run composer require agonyz/contao-haveibeenpwned-bundle in your CLI to install the extension.
Configuration
# config/config.yml # Agonyz Contao Have I Been Pwned Bundle agonyz_contao_have_i_been_pwned: user_notice: 'Hello User<br>Your Password was found on a leaked password list<br>Please change your password.' # the notice that should be displayed to the user in the backend
Please remember to always clear the cache after each change in the config.yml.
Disable Notifications
You can disable the notifications for the users in the user settings.
Example
This screenshot shows an example after a user has logged in with a leaked password.
