r4v/laravel-registration-validator

Solid credential validation for Laravel.

Maintainers

Details

github.com/r4v/laravel-registration-validator

Source

Issues

Installs: 6

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 1

Open Issues: 0

v2.0.0 2020-09-13 17:28 UTC

Requires

Requires (Dev)

MIT 6f0af949ec63c619f52a4987aeb2013e46c36160

emailregistrationvalidationusernamelaravelunicodecredentialshomoglyphs

This package is auto-updated.

Last update: 2025-03-14 04:29:33 UTC

README

Solid credential validation for Laravel >= 7.x

This is fork from photogabble/laravel-registration-validator that hasn't been maintained for 3 years.

Main goal is to mitigate potential issues caused by Unicode homoglyphs

a homoglyph is one of two or more graphemes, characters, or glyphs with shapes that appear identical or very similar

Here is a utility to play with these confusable homoglyphs. The Unicode Consortium published list of this confusable

Build Status Latest Stable Version License

About this package

An all-Latin username containing confusables is probably fine, and an all-Cyrillic username containing confusables is probably fine, but a username containing mostly Latin plus one Cyrillic code point which happens to be confusable with a Latin one… is not. - James Bennet

I began writing this package soon after reading the above quote from this article by James Bennett on registration credential validation that referenced how Django’s auth system validates new users credentials.

In addition to unicode confusables validation this package also includes a PHP port of the reserved name validation that Django's auth system uses.

This is project built for use with Laravel versions >= 7.x and PHP >= 7.1.

Install

Install this library with composer: composer require r4v/laravel-registration-validator.

Usage

This package provides three validators: not-reserved-name, not-confusable-string and not-confusable-email.

Not Reserved Name Validator

This validator checks the input to ensure it does not contain any strings listed within config key registration-validation.reserved_list. To extend this list use the php artisan vendor:publish command to copy this config to your project.

Not Confusable String Validator

This validator checks the input using the photogabble/php-confusable-homoglyphs to ensure it does not contain any confusable unicode characters.

Not Confusable Email Validator

This validator does not validate that the input is a valid email address, instead it validates that a string containing an @ does not contain any confusable unicode characters for each part either side of the @ symbol.