This extension for TYPO3 CMS contains additional Password Policy validators for
usage in TYPO3 12+ projects. It also adds an event listener for the
EnrichPasswordValidationContextDataEvent PSR-14 event, so the context data
used for password validation is extended with the users email-address.
This validator ensures, that the given password is not part of a known data breach on haveibeenpwned.com
- none
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PwnedPasswordValidator::class] = [
'options' => [],
'excludeActions' => [],
];
This validator ensures, that the given password does not contain the users username.
- none
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\NotUsernameValidator::class] = [
'options' => [],
'excludeActions' => [],
];
This validator ensures, that the given password is not part of a configurable list of denied passwords.
The password file must contain one password for each line.
passwordDenylistFilepathRelative path to password file. EXT: notation is allowed.
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PasswordDenylistValidator::class] = [
'options' => [
'passwordDenylistFilepath' => 'EXT:add_pwd_policy/Resources/Private/Text/password_denylist.txt',
],
'excludeActions' => [],
];
If you have created a custom password validator, feel free to provide it as pull request to this repository.
The included file with top 100.000 popular passwords has been downloaded from https://github.com/danielmiessler/SecLists