You Don’t Need a Regex Password Validation in Laravel Anymore

Your Laravel application just got easier to maintain and build with the new Password Validation Rule Object.

Previously, developers had to write complex regular expressions to validate passwords to ensure users create strong passwords. Now, you can validate passwords at any strength level without copying and pasting from stackoverflow for those who hate regex.

For example, to ensure password with eight (8) characters with atleast one uppercase and lowercase letters you can do this:

use Illuminate\Validation\Rules\Password;
use Illuminate\Http\Request;
$request->validate([
    'password' => ['required', Password::min(8)->mixedCase()],
]);

Cool huh!

Other methods include:

letters() // atleast one letter
numbers() // atleast one number
symbols() // atleast one symbol

You can chain other rules due to its “fluency” like this:

//atleast 1 uppercase, 1 lowercase, 
// 1 number and 1 symbol.
Password::min(8)
          ->mixedCase()
          ->numbers()
          ->symbols()
          ->uncompromised();

The uncompromised() rule checks if the password appears in a data leak.

What do you think?

Would it impact performance or would regex be faster?

Leave your comments if you have more insights on these. Thanks

Finally

Before trying to use this feature ensure you run composer update on your old app installations.

Check out the Laravel Documentation on Validating Passwords

Claps and feedbacks would be really appreciated.