PasswordStrength
6.3
The PasswordStrength
constraint was introduced in Symfony 6.3.
Validates that the given password has reached the minimum strength required by the constraint. The strength of the password is not evaluated with a set of predefined rules (include a number, use lowercase and uppercase characters, etc.) but by measuring the entropy of the password based on its length and the number of unique characters used.
Applies to | property or method |
Class | PasswordStrength |
Validator | PasswordStrengthValidator |
Basic Usage
The following constraint ensures that the rawPassword
property of the
User
class reaches the minimum strength required by the constraint.
By default, the minimum required score is 2
.
1 2 3 4 5 6 7 8 9 10
// src/Entity/User.php
namespace App\Entity;
use Symfony\Component\Validator\Constraints as Assert;
class User
{
#[Assert\PasswordStrength]
protected $rawPassword;
}
Available Options
minScore
type: integer
default: PasswordStrength::STRENGTH_MEDIUM
(2
)
The minimum required strength of the password. Available constants are:
PasswordStrength::STRENGTH_WEAK
=1
PasswordStrength::STRENGTH_MEDIUM
=2
PasswordStrength::STRENGTH_STRONG
=3
PasswordStrength::STRENGTH_VERY_STRONG
=4
PasswordStrength::STRENGTH_VERY_WEAK
is available but only used internally
or by a custom password strength estimator.
1 2 3 4 5 6 7 8 9 10 11 12
// src/Entity/User.php
namespace App\Entity;
use Symfony\Component\Validator\Constraints as Assert;
class User
{
#[Assert\PasswordStrength([
'minScore' => PasswordStrength::STRENGTH_VERY_STRONG, // Very strong password required
])]
protected $rawPassword;
}
message
type: string
default: The password strength is too low. Please use a stronger password.
The default message supplied when the password does not reach the minimum required score.
1 2 3 4 5 6 7 8 9 10 11 12
// src/Entity/User.php
namespace App\Entity;
use Symfony\Component\Validator\Constraints as Assert;
class User
{
#[Assert\PasswordStrength([
'message' => 'Your password is too easy to guess. Company\'s security policy requires to use a stronger password.'
])]
protected $rawPassword;
}