https://github.com/derhansen/add_pwd_policy
Additional Password Policy validators for TYPO3 CMS 12.4+
https://github.com/derhansen/add_pwd_policy
password security
Last synced: 2 months ago
JSON representation
Additional Password Policy validators for TYPO3 CMS 12.4+
- Host: GitHub
- URL: https://github.com/derhansen/add_pwd_policy
- Owner: derhansen
- Created: 2023-01-14T13:32:42.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2026-01-03T06:47:54.000Z (6 months ago)
- Last Synced: 2026-03-29T16:59:06.862Z (3 months ago)
- Topics: password, security
- Language: PHP
- Homepage:
- Size: 405 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[](https://packagist.org/packages/derhansen/sf_event_mgt)
[](https://packagist.org/packages/derhansen/add_pwd_policy)
[](https://github.com/derhansen/add_pwd_policy/actions/workflows/CodeQuality.yml)
[](https://www.repostatus.org/#active)
# Additional Password Policy validators for TYPO3 CMS
This extension for TYPO3 CMS contains additional Password Policy validators for
usage in TYPO3 12+ projects. It also adds an event listener for the
`EnrichPasswordValidationContextDataEvent` PSR-14 event, so the context data
used for password validation is extended with the users email-address.
## Included validators
### Pwned Password
#### Description:
This validator ensures, that the given password is not part of a known data
breach on haveibeenpwned.com
#### Options:
* none
#### Usage example
```
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PwnedPasswordValidator::class] = [
'options' => [],
'excludeActions' => [],
];
```
### Does not contain username
#### Description:
This validator ensures, that the given password does not contain the users `username`.
#### Options:
* none
#### Usage example
```
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\NotUsernameValidator::class] = [
'options' => [],
'excludeActions' => [],
];
```
### Password deny list
This validator ensures, that the given password is not part of a configurable
list of denied passwords.
The password file must contain one password for each line.
#### Options:
* `passwordDenylistFilepath` Relative path to password file. EXT: notation is allowed.
#### Usage example
```
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PasswordDenylistValidator::class] = [
'options' => [
'passwordDenylistFilepath' => 'EXT:add_pwd_policy/Resources/Private/Text/password_denylist.txt',
],
'excludeActions' => [],
];
```
### PRs welcome
If you have created a custom password validator, feel free to provide it as
pull request to this repository.
## Credits
### Password file
The included file with top 100.000 popular passwords has been downloaded
from https://github.com/danielmiessler/SecLists