Strong Password Regex Validation with Laravel Authentication
Filter

Strong Password Regex Validation with Laravel Authentication

by Souy Soeng /
Share

Strong Password Regex Validation in Laravel Authentication

To enforce strong password validation in Laravel authentication, you can use Laravel's validation rules with a custom regex pattern. A strong password typically includes:

✅ At least one uppercase letter (A-Z)
✅ At least one lowercase letter (a-z)
✅ At least one digit (0-9)
✅ At least one special character (@, #, $, etc.)
✅ Minimum 8 characters in length

Step 1: Modify the Registration Request Validation

Laravel Breeze, Jetstream, or the default authentication setup typically uses Form Requests for validation. Locate the RegisterController or the RegisterRequest class.

If you are using Laravel Breeze, modify the RegisterUserRequest.php file:

📂 app/Http/Requests/Auth/RegisterUserRequest.php

namespace App\Http\Requests\Auth;

use Illuminate\Foundation\Http\FormRequest;

class RegisterUserRequest extends FormRequest
{
    public function rules(): array
    {
        return [
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'password' => [
                'required',
                'string',
                'min:8',  // Minimum 8 characters
                'regex:/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/',
                'confirmed'
            ],
        ];
    }
}

This regex pattern ensures the password contains:

  • At least one lowercase letter
  • At least one uppercase letter
  • At least one digit
  • At least one special character
  • Minimum 8 characters

Step 2: Customize the Validation Error Message

If you want to provide a custom error message for password validation, override the messages() method inside the RegisterUserRequest class:

public function messages()
{
    return [
        'password.regex' => 'The password must contain at least one uppercase letter, one lowercase letter, one number, and one special character.',
    ];
}

Step 3: Test the Registration Form

Try entering different passwords when registering:

password123 (❌ Missing uppercase & special character)
PASSWORD123! (❌ Missing lowercase letter)
Password123! (✅ Strong password)

Step 4: Enforce Validation in app/Providers/FortifyServiceProvider.php (For Laravel Fortify Users)

If you are using Laravel Fortify, update FortifyServiceProvider.php:

📂 app/Providers/FortifyServiceProvider.php

use Illuminate\Support\Facades\Validator;
use Laravel\Fortify\Fortify;

public function boot()
{
    Fortify::register(function ($request) {
        Validator::make($request->all(), [
            'password' => [
                'required',
                'string',
                'min:8',
                'regex:/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/',
                'confirmed'
            ],
        ])->validate();
    });
}

Conclusion

Now your Laravel authentication system enforces a strong password policy using regex validation. This ensures better security for user accounts. 🚀

Would you like to extend this with password strength indicators in the frontend?

Tag
Souy Soeng

Souy Soeng

Our website teaches and reads PHP, Framework Laravel, and how to download Admin template sample source code free. Thank you for being so supportive!

Github

Post a Comment

CAN FEEDBACK
close