Laravel Password Validation Rule

Laravel password validation rule

I have had a similar scenario in Laravel and solved it in the following way.

The password contains characters from at least three of the following five categories:

English uppercase characters (A – Z)
English lowercase characters (a – z)
Base 10 digits (0 – 9)
Non-alphanumeric (For example: !, $, #, or %)
Unicode characters

First, we need to create a regular expression and validate it.

Your regular expression would look like this:

^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$

I have tested and validated it on this site. Yet, perform your own in your own manner and adjust accordingly. This is only an example of regex, you can manipulate the way you want.

So your final Laravel regex rule should be like this:

'password' => [
    'required',
    'min:6',
    'regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$/',
    'confirmed'
]

Note:

I have tested and validated it on both the regular expression site and a Laravel 5 test environment, and it works.
I have used min:6, this is optional, but it is always a good practice to have a security policy that reflects different aspects, one of which is minimum password length.
I suggest you to use password confirmed to ensure user typing correct password.
Within the 6 characters, our regex should contain at least 3 of a-z or A-Z and number and special character.
Always test your code in a test environment before moving to production.
What I have done in this answer is just example of regex password

Regarding your custom validation message for the regex rule in Laravel, here are a few links to look at:

Laravel Validation custom message
Custom validation message for regex rule in Laravel?
Laravel custom validation messages

Strong passwords validation laravel

Use the principle of contrast:

^
(?=[^a-z]*[a-z]) # ensure one lower case letter
(?=[^A-Z]*[A-Z]) # ensure one upper case letter
(?=\D*\d)        # ensure a digit
(?=[^!@?]*[!@?]) # special chars
.{10,}           # at least 10 characters long
$

You can extend the special char section, of course.

See a demo on regex101.com.

Validating Password rules with a custom error message

According to this comment in the original pull request, you can't do this in code, and have to use the JSON localization files.

So check the validation class for the default text and then in resources/lang/ar.json add a translation for it, like so:

{
  "The :attribute must contain at least one letter.": ":attribute يجب أن يحتوي على الأقل حرف واحد.",
  "The :attribute must contain at least one uppercase and one lowercase letter.": ":attribute يجب أن يحتوي على الأقل حرف كبير واحد وحرف صغير واحد.",
  "The :attribute must contain at least one number.": ":attribute يجب أن يحتوي على الأقل رقم واحد.",
  "The :attribute must contain at least one symbol.": ":attribute يجب أن يحتوي على الأقل رمز واحد."  
}

The length message uses the standard one found in resources/lang/ar/validation.php:

<?php
return [
  "min" => [
    "string" => "يجب أن يكون طول نص حقل :attribute على الأقل :min حروفٍ/حرفًا.",
  ],
];

Or it can be declared in your code above.

$messages = [
    'password.required'  => 'يجب ادخال كلمة المرور',
    'password.confirmed' => 'كلمة المرور غير متطابقة',
    'password.min' => 'whatever',
];

Note there are packages such as Laravel Lang that can do all these translations for you.

Laravel Password & Password_Confirmation Validation

You can use the confirmed validation rule.

$this->validate($request, [
    'name' => 'required|min:3|max:50',
    'email' => 'email',
    'vat_number' => 'max:13',
    'password' => 'required|confirmed|min:6',
]);

Laravel Validation of password failed, when it must be ok. Why?

The password validation rule checks the field under validation against the current authenticated user's password. So you shouldn't use it if you want to check only it's length. If you want more specific validation rules, you can use regex. For example, this rule checks if the given password contains at least one small letter, one capital letter and a digit and it's length shouldn't be less than 8:

'password' => 'required|min:8|regex:#(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])#'

Laravel Password Validation Rule