My app is built in Laravel 6. I have my users register for an account, where they provide a name, email address, confirm email, password, confirm password, checkbox for T&C's agreement, then submit.
The thing is I require an 8 char password that must include a number, an upper case alpha, a lower case alpha and a symbol, by forcing input to pass this REGEX pattern: regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%&~@^*()-_=+<>]).*$/. If they try to register and don't get this requirement right, they are told so and have to correct the password format to match. However, if at this 2nd stage of password correction, they get it wrong again, it is accepted with only the string length requirement enforced and they get to register, but now have a non-conforming password.
Here's my validator in my RegisterController.php
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|confirmed|unique:users',
'password' => 'required|string|min:8|regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%&~@^*()-_=+<>]).*$/|confirmed',
'terms' => 'required',
]);
}
This function is called and the input is checked in my register() method in the same controller
public function register(Request $request)
{
$redirectTo = '/admin/home';
$this->validator($request->all())->validate();
...
If I add dd($this->validator($request->all())); in order to see the payload, this is what shows on the second correction attempt:
^ Illuminate\Validation\Validator {#1854 ▼
#translator: Illuminate\Translation\Translator {#235 ▶}
#container: Illuminate\Foundation\Application {#2 ▶}
#presenceVerifier: Illuminate\Validation\DatabasePresenceVerifier {#236 ▼
#db: Illuminate\Database\DatabaseManager {#43 ▼
#app: Illuminate\Foundation\Application {#2}
#factory: Illuminate\Database\Connectors\ConnectionFactory {#49 ▶}
#connections: array:1 [▶]
#extensions: array:1 [▶]
#reconnector: Closure($connection) {#30 ▶}
}
#connection: null
}
#failedRules: []
#excludeAttributes: []
#messages: null
#data: array:8 [▼
"_token" => "wPz6ltLruQL6f40njM9AVq0ijVMqiJnOlkPNAWtX"
"name" => "Trininty Speaks"
"email" => "[email protected]"
"email_confirmation" => "[email protected]"
"password" => "123456As"
"password_confirmation" => "123456As"
"terms" => "1"
"registerbutton" => null
]
#initialRules: array:4 [▼
"name" => "required|string|max:255"
"email" => "required|string|email|max:255|confirmed|unique:users"
"password" => "required|string|min:8|regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%&~@^*()-_=+<>]).*$/|confirmed"
"terms" => "required"
]
#rules: array:4 [▼
"name" => array:3 [▶]
"email" => array:6 [▶]
"password" => array:5 [▼
0 => "required"
1 => "string"
2 => "min:8"
3 => "regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%&~@^*()-_=+<>]).*$/"
4 => "confirmed"
]
"terms" => array:1 [▶]
]
#currentRule: null
#implicitAttributes: []
#implicitAttributesFormatter: null
#distinctValues: []
#after: []
+customMessages: []
+fallbackMessages: []
+customAttributes: []
+customValues: []
+extensions: array:1 [▶]
+replacers: []
#fileRules: array:9 [▶]
#implicitRules: array:10 [▶]
#dependentRules: array:20 [▶]
#excludeRules: array:2 [▶]
#sizeRules: array:8 [▶]
#numericRules: array:2 [▶]
#dotPlaceholder: "RJMy1aOO5J7Czany"
}
Above you can see the formatting REGEX rule clearly, but you can also see the incorrect passsword (doesn't include symbol).
With the above, only on that second attempt, the following test gives me "true" but it should be false.
$this->validator($request->all()->passes());
What am I missing here? I know it's very difficult to tell without all the code, but I'm hoping someone else has had and is familiar with the issue and has solved this problem. I can find no posts regarding this issue.
Why is the REGEX requirement in the validation ignored when the user uses this form the second time?
Any help and/or suggestions is most welcome.