I am trying to use the Laravel's Rule\Password::defaults($callback) to add validation rules for registering users.
As per documentation of the defaults function:
Set the default callback to be used for determining a password's default rules. If no arguments are passed, the default password rule configuration will be returned.
Logging the $callback from Password:defaults returns an instance of itsself (Rules\Password) with the min variable set correctly to 4 (instead of default 8). However, at registration, a password with one character passes and the user is registered.
My code in RegisteredUserController looks like this
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => ['required', 'confirmed', Rules\Password::defaults(
Rules\Password::min(4)->uncompromised()->mixedCase()->numbers()->symbols()
)
]
]);
Now, I know a few ways to workaround and actually have this done, like:
- using the AppServiceProvider::boot() method I can change the defaults, and that actually works.
- passing the password param like so 'required|confirmed|min:4' also works.
- passing directly Rules\Password::min(4)->other_validation() also works
But this is not the point. I want to know why I don't get the expected behavior from the defaults function from the RegisteredUserController.
Why does the Rules\Password::defaults($callback) not set the specified validation rules from the $callback)?
Expected behavior: Do not allow users to set passwords with length < 4.
Unexpected behavior: Users can set passwords of any length.
Note: I have also tried with a closure that returns the rules. Same unexpected behavior.