wiki/content/20201112134752-compromised_password_constraint.md

---
date: 20201112
id: 1b282a21-2736-404a-a788-5a362fcba479
title: Compromised Password Constraint
---

# Description

Internally, the constraint makes an HTTP request to the API provided by
the haveibeenpwned.com website. In the request, the validator doesn't
send the raw password but only the few first characters of the result of
encoding it using SHA-1.

# Syntax

``` php
// src/Entity/User.php
namespace App\Entity;

use Symfony\Component\Validator\Constraints as Assert;

class User
{
    // ...

    /**
     * @Assert\NotCompromisedPassword
     */
    protected $rawPassword;
}
```
Quartz sync: May 6, 2024, 10:40 PM 2024-05-06 20:40:05 +00:00			`---`
Quartz sync: Oct 30, 2024, 6:04 PM 2024-10-30 17:04:36 +00:00			`date: 20201112`
Quartz sync: May 6, 2024, 10:40 PM 2024-05-06 20:40:05 +00:00			`id: 1b282a21-2736-404a-a788-5a362fcba479`
			`title: Compromised Password Constraint`
			`---`

			`# Description`

			`Internally, the constraint makes an HTTP request to the API provided by`
			`the haveibeenpwned.com website. In the request, the validator doesn't`
			`send the raw password but only the few first characters of the result of`
			`encoding it using SHA-1.`

			`# Syntax`

			``` php
			`// src/Entity/User.php`
			`namespace App\Entity;`

			`use Symfony\Component\Validator\Constraints as Assert;`

			`class User`
			`{`
			`// ...`

			`/**`
			`* @Assert\NotCompromisedPassword`
			`*/`
			`protected $rawPassword;`
			`}`
			```