PHPackages                             agonyz/contao-haveibeenpwned-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. agonyz/contao-haveibeenpwned-bundle

ActiveContao-bundle[API Development](/categories/api)

agonyz/contao-haveibeenpwned-bundle
===================================

This extensions automatically checks the user's password when logging in via the HaveIBeenPwned Api

0.1.1(3y ago)07LGPL-3.0-or-laterPHPPHP ^7.4 || ^8.0

Since Feb 26Pushed 3y ago1 watchersCompare

[ Source](https://github.com/agonyz/contao-haveibeenpwned-bundle)[ Packagist](https://packagist.org/packages/agonyz/contao-haveibeenpwned-bundle)[ Docs](https://github.com/agonyz/contao-haveibeenpwned-bundle)[ RSS](/packages/agonyz-contao-haveibeenpwned-bundle/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependencies (9)Versions (3)Used By (0)

Contao Have I Been Pwned Bundle
===============================

[](#contao-have-i-been-pwned-bundle)

Extension for the [Contao CMS](https://www.contao.org)
------------------------------------------------------

[](#extension-for-the-contao-cms)

The extension can be used to check if a user's password has been leaked using the [Have I Been Pwned Api](https://haveibeenpwned.com/). It utilizes the [NotCompromisedPassword - Feature](https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html) by Symfony for doing so. This functionality is automatically triggered after an user logs into the backend.

Installation
------------

[](#installation)

Run `composer require agonyz/contao-haveibeenpwned-bundle` in your CLI to install the extension.

Configuration
-------------

[](#configuration)

```
# config/config.yml
# Agonyz Contao Have I Been Pwned Bundle
agonyz_contao_have_i_been_pwned:
  user_notice: 'Hello UserYour Password was found on a leaked password listPlease change your password.' # the notice that should be displayed to the user in the backend
```

Please remember to always clear the cache after each change in the `config.yml`.

### Disable Notifications

[](#disable-notifications)

You can disable the notifications for the users in the user settings.

Example
-------

[](#example)

This screenshot shows an example after a user has logged in with a leaked password.

[![hibpbundle](docs/agonyz_contao_haveibeenpwned.png?raw=true "hibpbundle")](docs/agonyz_contao_haveibeenpwned.png?raw=true)

###  Health Score

20

—

LowBetter than 13% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity4

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity42

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

1224d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/e18dc2971df71e03b51ea9c4682182cdb17f2cdb1b3744964dba01fe561f54fd?d=identicon)[agonyz](/maintainers/agonyz)

---

Top Contributors

[![agonyz](https://avatars.githubusercontent.com/u/71080150?v=4)](https://github.com/agonyz "agonyz (2 commits)")

---

Tags

apipasswordcontaoautomatichaveibeenpwned

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/agonyz-contao-haveibeenpwned-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/agonyz-contao-haveibeenpwned-bundle/health.svg)](https://phpackages.com/packages/agonyz-contao-haveibeenpwned-bundle)
```

###  Alternatives

[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.9M388](/packages/easycorp-easyadmin-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
