Perform case insensitive comparison against the password list

michaelvickersuk · michaelvickersuk · commit bc9efa7b01bb · 2019-10-01T21:33:35.000+01:00
Make the password list and user provided password both lowercase,
so bad passwords are always identified regardless of how many
characters are capitalised
diff --git a/src/DumbPasswordServiceProvider.php b/src/DumbPasswordServiceProvider.php
@@ -40,9 +40,12 @@ public function boot()
             $path = realpath(__DIR__ . '/../resources/config/passwordlist.txt');
             $cache_key = md5_file($path);
             $data = Cache::rememberForever('dumbpwd_list_' . $cache_key, function () use ($path) {
-                return collect(explode("\n", file_get_contents($path)));
+                return collect(explode("\n", file_get_contents($path)))
+                    ->map(function ($password) {
+                            return strtolower($password);
+                    });
             });
-            return !$data->contains($value);
+            return !$data->contains(strtolower($value));
         }, $this->message);
     }
 
@@ -56,7 +59,7 @@ public function register()
 
     /**
      * Get the services provided by the provider.
-     * 
+     *
      * @return array
      */
     public function provides()
