Skip to content

Password

Jump to bottom
Viames Marino edited this page Mar 26, 2026 · 3 revisions

Pair framework: Password

Pair\Html\FormControls\Password renders <input type="password">. From an API perspective it is intentionally small: it mainly reuses the shared FormControl behavior and changes only the HTML input type.

Rendered HTML:

<input type="password" ... />

Main methods

Password adds one concrete method:

  • render(): string

In day-to-day usage you mostly rely on inherited methods:

  • required()
  • minLength()
  • maxLength()
  • pattern()
  • placeholder()
  • value()
  • label()
  • class()
  • description()
  • validate()

Rendering behavior

render() delegates to the shared helper:

// Password reuses the generic input renderer with type="password".
return parent::renderInput('password');

This means Pair still prints the same common attributes documented in FormControl, but the browser masks the visible characters because the input type is password.

Validation behavior

Password does not override validate(), so it uses the base FormControl validation:

  • required check
  • minimum length
  • maximum length

Important practical consequence:

  • pattern(...) can be rendered on the HTML input, but the default server-side validator does not enforce that regex on its own

Practical examples

1. Standard account password

$password = (new \Pair\Html\FormControls\Password('password'))
    ->label('Password')
    // Use length limits even when stronger domain rules exist elsewhere.
    ->required()
    ->minLength(12)
    ->maxLength(128)
    ->placeholder('At least 12 characters')
    ->class('form-control');

echo $password->render();

2. PIN-like password field

$pin = (new \Pair\Html\FormControls\Password('pin'))
    ->label('PIN')
    // Regex can help the browser enforce a precise shape.
    ->pattern('^[0-9]{6}$')
    ->maxLength(6)
    ->placeholder('6 digits');

3. Edit screen with a preloaded masked value

$apiSecret = (new \Pair\Html\FormControls\Password('apiSecret'))
    ->label('API secret')
    // Pair allows a password field to be prefilled if you pass a value.
    ->value($integration->apiSecret)
    ->readonly();

4. Password field with frontend metadata

$newPassword = (new \Pair\Html\FormControls\Password('newPassword'))
    ->label('New password')
    // Frontend hooks can drive password-strength meters or hints.
    ->required()
    ->minLength(12)
    ->data('strength-target', '#password-strength')
    ->class(['form-control', 'js-password-field']);

Secondary methods worth knowing

  • placeholder(...) Supported on Password.
  • pattern(...) Supported on Password, unlike on several other controls.
  • inputmode(...) Inherited but ignored by the current implementation for Password.

Notes

  • Because Password uses the base validation, server-side complexity rules should be added explicitly in the model/request/controller layer.
  • Pair can render a prefilled password field if you call value(...); use that intentionally, because not every form should echo back secret values.

See also: Text, Email, FormControl.

Clone this wiki locally