afiqiqmal / lara-pass-policy
Laravel Password History
Requires
- php: ^7.4 || ^8.0
- illuminate/auth: ^7 || ^8 || ^9 || ^10 || ^11
- illuminate/contracts: ^7 || ^8 || ^9 || ^10 || ^11
- illuminate/support: ^7 || ^8 || ^9 || ^10 || ^11
Requires (Dev)
- nunomaduro/collision: ^5.3 || ^6.0 || ^7.0 || ^8.0
- orchestra/testbench: ^6.15 || ^7.0 || ^8.0 || ^9.0
- pestphp/pest: ^1.18 || ^2.0 || ^3.0
- pestphp/pest-plugin-laravel: ^1.1 || ^2.0 || ^3.0
- spatie/laravel-ray: ^1.23
- vimeo/psalm: ^4.8 || ^5.0
README
Installation
You can install the package via composer:
composer require afiqiqmal/lara-pass-policy
You can publish and run the migrations with:
php artisan vendor:publish --provider="Afiqiqmal\LaraPassPolicy\LaraPassPolicyServiceProvider" --tag="migrations" php artisan migrate
You can publish the config file with:
php artisan vendor:publish --provider="Afiqiqmal\LaraPassPolicy\LaraPassPolicyServiceProvider" --tag="config"
Out of the box, this package provide a view (Blade and Vue templates) to allow users to change own password. If you want to customize the default page you can publish the views with:
php artisan vendor:publish --provider="Afiqiqmal\LaraPassPolicy\LaraPassPolicyServiceProvider" --tag="views"
and customize as you like in:
resources/views/auth/verify-password-change.blade.php
, for standard stack (Blade templates)resource/js/Pages/Auth/VerifyPasswordChange.vue
, if your stack integrate Inertia
Then, be sure to specify the view name in config/lara-pass-policy.views.password-changed
.
NOTE: Currently, only Vue stack are supported out of the box: for React/Svelte stack you must create a new page
component in resources/js/Pages/Auth
, just like the Vue page provided.
Usage
Add HasPasswordPolicy
trait to the authenticable model
Add MustVerifyPasswordPolicy
interface to the authenticable model
class User extends Authenticable implements MustVerifyPasswordPolicy { use HasPasswordPolicy; ... ... }
Add Middleware
Add EnsurePasswordIsChanged
middleware in $routeMiddleware
protected $routeMiddleware = [ ... 'password_changed' => EnsurePasswordIsChanged::class, ... ];
so you can attach it to your routes:
// routes/web.php Route::middleware(['auth', 'password_changed'])->group(function () { return view('welcome'); });
Translations.
You may translate the package string messages (defined in config lara-pass.messages
) adding the translated strings in lang/<locale>.json
files.
Environment settings.
If you want to disable Password Policy on specific environment (ex: local
) set to false
this variable in .env
file:
# Set to false to disable password policy. PASSWORD_POLICY_ENABLED=false
You may also customize the number of days before the passwords expire setting the variable in .env
file:
# Set to false to disable password policy. PASSWORD_LIFETIME=30
Validation rules.
If you need to apply your own default password rules, you should define a defaults
callback within the boot method
of one of your application's service providers, as described in
Laravel docs: this package
will validate new passwords against those defaults.
Credits
License
The MIT License (MIT). Please see License File for more information.