README

The Laravel package maintains encrypted user password history so that you can prevent users from using a previously used password.

Installation

You can install the package via composer:

composer require chrysanthos/password-history

Usage

The package service provider is registered automatically and a migration is provided to be run.

Run your migrations

php artisan migrate

In your App\Http\Controllers\Auth\ResetPasswordController override Laravel's default rules method with the following

    use Chrysanthos\PasswordHistory\Rules\NoOldPasswords;

    /**
     * Get the password reset validation rules.
     *
     * @return array
     */
    protected function rules()
    {
        return [
            'token' => 'required',
            'email' => 'required|email',
            'password' => [
                'required', 'confirmed', 'min:8',
                new NoOldPasswords(User::whereEmail(request('email'))->first()->id, request('password'))
            ],
        ];
    }

Note: In case you changed the default Laravel auth ResetPasswordController you will need to dispatch the PasswordReset event that Laravel includes out of the box.

    use Illuminate\Auth\Events\PasswordReset;

    event(new PasswordReset($user));

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please send me a message on twitter (@chrysanthos_cy) instead of using the issue tracker.

Credits

Chrysanthos Prodromou

License

The MIT License (MIT). Please see License File for more information.

chrysanthos / password-history

Maintainers

Details