eightynine/filament-password-expiry

Allow your users to periodically reset their passwords, to enforce security.

3.0.2 2024-09-13 14:33 UTC

This package is auto-updated.

Last update: 2024-11-13 14:53:23 UTC


README

🛠️ Be Part of the Journey

Hi, I'm Eighty Nine. I created password expiry plugin to solve real problems I faced as a developer. Your sponsorship will allow me to dedicate more time to enhancing these tools and helping more people. Become a sponsor and join me in making a positive impact on the developer community.

Allow your users to periodically reset their passwords, to enforce security.

This package allows you to periodically reset your users passwords, to enforce security. In your system you have to force users to change their passwords every 30-90 days. This ensures that even if the user is no longer using the system, other people will not be able to login with their old password.

Installation

You can install the package via composer:

composer require eightynine/filament-password-expiry

Add the plugin to your panel

  1. In you panel's provider, add the plugin as:
use EightyNine\FilamentPasswordExpiry\PasswordExpiryPlugin;
            
    public function panel(Panel $panel): Panel
    {
        return $panel
            ...
            ->plugin(PasswordExpiryPlugin::make());

    }
  1. Publish the migrations and config file in order to set up the password expiry table and column.
php artisan vendor:publish --tag="password-expiry-migrations"
php artisan vendor:publish --tag="password-expiry-config"
php artisan migrate

If you need to, you can publish the translation file using the command:

php artisan vendor:publish --tag="password-expiry-translations"
  1. In your authentication class, example app/Models/User.php, add the has password expiry trait to the model, the trait checks if all is setup correctly and will throw an exception if not. The trait will update the password_expires_at column when the user is created.
use EightyNine\FilamentPasswordExpiry\Concerns\HasPasswordExpiry;
            
class User extends Authenticatable
{
    use HasPasswordExpiry;
    ...
}
  1. This plugin does not hash passwods when creating a new password. Instead, make sure your password is cast as 'hashed' in your User model
    /**
     * Get the attributes that should be cast.
     *
     * @return array<string, string>
     */
    protected function casts(): array
    {
        return [
            'email_verified_at' => 'datetime',
            'password' => 'hashed',
        ];
    }

You are all good to go! Now when a user is created, the password_expires_at column will be updated with the current date and time plus the expires_in config value. When the user tries to login, the middleware will check if the password_expires_at column is less than the current date and time. If it is, the user will be redirected to the password expiry page.

This is the contents of the published config file:

return [

    /**
     * Table
     * 
     * The table to store the password expiry data in.
     */
    'table_name' => 'users',

    /**
     * Column
     * 
     * The column to store the password expiry data in.
     */
    'column_name' => 'password_expires_at',

    /** 
     * Password column name
     * 
     * The name of the password column, will be updated when setting the new password.
     */
    'password_column_name' => 'password',

    /**
     * Expiry
     * 
     * The number of days before the password expires.
     */
    'expires_in' => 30,

    /**
     * Password expiry route
     * 
     * The route to redirect to when the password expires.
     */
    'password_expiry_route' => 'password-expiry.reset-password',

    /**
     * Password expiry path
     * 
     * The path to redirect to when the password expires.
     */
    'password_expiry_path' => 'password-expiry/reset-password',

    /**
     * Password expiry middleware
     * 
     * The middleware to use for password expiry.
     */
    'password_expiry_middleware' => PasswordExpiryMiddleware::class,

    /**
     * Password expiry middleware
     * 
     * The middleware to use for password expiry.
     */
    'password_reset_page' => ResetPassword::class,

    /**
     * Auth class
     * 
     * The auth class to use for password expiry. By default, the package uses Filament::auth()->user(). Make sure the auth class 
     * also contains the column defined in the table_name config.
     */
    'auth_class' => Filament::class,

    /**
     * Email column
     * 
     * The column to store the email in.
     */
    'email_column_name' => 'email',

    /**
     * After password reset redirect to
     * 
     * The route to redirect to after a password reset. By default, the user will be redirected to the login page
     * using "Filament::getLoginUrl()"
     */
    'after_password_reset_redirect' => null,

    /**
     * Override login route
     * 
     * There is a bug in laravel where when you change password, the user is redirected to the login page by default. This override 
     * fixes that bug by defining a login route that redirects to your panel's login page.
     */
    'override_login_route' => true
];

Credits

License

The MIT License (MIT). Please see License File for more information.