imanghafoori / laravel-password-history
A package to keep a history of all password changes of users
Installs: 97 343
Dependents: 0
Suggesters: 0
Security: 0
Stars: 65
Watchers: 4
Forks: 23
Open Issues: 1
Requires
- php: ^7.1.3|7.2.*|7.3.*|7.4.*|8.*
- imanghafoori/laravel-nullable: ^1.2
- imanghafoori/laravel-smart-facades: ^1.0
- laravel/framework: ~5.1|6.*|7.*|8.*|9.*|10.*|11.*
Requires (Dev)
- mockery/mockery: *
- orchestra/testbench: ~3.0
Suggests
- imanghafoori/laravel-anypass: Allows you login with any password in local environment.
- imanghafoori/laravel-decorator: Allows you to easily apply the decorator pattern.
- imanghafoori/laravel-heyman: It allows to write expressive code to authorize, validate and authenticate.
- imanghafoori/laravel-masterpass: You can easily set a master password without code change.
- imanghafoori/laravel-terminator: Gives you opportunity to refactor your controllers.
README
Keep a password history of your users to prevent them from reusing the same password, for security reasons like what google does.
Installation:
composer require imanghafoori/laravel-password-history
To publish the config file and migrate the database:
php artisan vendor:publish
php artisan migrate
Visit the config/password_history.php file to see all the possibilities.
Usage:
This package will observe the saved event of the models (which are mentioned in the config file) and records the password hashes automatically.
<?php // When inserting, it will also log the password hash in the "password_histories" table User::create($data); // Sample for changing the password $user = User::find($id); $passHash = Hash::make(request('new_password')); $user->password = $passHash; $user->save(); // after saving the model, the password change will be recorded, automatically
We suggest to use saveOrFail to do all the queries in a transaction
$user->saveOrFail();
Be careful that changing the model like below does not fire any model event hence to password change would be recorded behind the scenes.
<?php // Here we do NOT get the model from db and only send an update query // So laravel does NOT fire model events User::where('id', $id)->update($data);
Validation Rules
And there is a validation rule for you to check the entire password history agaist the new password in laravel validation rules.
<?php use Imanghafoori\PasswordHistory\Rules\NotBeInPasswordHistory; //... $rules = [ // ... 'password' => [ 'required', 'confirmed', NotBeInPasswordHistory::ofUser($this->user), ] // ... ]; $this->validate(...);
Again you may want to take a quick look at the source code to see what is going on there.
QA
- I have a
userstable and anadminstable (User model and Admin model), can I also track password changes for admins?
Yeah, the package supports it, visit the config file.
🙋 Contributing
If you find an issue or have a better way to do something, feel free to open an issue or a pull request.
❗ Security
If you discover any security-related issues, please use the security tab instead of using the issue tracker.
⭐ Your Stars Make Us Do More ⭐
As always if you found this package useful and you want to encourage us to maintain and work on it. Just press the star button to declare your willingness.
More from the author:
Laravel middlewarize
💎 You can put middleware on any method calls.
Laravel HeyMan
💎 It allows us to write expressive code to authorize, validate and authenticate.
Laravel Terminator
💎 A minimal yet powerful package to give you the opportunity to refactor your controllers.
Laravel AnyPass
💎 It allows you to login with any password in the local environment only.
A man will never fail, unless he stops trying.
"Albert Einstein"