A package to keep a history of all password changes of users
Keep a password history of your users to prevent them from reusing the same password, for security reasons like what google does.
composer require imanghafoori/laravel-password-history
To publish the config file and migrate the database:
php artisan vendor:publish php artisan migrate
config/password_history.php file to see all the possibilities.
This package will observe the
saved event of the models (which are mentioned in the config file) and records the password hashes automatically.
<?php // When inserting, it will also log the password hash in the "password_histories" table User::create($data); // Sample for changing the password $user = User::find($id); $passHash = Hash::make(request('new_password')); $user->password = $passHash; $user->save(); // after saving the model, the password change will be recorded, automatically
We suggest to use
saveOrFail to do all the queries in a transaction
Be careful that changing the model like below does not fire any model event hence to password change would be recorded behind the scenes.
<?php // Here we do NOT get the model from db and only send an update query // So laravel does NOT fire model events User::where('id', $id)->update($data);
And there is a validation rule for you to check the entire password history agaist the new password in laravel validation rules.
<?php use Imanghafoori\PasswordHistory\Rules\NotBeInPasswordHistory; //... $rules = [ // ... 'password' => [ 'required', 'confirmed', NotBeInPasswordHistory::ofUser($this->user), ] // ... ]; $this->validate(...);
Again you may want to take a quick look at the source code to see what is going on there.
- I have a
userstable and an
adminstable (User model and Admin model), can I also track password changes for admins?
Yeah, the package supports it, visit the config file.
If you find an issue or have a better way to do something, feel free to open an issue or a pull request. If you use laravel-widgetize in your open source project, create a pull request to provide its URL as a sample application in the README.md file.
If you discover any security-related issues, please use the
security tab instead of using the issue tracker.
As always if you found this package useful and you want to encourage us to maintain and work on it. Just press the star button to declare your willingness.
💎 You can put middleware on any method calls.
💎 It allows us to write expressive code to authorize, validate and authenticate.
💎 A minimal yet powerful package to give you the opportunity to refactor your controllers.
💎 It allows you to login with any password in the local environment only.
💎 It allows you to decouple your eloquent models to reach a modular structure
A man will never fail, unless he stops trying. "Albert Einstein"