imanghafoori/laravel-password-history

A package to keep a history of all password changes of users

v0.0.2 2020-03-03 14:09 UTC

This package is auto-updated.

Last update: 2020-07-02 02:02:14 UTC


README

Keep a password history of your users to prevent them from reusing the same password, for security reasons like what google does.

Installation

composer require imanghafoori/laravel-password-history

To publish the config file and migrate the database:

php artisan vendor:publish
php artisan migrate

Visit the config/password_history.php file to see all the possibilities.

Usage

This package will observe the saved event of the models (which are mentioned in the config file) and records the password hashes automatically.

<?php
// When inserting, it will also log the password hash in the "password_histories" table
 User::create($data);

// Sample for changing the password
$user = User::find($id);
$passHash = Hash::make(request('new_password'));

$user->password = $passHash;
$user->save(); // after saving the model, the password change  will be recorded, automatically

We suggest to use saveOrFail to do all the queries in a transaction

$user->saveOrFail();

Be careful that changing the model like below does not fire any model event hence to password change would be recorded behind the scenes.

<?php
// Here we do NOT get the model from db and only send  an update query
// So laravel does NOT fire model events
User::where('id', $id)->update($data);

Validation Rules

And there is a validation rule for you to check the entire password history agaist the new password in laravel validation rules.

<?php
use Imanghafoori\PasswordHistory\Rules\NotBeInPasswordHistory;
//...

$rules = [
    // ... 
    'password' => [
       'required',
       'confirmed',
       NotBeInPasswordHistory::ofUser($this->user),
    ]
    // ... 
];

$this->validate(...);

Again you may want to take a quick look at the source code to see what is going on there.

QA

  • I have a users table and an admins table (User model and Admin model), can I also track password changes for admins?
Yeah, the package supports it, visit the config file.

🙋 Contributing

If you find an issue or have a better way to do something, feel free to open an issue or a pull request. If you use laravel-widgetize in your open source project, create a pull request to provide its URL as a sample application in the README.md file.

❗ Security

If you discover any security-related issues, please use the security tab instead of using the issue tracker.

⭐ Your Stars Make Us Do More ⭐

As always if you found this package useful and you want to encourage us to maintain and work on it. Just press the star button to declare your willingness.

More from the author:

Laravel middlewarize

💎 You can put middleware on any method calls.

Laravel HeyMan

💎 It allows us to write expressive code to authorize, validate and authenticate.

Laravel Terminator

💎 A minimal yet powerful package to give you the opportunity to refactor your controllers.

Laravel AnyPass

💎 It allows you to login with any password in the local environment only.

Eloquent Relativity

💎 It allows you to decouple your eloquent models to reach a modular structure

🍌 Reward me a banana 🍌

so that I will have the energy to start the next package for you.

  • Dodge Coin: DJEZr6GJ4Vx37LGF3zSng711AFZzmJTouN
  • LiteCoin: ltc1q82gnjkend684c5hvprg95fnja0ktjdfrhcu4c4
  • BitCoin: bc1q53dys3jkv0h4vhl88yqhqzyujvk35x8wad7uf9
  • Ripple: rJwrb2v1TR6rAHRWwcYvNZxjDN2bYpYXhZ
  • Etherium: 0xa4898246820bbC8f677A97C2B73e6DBB9510151e

A man will never fail, unless he stops trying.

"Albert Einstein"