infinitypaul / laravel-password-history-validation
Prevent users from reusing recently used passwords
Installs: 45 067
Dependents: 0
Suggesters: 0
Security: 0
Stars: 82
Watchers: 2
Forks: 27
Open Issues: 0
Requires
- php: ^7.4|^8.0
Requires (Dev)
- orchestra/testbench: ^5.0|^6.0|^7.1.0|^8.0
- phpunit/phpunit: ^9.3
This package is auto-updated.
Last update: 2024-11-11 07:03:02 UTC
README
Prevent users from reusing recently used passwords.
Installation
You can install the package via composer:
composer require infinitypaul/laravel-password-history-validation
Configuration
To get started, you'll need to publish the config file, and migrate the database:
php artisan vendor:publish --tag=password-config
Modify the config file according to your project, then migrate the database
php artisan migrate
Usage
This package will observe the created and updated event of the models (check the config file for settings) and records the password hashes automatically.
In Your Form Request or Inline Validation, All You Need To Do Is Instantiate The NotFromPasswordHistory
class passing the current user as an argument
<?php use Infinitypaul\LaravelPasswordHistoryValidation\Rules\NotFromPasswordHistory; $this->validate($request, [ 'password' => [ 'required', new NotFromPasswordHistory($request->user()) ] ]);
Cleaning Up Old Record - (Optional)
Because We Are Storing The Hashed Password In Your Database, Your Database Can Get Long When You Have Lots Of Users
Add PasswordHistoryTrait To Your User Model
<?php use Infinitypaul\LaravelPasswordHistoryValidation\Traits\PasswordHistoryTrait; class User extends Authenticatable { use Notifiable, PasswordHistoryTrait; }
Then You Can Run The Following Artisan Command
php artisan password-history:clear
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email infinitypaul@live.com instead of using the issue tracker.
How can I thank you?
Why not star the github repo? I'd love the attention! Why not share the link for this repository on Twitter or HackerNews? Spread the word!
Don't forget to follow me on twitter!
Thanks! Edward Paul.
License
The MIT License (MIT). Please see License File for more information.