mawuekom / laravel-password-history
Allows you to store users password history
Requires
- php: ^7.2|^7.3|^7.4|^8.0|^8.1|^8.2
- illuminate/support: ^8.0|^9.0|^10.0
- mawuekom/laravel-model-uuid: ^2.0
Requires (Dev)
- orchestra/testbench: ^6.0
- phpunit/phpunit: ^9.0
README
This package allows to store users password history and check if the user can use the same for updating or not. Then, you can tell your users when they will be going to create a new password for their accounts if they can use an already used password or not.
Installation
You can install the package via composer:
composer require mawuekom/laravel-password-history
Usage
Once install, go to config/app.php to add PasswordHistoryServiceProvider in providers array
Laravel 5.5 and up Uses package auto discovery feature, no need to edit the config/app.php file.
'providers' => [ ... Mawuekom\PasswordHistory\PasswordHistoryServiceProvider::class, ],
php artisan vendor:publish --tag=password-history
Or you can publish config
php artisan vendor:publish --tag=password-history --config
Configuration
- You can change connection for models, models path and there is also a handy pretend feature.
- There are many configurable options which have been extended to be able to configured via
.envfile variables. - Editing the configuration file directly may not needed because of this.
- See config file: password-history.php.
<?php /* * You can place your custom package configuration in here. */ return [ /** * Password histories config */ 'enable' => true, 'model' => Mawuekom\PasswordHistory\Models\PasswordHistory::class, 'checker' => false, 'number_to_check' => 3, 'name' => 'Password History', 'resource_name' => 'password_history', 'table' => [ 'name' => env('PASSWORD_HISTORY_PASSWORD_HISTORIES_DATABASE_TABLE', 'password_histories'), 'primary_key' => env('PASSWORD_HISTORY_PASSWORD_HISTORIES_DATABASE_TABLE_PRIMARY_KEY', 'id'), 'user_foreign_key' => env('PASSWORD_HISTORY_PASSWORD_HISTORIES_DATABASE_TABLE_USER_FOREIGN_KEY', 'user_id'), ], /** * Users config */ 'user' => [ 'model' => App\Models\User::class, 'name' => 'User', 'resource_name' => 'user', 'table' => [ 'name' => env('PASSWORD_HISTORY_USERS_DATABASE_TABLE', 'users'), 'primary_key' => env('PASSWORD_HISTORY_USERS_DATABASE_TABLE_PRIMARY_KEY', 'id'), ], ], /* |-------------------------------------------------------------------------- | Add uuid support |-------------------------------------------------------------------------- */ 'uuids' => [ 'enable' => true, 'column' => '_id' ], ];
To allow your users to use password histries, add HasPasswordHistory trait in your User Model.
<?php namespace App\Models; ... use Mawuekom\PasswordHistory\Traits\HasPasswordHistory; ... class User extends Authenticatable { use HasPasswordHistory; ... }
PasswordHistoryChecker is a service that help you implement the fact that an user can not use recently used passwords for creating a new one. If he do so, it will be notify that :
Your new password can not be the same as any of your recent passwords. Please choose a new password.
$user = User::create([ 'name' => 'Toto', 'email' => 'toto@gmail.com', 'password' => 'toto1234', ]); $user ->updatePasswordHistory();
$user = User::find(1); PasswordHistoryChecker::validatePassword($user, $new_password);
Testing
composer test
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Report bug
Contact me on Twitter @ephraimseddor
License
The MIT License (MIT). Please see License File for more information.