mccahan/laravel-auto-rehash

Automatically update Laravel password hashes as users authenticate

Maintainers

Details

github.com/mccahan/laravel-auto-rehash

Source

Issues

Installs: 1 985

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

1.0.2 2024-03-14 19:43 UTC

Requires

MIT 70e08eca2504119b85831a1f5dc96c91c6ac500a

  • Ryan McCahan <ryan.woop@mccahan.net>

This package is auto-updated.

Last update: 2024-04-14 20:02:38 UTC

README

The Laravel documentation makes reference to checking whether rehashing is necessary on authentication but leaves the process itself as an exercise to the reader. This library listens to the Illuminate\Auth\Events\Attempting emitted by some authentication techniques and automatically rehashes passwords as necessary when users log in, achieving a rolling password hash upgrade.

Installation

composer require mccahan/laravel-auto-rehash

Usage

If you only need to listen to default Attempting events, you're all set.

Custom Event

The library includes a custom event you can dispatch if you want to automatically rehash passwords when you have user credentials in-hand but don't want to use the existing Attempting event (e.g. if you have other listeners on that event you don't want to fire).

To use, include the event class:

use McCahan\LaravelAutoRehash\Events\ValidUserCredentials;

Then dispatch where necessary, including the password and your User model:

// Announce that we have some valid credentials in hand for a valid user
event(new ValidUserCredentials($user, $request->get('password')));

Standing on the Shoulders of Giants

Credit to SamAsEnd/laravel-needs-auto-rehash for their library that feels more robust but didn't easily have custom event support I need.