samasend / laravel-needs-auto-rehash
Automate the common password `Auth::needsRehash` routine using built-in event
Installs: 2 202
Dependents: 0
Suggesters: 0
Security: 0
Stars: 66
Watchers: 2
Forks: 5
Open Issues: 0
Requires
- php: ^7.2|^8.0.2
- illuminate/auth: ^6.0|^7.0|^8.0|^9.0|^10.0
- illuminate/contracts: ^6.0|^7.0|^8.0|^9.0|^10.0
- illuminate/support: ^6.0|^7.0|^8.0|^9.0|^10.0
Requires (Dev)
- orchestra/testbench: ~3.6.7 || ~3.7.8 || ~3.8.6 || ^4.8 || ^5.2 || ^6.0
This package is auto-updated.
Last update: 2024-03-21 00:12:03 UTC
README
This package automates the common password Hash::needsRehash routine by hooking into the built-in event system.
Use case
When a user register, Laravel uses bcrypt algorithm with a cost factor of 10 to hash passwords.
The problem is when you change the default hashing algorithm or
when Laravel eventually changes the default algorithm to argon2i
or PHP recommended PASSWORD_DEFAULT constant changes, and you want to keep up
or simply want to upgrade the cost factor of bcrypt; your changes will only be reflected on newly registered users or when existing users change their password.
You have to implement a common routine task to upgrade users' password hash by checking Hash::needsRehash whenever the user provides a valid credential.
Prerequisites
- PHP 7.2 or greater and 8.0.2 or greater
- Laravel 6.x || 7.x || 8.x || 9.x || 10.x
Installation
composer require samasend/laravel-needs-auto-rehash
Basic Usage
That's it, you just need to install the package. 🚀
How does this works?
- This magical package listen for the built-in
Illuminate\Auth\Events\Attemptingevent fired from the framework and validate the credentials using the built-in infrastructure. - If the user password needs rehashing, it will rehash the password and update the model.
Contributing
Fork it
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request