vanthao03596 / laravel-password-history
Keep a password history of your users to prevent them from reusing the same password like Facebook, Google
Fund package maintenance!
vanthao03596
Requires
- php: ^7.3 || ^8.0
- illuminate/contracts: ^6.0 || ^7.0 || ^8.0
- illuminate/database: ^6.0 || ^7.0 || ^8.0
- vanthao03596/laravel-package-tools: ^2.0
Requires (Dev)
- laravel/legacy-factories: ^1.0.4
- nunomaduro/collision: ^3.0 || ^5.3
- orchestra/testbench: ^4.8 || ^5.2 || ^6.0
- phpunit/phpunit: ^9.3
- spatie/test-time: ^1.2
- vimeo/psalm: ^4.4
This package is auto-updated.
Last update: 2024-11-05 22:41:25 UTC
README
Keep a password history of your users to prevent them from reusing the same password, for security reasons like what Google, Apple does.
Installation
You can install the package via composer:
composer require vanthao03596/laravel-password-history
You can publish and run the migrations with:
php artisan vendor:publish --provider="Vanthao03596\LaravelPasswordHistory\LaravelPasswordHistoryServiceProvider" --tag="password-history-migrations" php artisan migrate
You can publish the config file with:
php artisan vendor:publish --provider="Vanthao03596\LaravelPasswordHistory\LaravelPasswordHistoryServiceProvider" --tag="password-history-config"
This is the contents of the published config file:
return [ /** * The table name to save your password histories. */ 'table_name' => 'password_histories', /* * The fully qualified class name of the password_histories model. */ 'password_history_model' => \Vanthao03596\LaravelPasswordHistory\Models\PasswordHistory::class, /* * The number of months you want to check against new password. */ 'months_to_check' => 12, ];
Usage
To make an Eloquent model store password histories just add the \Vanthao03596\LaravelPasswordHistory\HasPasswordHistory
trait to it:
use Illuminate\Database\Eloquent\Model; use Vanthao03596\LaravelPasswordHistory\HasPasswordHistory; class YourModel extends Model { use HasPasswordHistory; ... }
Validation Rules
And there is a validation rule for you to check the entire password history agaist the new password in laravel validation rules.
use Vanthao03596\LaravelPasswordHistory\Rules\NotInPasswordHistory; //... $rules = [ // ... 'password' => [ 'required', 'confirmed', new NotInPasswordHistory(request()->user()), ] // ... ]; $this->validate(...);
Cleaning up the log
After using the package for a while you might have recorded a lot of password history. This package provides an artisan command password-history:clean to clean the history.
php artisan password-history:clean
//app/Console/Kernel.php protected function schedule(Schedule $schedule) { $schedule->command('password-history:clean')->daily(); }
Overwrite the months to keep per call
php artisan password-history:clean --months=6
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.