vanthao03596/laravel-password-history

Keep a password history of your users to prevent them from reusing the same password like Facebook, Google

v1.1 2021-04-05 14:36 UTC

This package is auto-updated.

Last update: 2022-05-05 17:02:59 UTC


README

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

Keep a password history of your users to prevent them from reusing the same password, for security reasons like what Google, Apple does.

Installation

You can install the package via composer:

composer require vanthao03596/laravel-password-history

You can publish and run the migrations with:

php artisan vendor:publish --provider="Vanthao03596\LaravelPasswordHistory\LaravelPasswordHistoryServiceProvider" --tag="password-history-migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --provider="Vanthao03596\LaravelPasswordHistory\LaravelPasswordHistoryServiceProvider" --tag="password-history-config"

This is the contents of the published config file:

return [
    /**
     * The table name to save your password histories.
     */
    'table_name' => 'password_histories',

    /*
     * The fully qualified class name of the password_histories model.
     */
    'password_history_model' => \Vanthao03596\LaravelPasswordHistory\Models\PasswordHistory::class,

    /*
     * The number of months you want to check against new password.
     */

     'months_to_check' => 12,
];

Usage

To make an Eloquent model store password histories just add the \Vanthao03596\LaravelPasswordHistory\HasPasswordHistory trait to it:

use Illuminate\Database\Eloquent\Model;
use Vanthao03596\LaravelPasswordHistory\HasPasswordHistory;

class YourModel extends Model
{
    use HasPasswordHistory;
    
    ...
}

Validation Rules

And there is a validation rule for you to check the entire password history agaist the new password in laravel validation rules.

use Vanthao03596\LaravelPasswordHistory\Rules\NotInPasswordHistory;
//...

$rules = [
    // ... 
    'password' => [
       'required',
       'confirmed',
       new NotInPasswordHistory(request()->user()),
    ]
    // ... 
];

$this->validate(...);

Cleaning up the log

After using the package for a while you might have recorded a lot of password history. This package provides an artisan command password-history:clean to clean the history.

php artisan password-history:clean
//app/Console/Kernel.php

protected function schedule(Schedule $schedule)
{
   $schedule->command('password-history:clean')->daily();
}

Overwrite the months to keep per call

php artisan password-history:clean --months=6

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.