zenepay / password-expiry
It handles password expiry of users.
Requires
- php: ^8.1
- illuminate/support: ^10.0|^11.0
- imanghafoori/laravel-password-history: ^1.0.2
README
Password expiry
- It allows you to set user password to expire in x days after creating/resetting.
- Using imanghafoori/laravel-password-history, user cannot use the last x previous paswords.
- Can use as middleware and validation
- It does support Laravel 9.x - 11.x
Install
Via Composer
$ composer require zenepay/password-expiry
You need to migrate you database.
php artisan migrate
You can publish the config file with:
php artisan vendor:publish --provider="Zenepay\PasswordExpiry\PasswordExpiryServiceProvider" --tag="config"
When published, the config/password_history.php config file contains:
return [ 'expiry_days' => 90 ];
You can change it according to your needs.
Usage
- Include Following trait in User Model
use Zenepay\PasswordExpiry\Traits\PasswordExpirable; class User extends Authenticatable { use PasswordExpirable; }
- You can check if user password is expired?
$user->isPasswordExpired();
- You can protect your routes from user with expired password by :
For Laravel < 11
add following middleware to app/Http/Kernel.php
- To prevent user with password expire to access page. This will redirect to reset password page
use Zenepay\PasswordExpiry\CheckPasswordExpired; protected $routeMiddleware = [ ... 'check-password-expired' => CheckPasswordExpired::class ]
For Laravel 11
Add this to bootstrap/app.php
use Zenepay\PasswordExpiry\CheckPasswordExpired; ->withMiddleware(function (Middleware $middleware) { $middleware->append(CheckPasswordExpired::class); })
For Laravel + Filament 3
For Laravel Filament 3, you can put to panel middleware
use Zenepay\PasswordExpiry\CheckPasswordExpired; $panel->authMiddleware([ ..., CheckPasswordExpired::class ])
Validate to prevent using previous passwords
In any validate for password rule, add NoPreviousPassword::ofUser($user) in
use Zenepay\PasswordExpiry\Rules\NoPreviousPassword; public function store(Request $request): RedirectResponse { $request->validate([ ... 'password' => ['required', 'confirmed', Rules\Password::defaults(), NoPreviousPassword::ofUser($request->user())], ]); }
In Filament with Breezy plugin and Profile page you can add rule as below
use Jeffgreco13\FilamentBreezy\BreezyCore; use Zenepay\PasswordExpiry\Rules\NoPreviousPassword; $panel->plugins([ BreezyCore::make() ->passwordUpdateRules( rules: [Password::default()->mixedCase()->uncompromised(3),NoPreviousPassword::ofUser(Auth::user())], requiresCurrentPassword: true, ) ])
Change log
Please see CHANGELOG for more information on what has changed recently.
Testing
$ composer test
Contributing
Please see CONTRIBUTING and CODE_OF_CONDUCT for details.
Security
If you discover any security related issues, please email :author_email instead of using the issue tracker.
Credits
- [Iman]https://github.com/imanghafoori1 for his great password history package
- [Fahad Ali]https://github.com/fahad-larasoft for is an inspireation of password-expirable package
- [All Contributors][link-contributors]
License
The MIT License (MIT). Please see License File for more information.