Skip to content
/ laravel-password-history Public
generated from spatie/package-skeleton-laravel

Keep a password history of your users to prevent them from reusing the same password like Google, Apple.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vanthao03596/laravel-password-history

BranchesTags

Repository files navigation

Laravel password history

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

Keep a password history of your users to prevent them from reusing the same password, for security reasons like what Google, Apple does.

Installation

You can install the package via composer:

composer require vanthao03596/laravel-password-history

You can publish and run the migrations with:

php artisan vendor:publish --provider="Vanthao03596\LaravelPasswordHistory\LaravelPasswordHistoryServiceProvider" --tag="password-history-migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --provider="Vanthao03596\LaravelPasswordHistory\LaravelPasswordHistoryServiceProvider" --tag="password-history-config"

This is the contents of the published config file:

return [
    /**
     * The table name to save your password histories.
     */
    'table_name' => 'password_histories',

    /*
     * The fully qualified class name of the password_histories model.
     */
    'password_history_model' => \Vanthao03596\LaravelPasswordHistory\Models\PasswordHistory::class,

    /*
     * The number of months you want to check against new password.
     */

     'months_to_check' => 12,
];

Usage

To make an Eloquent model store password histories just add the \Vanthao03596\LaravelPasswordHistory\HasPasswordHistory trait to it:

use Illuminate\Database\Eloquent\Model;
use Vanthao03596\LaravelPasswordHistory\HasPasswordHistory;

class YourModel extends Model
{
    use HasPasswordHistory;
    
    ...
}

Validation Rules

And there is a validation rule for you to check the entire password history agaist the new password in laravel validation rules.

use Vanthao03596\LaravelPasswordHistory\Rules\NotInPasswordHistory;
//...

$rules = [
    // ... 
    'password' => [
       'required',
       'confirmed',
       new NotInPasswordHistory(request()->user()),
    ]
    // ... 
];

$this->validate(...);

Cleaning up the log

After using the package for a while you might have recorded a lot of password history. This package provides an artisan command password-history:clean to clean the history.

php artisan password-history:clean
//app/Console/Kernel.php

protected function schedule(Schedule $schedule)
{
   $schedule->command('password-history:clean')->daily();
}

Overwrite the months to keep per call

php artisan password-history:clean --months=6

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

About

Keep a password history of your users to prevent them from reusing the same password like Google, Apple.

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

Add command to clean up password history Latest
Apr 5, 2021
+ 1 release

Sponsor this project

Packages

No packages published

Languages