Laravel Password Expiry

A simple and customizable package that adds password expiration functionality to your Laravel applications, enhancing user security with regular password rotation

Installation

You can install the package via composer:

composer require beliven-it/laravel-password-expiry

You can publish and run the migrations with:

php artisan vendor:publish --tag="password-expiry-migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --tag="password-expiry-config"

This is the contents of the published config file:

<?php
// config for Beliven/PasswordExpiry
return [
    'days_to_notify_expiration' => (int) env('DAYS_TO_NOTIFY_EXPIRATION', 7),
    'days_to_expire'            => (int) env('DAYS_TO_EXPIRE', 90),
];

The days_to_expire key is the number of days after which the password will expire.

The days_to_notify_expiration key is the number of days before the password expires that the user will be notified.

NOTE: The package not provide any notification. You can create your own notification and use the Beliven\PasswordExpiry\Events\PasswordExpired and Beliven\PasswordExpiry\Events\PasswordExpiring events.

Usage

Trait

The library allow to apply a trait in your own models.

Let's try to use in the User model:

<?php

namespace App\Models;

use Beliven\PasswordExpiry\Traits\HasPasswordExpiration;

class User extends Authenticatable
{
    use HasPasswordExpiration;
    // ... other code
}

Now, when you create / update a user password, a new record will be created in the model_password_changes table.

<?php

$user->password = $password_from_request;
$user->save();

// This action create a new record in the model_password_changes table

You can also obtain the password expiration date using the password_expires_at attribute.

<?php

$user->password_expires_at;

The trait also provides a method to attempt to clear the password if expired.

<?php

$user->tryClearPassword();

If the user doesn't have a password expired nothing will happen.

Commands

The package provides a command to check for expiring and expired passwords.

php artisan password-expiry:check

This command is useful to be scheduled to run daily.

<?php

$schedule->command('password-expiry:check')->daily();

Events

The package provides the following events:

• Beliven\PasswordExpiry\Events\PasswordExpired: This event is fired when a password is expired.
• Beliven\PasswordExpiry\Events\PasswordExpiring: This event is fired when a password is expiring.

These events will be triggered when the password-expiry:check command is executed or via the facade:

<?php

use Beliven\PasswordExpiry\Facades\PasswordExpiry;

PasswordExpiry::checkPasswords();

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

• Fabrizio Gortani
• All Contributors

License

The MIT License (MIT). Please see License File for more information.