This package allows you to keep track of the last passwords used by a user.
You can install the package via composer:
composer require beliven-it/laravel-password-historyYou can publish and run the migrations with:
php artisan vendor:publish --tag="password-history-migrations"
php artisan migrateYou can publish the config file with:
php artisan vendor:publish --tag="password-history-config"This is the contents of the published config file:
return [
// Use -1 for unlimited history
'depth' => (int) env('PASSWORD_HISTORY_DEPTH', 10),
];The only value configurable is the depth of the password history. This value is the number of passwords that will be stored in the history. When a user tries to set a password that is in the history, the validation will fail.
The library allow to apply a trait in your own models.
Let's try to use in the User model:
<?php
namespace App\Models;
use Beliven\PasswordHistory\Traits\HasPasswordHistory;
class User extends Authenticatable
{
use HasPasswordHistory;
// ... other code
}Now, when you need to create / update a user password you can use the following procedure:
$user->password = $password_from_request;
$user->save();You can also use a rule in your request validation:
<?php
namespace App\Http\Requests\Auth;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rules\Password;
use Beliven\PasswordHistory\Rules\HasPasswordInHistory;
class UpdatePasswordRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
return true;
}
/**
* Get the validation rules that apply to the request.
*/
public function rules(): array
{
return [
'password_current' => 'required|current_password:api|max:100',
'password' => [
'required',
'confirmed',
'string',
Password::min(8)
->mixedCase()
->numbers()
->symbols()
->uncompromised(),
new HasPasswordInHistory($this->user()),
],
];
}
}Warning!!:
For password checking is important to provide the plain text password and NOT the hashed password. otherwise an exception will be thrown. Make sure to check your code before using this package.
<?php
# Allowed
$user->password = 'password';
# Not allowed
$user->password = Hash::make('password');
# This throw an exception of type PasswordAlreadyHashedExceptioncomposer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.