Prevent users from reusing recently used passwords.
You can install the package via composer:
composer require infinitypaul/laravel-password-history-validationTo get started, you'll need to publish the config file, and migrate the database:
php artisan vendor:publish --tag=password-configModify the config file according to your project, then migrate the database
php artisan migrateThis package will observe the created and updated event of the models (check the config file for settings) and records the password hashes automatically.
In Your Form Request or Inline Validation, All You Need To Do Is Instantiate The NotFromPasswordHistory class passing the current user as an argument
<?php
use Infinitypaul\LaravelPasswordHistoryValidation\Rules\NotFromPasswordHistory;
$this->validate($request, [
'password' => [
'required',
new NotFromPasswordHistory($request->user())
]
]);Because We Are Storing The Hashed Password In Your Database, Your Database Can Get Long When You Have Lots Of Users
Add PasswordHistoryTrait To Your User Model
<?php
use Infinitypaul\LaravelPasswordHistoryValidation\Traits\PasswordHistoryTrait;
class User extends Authenticatable
{
use Notifiable, PasswordHistoryTrait;
}Then You Can Run The Following Artisan Command
php artisan password-history:clearPlease see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email infinitypaul@live.com instead of using the issue tracker.
Why not star the github repo? I'd love the attention! Why not share the link for this repository on Twitter or HackerNews? Spread the word!
Don't forget to follow me on twitter!
Thanks! Edward Paul.
The MIT License (MIT). Please see License File for more information.