Prevent users from reusing recently used passwords

Related tags

Laravel rules laravel validation password password-history
Overview

Laravel Password History Validation

Latest Version on Packagist Build Status Quality Score Total Downloads

Prevent users from reusing recently used passwords.

Installation

You can install the package via composer:

composer require infinitypaul/laravel-password-history-validation

Configuration

To get started, you'll need to publish the config file, and migrate the database:

php artisan vendor:publish --tag=password-config

Modify the config file according to your project, then migrate the database

php artisan migrate

Usage

This package will observe the created and updated event of the models (check the config file for settings) and records the password hashes automatically.

In Your Form Request or Inline Validation, All You Need To Do Is Instantiate The NotFromPasswordHistory class passing the current user as an argument

<?php
use Infinitypaul\LaravelPasswordHistoryValidation\Rules\NotFromPasswordHistory;

$this->validate($request, [
            'password' => [
                'required',
                new NotFromPasswordHistory($request->user())
            ]
        ]);

Cleaning Up Old Record - (Optional)

Because We Are Storing The Hashed Password In Your Database, Your Database Can Get Long When You Have Lots Of Users

Add PasswordHistoryTrait To Your User Model

<?php
use Infinitypaul\LaravelPasswordHistoryValidation\Traits\PasswordHistoryTrait;

class User extends Authenticatable
{
    use Notifiable, PasswordHistoryTrait;

}

Then You Can Run The Following Artisan Command

php artisan password-history:clear

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

How can I thank you?

Why not star the github repo? I'd love the attention! Why not share the link for this repository on Twitter or HackerNews? Spread the word!

Don't forget to follow me on twitter!

Thanks! Edward Paul.

License

The MIT License (MIT). Please see License File for more information.

You might also like...
The api help to manage wso2 users from laravel application

Laravel WSO2 Identity API User This is a Laravel library to manage WSO2 IDP users. Installation You can install the package via composer: composer req

Kalyan Halder Raaz 2 Dec 12, 2021
Laravel 5 Package to Detect Users Browsers, Devices, Languages and Operating Systems

laravel-identify Laravel 5 Package to identify a User's Browser, Operating System, Language and Device Installation PHP 7.1+ or HHVM 3.3+, and Compose

Prosper Otemuyiwa 183 Nov 30, 2022
Laravel package for giving admin-created accounts to users via 'set-password' email.

Invytr When making a website where users are created instead of registering themselves, you are faced with the challenge of safely giving users the ac

GlaivePro 64 Jul 17, 2022
Associate users with roles and permissions
Associate users with roles and permissions

Associate users with permissions and roles Sponsor If you want to quickly add authentication and authorization to Laravel projects, feel free to check

Spatie 10.9k Jan 1, 2023
Allow your users to login with FaceID/TouchID

Allow your users to login with FaceID/TouchID Allow your users to register physical authentication devices (FaceID or TouchID on iPhones & macs, finge

Miguel Piedrafita 888 Dec 31, 2022
A Laravel 5.1 ORM example with Nerds as users.

laravel-nerds A Laravel 5.1 ORM example with Nerds as users. App Features Show all Nerds Add a Nerd Edit a Nerd Delete a Nerd Keeps Nerd's Name Keeps

Jeremy Kenedy 6 Aug 20, 2022
Laravel User Activity Log - a package for Laravel 8.x that provides easy to use features to log the activities of the users of your Laravel app
Laravel User Activity Log - a package for Laravel 8.x that provides easy to use features to log the activities of the users of your Laravel app

Laravel User Activity Log - a package for Laravel 8.x that provides easy to use features to log the activities of the users of your Laravel app

null 9 Dec 14, 2022
Worlds (soon to be) most advanced Anime site! Featuring Administration features and everything you need for users and yourself. The successor of aniZero.

/**********************************************************************\ | _____ H33Tx & xHENAI __ 31.01.2022| |

HENAI.eu 40 Jan 3, 2023
Durable workflow engine that allows users to write long running persistent distributed workflows in PHP powered by Laravel queues

Durable workflow engine that allows users to write long running persistent distributed workflows (orchestrations) in PHP powered by Laravel queues. Inspired by Temporal and Azure Durable Functions.

null 268 Dec 27, 2022
Comments
  • Fix issues encountered during implementation

    Fix issues encountered during implementation

    I encountered a few issues during my implementation of your library in my project:

    1. The validation example in the README file had the wrong use statement.
    2. The vendor:publish script created config/password-history-validation.php, but the code was looking for config/password-validation.php. I fixed the publish target.
    3. Running php artisan password-history:clear on an empty or sparsely populated table resulted in a fatal error due to Trying to get property 'id' of a non-object. The call to first() was returning null. I added a check to see if any results were returned before attempting to do the delete.
    4. While reviewing the code in deletePasswordHistory(), I saw that the delete would not work as expected in most cases. Instead of grabbing the most recent password_histories.id for a given user_id, and deleting the id - the quantity of password-history.keep, it now grabs all of the IDs for a given user, and splices() off the most recent password-history.keep of them. This is still dependent upon numerical IDs.

    That last one is a bit complex. Given a table:

    | id | user_id | pw | |-|-|-| | 1 | 10 | ... | | 2 | 20 | ... | | 3 | 30 | ... | | 4 | 10 | ... | | 5 | 20 | ... | | 6 | 30 | ... | | 7 | 10 | ... | | 8 | 20 | ... | | 9 | 30 | ... |

    And given a keep value of 2, the old method would be left with:

    | id | user_id | pw | |-|-|-| | 7 | 10 | ... | | 8 | 20 | ... | | 9 | 30 | ... |

    The new method would be left with:

    | id | user_id | pw | |-|-|-| | 4 | 10 | ... | | 5 | 20 | ... | | 6 | 30 | ... | | 7 | 10 | ... | | 8 | 20 | ... | | 9 | 30 | ... |

    The old method would delete, for instance, all password_histories WHERE user_id = 10 AND id <= (9-2). (That's not how the query is written, but that was the effect of the query).

    The new method would grab all of the password_histories.id WHERE user_id = 10, reverse sort them, and splice off everything after n items. The spliced off items are deleted.

    opened by dharple 1
Releases(1.1.0)
Owner
Paul Edward
Software Developer, CEH, Tech Evangelist
Paul Edward
GitHub https://medium.com/@infinitypaul
MySecureVault is the most secure passwords, notes and files vault on the Internet.

MySecureVault MySecureVault is the most secure passwords, notes and files vault on the Internet. It has been developed with ultimate privacy and secur

MySecureVault 1 Jan 26, 2022
Otpify is a Laravel package that provides a simple and elegant way to generate and validate one time passwords.

Laravel Otpify ?? Introduction Otpify is a Laravel package that provides a simple and elegant way to generate and validate one time passwords. Install

Prasanth Jayakumar 2 Sep 2, 2022
Laravel Users | A Laravel Users CRUD Management Package

A Users Management Package that includes all necessary routes, views, models, and controllers for a user management dashboard and associated pages for managing Laravels built in user scaffolding. Built for Laravel 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 6.0, 7.0 and 8.0.

Jeremy Kenedy 393 Nov 28, 2022
Login system designed by fragX to validate the user and prevent unauthorized access to confidential data.

Login_System v.0.1 Login system designed by fragX to validate the user and prevent unauthorized access to confidential data. ?? Features Sign In and S

fragX 1 Jan 28, 2022
Clean up and prevent empty meta from being saved for Job, Company, or Resume listings in database

=== Empty Meta Cleanup for WP Job Manager === Contributors: tripflex Tags: wp job manager, meta, cleanup, wpjobmanager Requires at least: 5.2 Tested u

Myles McNamara 3 Feb 7, 2022
Laravel Impersonate is a plugin that allows you to authenticate as your users.

Laravel Impersonate Laravel Impersonate makes it easy to authenticate as your users. Add a simple trait to your user model and impersonate as one of y

404lab 1.6k Dec 30, 2022
Talk is a real-time users messaging and chatting system Laravel.

Laravel-Talk Talk is a Laravel 5 based user conversation (inbox) system with realtime messaging. You can easily integrate this package with any Larave

Nahid Bin Azhar 1.5k Dec 30, 2022
A simple Content Moderation System for Laravel 5.* that allows you to Approve or Reject resources like posts, comments, users, etc.

Laravel Moderation A simple Moderation System for Laravel 5.* that allows you to Approve or Reject resources like posts, comments, users, etc. Keep yo

Alex Kyriakidis 509 Dec 30, 2022
Your users do not always report errors, LaraBug does. LaraBug is a simple to use and implement error tracker built for the Laravel framework.

Your users do not always report errors, LaraBug does. LaraBug is a simple to use and implement error tracker built for the Laravel framework. This rep

LaraBug 197 Dec 9, 2022
Laravel plugin to track your users logins and alert when a suspicious login occurs

Laravel Suspicious Logins Detect suspicious logins for standard Laravel authentication (base Laravel, Jetstream, etc) and notify a list of administrat

Advent Development 74 May 1, 2022