PHP Classes

Laravel Password History Validation: Prevent users from reusing recently used passwords

Recommend this page to a friend!
  Info   View files Documentation   View files View files (26)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2020-03-11 (1 month ago) RSS 2.0 feedNot yet rated by the usersTotal: 33 This week: 1All time: 9,846 This week: 364Up
Version License PHP version Categories
laravel-password-his 1.0Custom (specified...5PHP 5, User Management, Libraries, Se...
Description Author

This package can be used to prevent users from reusing recently used passwords.

It can observe events for creating or updating user model objects, so it can track changes in the user password to keep records of hashes of previously used passwords.

The package also provides provides a class that can be used to validate a password form field value by looking at the history of passwords used previously by the current user that may be trying to change his current password.

Innovation Award
PHP Programming Innovation award nominee
March 2020
Number 6
One way to make systems more secure is to allow the users to use stronger passwords. This means that among other aspects the user must not use a password that was used in the past.

This package provides a solution that can be used with Laravel based PHP applications to keep track of hashes of the user passwords that were used over time.

So when he changes a password, the system is able to check if the password was used before. At the same time this package will not disclose previous passwords as it only stores hashes of old passwords.

Manuel Lemos
  Performance   Level  
Name: Edward Paul <contact>
Classes: 4 packages by
Country: Nigeria Nigeria
Innovation award
Innovation award
Nominee: 2x

 

Details

Laravel Password History Validation

Latest Version on Packagist Build Status Quality Score Total Downloads

Prevent users from reusing recently used passwords.

Installation

You can install the package via composer:

composer require infinitypaul/laravel-password-history-validation

Configuration

To get started, you'll need to publish the config file, and migrate the database:

php artisan vendor:publish --tag=password-history

Modify the config file according to your project, then migrate the database

php artisan migrate

Usage

This package will observe the created and updated event of the models (check the config file for settings) and records the password hashes automatically.

In Your Form Request or Inline Validation, All You Need To Do Is Instantiate The NotFromPasswordHistory class passing the current user as an argument

<?php
use Infinitypaul\LaravelPasswordHistoryValidation\Models\PasswordHistoryRepo;

$this->validate($request, [
            'password' => [
                'required',
                new NotFromPasswordHistory($request->user())
            ]
        ]);

Cleaning Up Old Record - (Optional)

Because We Are Storing The Hashed Password In Your Database, Your Database Can Get Long When You Have Lots Of Users

Add PasswordHistoryTrait To Your User Model

<?php
use Infinitypaul\LaravelPasswordHistoryValidation\Traits\PasswordHistoryTrait;

class User extends Authenticatable
{
    use Notifiable, PasswordHistoryTrait;

}

Then You Can Run The Following Artisan Command

php artisan password-history:clear

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email infinitypaul@live.com instead of using the issue tracker.

How can I thank you?

Why not star the github repo? I'd love the attention! Why not share the link for this repository on Twitter or HackerNews? Spread the word!

Don't forget to follow me on twitter!

Thanks! Edward Paul.

License

The MIT License (MIT). Please see License File for more information.

  Files folder image Files  
File Role Description
Files folder image.idea (5 files)
Files folder imageconfig (1 file)
Files folder imagedatabase (1 directory)
Files folder imagesrc (1 file, 5 directories)
Files folder imagetests (1 file)
Accessible without login Plain text file .editorconfig Data Auxiliary data
Accessible without login Plain text file .phpunit.result.cache Data Auxiliary data
Accessible without login Plain text file .scrutinizer.yml Data Auxiliary data
Accessible without login Plain text file .styleci.yml Data Auxiliary data
Accessible without login Plain text file .travis.yml Data Auxiliary data
Accessible without login Plain text file CHANGELOG.md Data Auxiliary data
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file CONTRIBUTING.md Data Auxiliary data
Accessible without login Plain text file LICENSE.md Lic. License text
Accessible without login Plain text file phpunit.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  .idea  
File Role Description
  Accessible without login Plain text file laravel-password-history-validation.iml Data Auxiliary data
  Accessible without login Plain text file misc.xml Data Auxiliary data
  Accessible without login Plain text file modules.xml Data Auxiliary data
  Accessible without login Plain text file php.xml Data Auxiliary data
  Accessible without login Plain text file vcs.xml Data Auxiliary data

  Files folder image Files  /  config  
File Role Description
  Plain text file passwordHistory.php Class Class source

  Files folder image Files  /  database  
File Role Description
Files folder imagemigrations (1 file)

  Files folder image Files  /  database  /  migrations  
File Role Description
  Plain text file 2019_12_02_141717_...d_history_table.php Class Class source

  Files folder image Files  /  src  
File Role Description
Files folder imageConsole (1 file)
Files folder imageModels (2 files)
Files folder imageObservers (1 file)
Files folder imageRules (1 file)
Files folder imageTraits (1 file)
  Plain text file LaravelPasswordHis...ServiceProvider.php Class Class source

  Files folder image Files  /  src  /  Console  
File Role Description
  Plain text file ClearOldPasswordHistory.php Class Class source

  Files folder image Files  /  src  /  Models  
File Role Description
  Plain text file PasswordHistory.php Class Class source
  Plain text file PasswordHistoryRepo.php Class Class source

  Files folder image Files  /  src  /  Observers  
File Role Description
  Plain text file UserObserver.php Class Class source

  Files folder image Files  /  src  /  Rules  
File Role Description
  Plain text file NotFromPasswordHistory.php Class Class source

  Files folder image Files  /  src  /  Traits  
File Role Description
  Plain text file PasswordHistoryTrait.php Class Class source

  Files folder image Files  /  tests  
File Role Description
  Plain text file ExampleTest.php Class Class source

 Version Control Unique User Downloads Download Rankings  
 100%
Total:33
This week:1
All time:9,846
This week:364Up

For more information send a message to info at phpclasses dot org.