l0max/password-history-checker

Password history checker in laravel

Maintainers

Details

github.com/L0MAX/laravel-password-history-checker

Homepage

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

pkg:composer/l0max/password-history-checker

v1.0.1 2025-01-03 01:11 UTC

Requires

MIT cf04e4d10490ecf3ad4cccf7419ad1d15d0d1e1d

  • L0MAX <ankahdonatus.woop@gmail.com>

phplaravelLaravel-Securitylaravel-loginlaravel-packagelaravel-passwordlaravel-authentication

This package is auto-updated.

Last update: 2025-10-01 00:17:00 UTC

README

Latest Version Total Downloads

A Laravel package that prevents users from resetting their password to one they have used before. This package ensures that password reuse is restricted by checking against a history of previously used passwords.

Features

  • Prevents users from reusing old passwords.
  • Customizable password history depth (how many previous passwords to check).
  • Simple integration with Laravel's built-in authentication system.

Installation

To install the package, run the following command:

composer require l0max/laravel-password-history

Configuration

After installation, you need to publish the configuration file to customize the package behavior:

php artisan vendor:publish --tag=password-history-checker-config

This will publish a configuration file named password-history-checker.php in your config directory. You can modify the number of passwords to keep in history and customize other settings.

The configuration file looks like this:

return [
    'password_history_count' => 5, // The number of previous passwords to check
];

Usage

Middleware Setup

To prevent users from using previous passwords when resetting their passwords, add the middleware provided by this package to your password reset routes.

In your routes/web.php or routes/api.php:

use L0MAX\PasswordHistoryChecker\Middleware\PreventPasswordReuse;

Route::post('/password/reset', 'Auth\ResetPasswordController@reset')
    ->middleware(PreventPasswordReuse::class);

This middleware will ensure that users cannot reuse any of the last password_history_count passwords they have used.

How it Works

The package checks a user's password against their previous passwords before allowing them to reset it. You can configure how many previous passwords are stored in the history by modifying the password_history_count in the configuration file.

The system uses a password_histories table to store the history of passwords for each user.

Running Migrations

The package includes a migration that adds a table to store the password history. Run the migrations after installing the package:

php artisan migrate

This will create a password_histories table to store user IDs and hashed passwords. This table is used to check previous passwords during the password reset process.

Testing

To run the package's tests:

composer test

License

This package is open-sourced software licensed under the MIT license.