/lara-pass-policy

Laravel Password History Policy

Primary LanguagePHPMIT LicenseMIT

Laravel Password Policy

Latest Version on Packagist Total Downloads Donate

Installation

You can install the package via composer:

composer require afiqiqmal/lara-pass-policy

You can publish and run the migrations with:

php artisan vendor:publish --provider="Afiqiqmal\LaraPassPolicy\LaraPassPolicyServiceProvider" --tag="migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --provider="Afiqiqmal\LaraPassPolicy\LaraPassPolicyServiceProvider" --tag="config"

Out of the box, this package provide a view (Blade and Vue templates) to allow users to change own password. If you want to customize the default page you can publish the views with:

php artisan vendor:publish --provider="Afiqiqmal\LaraPassPolicy\LaraPassPolicyServiceProvider" --tag="views"

and customize as you like in:

  • resources/views/auth/verify-password-change.blade.php, for standard stack (Blade templates)
  • resource/js/Pages/Auth/VerifyPasswordChange.vue, if your stack integrate Inertia

Then, be sure to specify the view name in config/lara-pass-policy.views.password-changed.

NOTE: Currently, only Vue stack are supported out of the box: for React/Svelte stack you must create a new page component in resources/js/Pages/Auth, just like the Vue page provided.

Usage

Add HasPasswordPolicy trait to the authenticable model

Add MustVerifyPasswordPolicy interface to the authenticable model

class User extends Authenticable implements MustVerifyPasswordPolicy
{
     use HasPasswordPolicy;
     ...
     ...
}

Add Middleware

Add EnsurePasswordIsChanged middleware in $routeMiddleware

protected $routeMiddleware = [
    ...
    'password_changed' => EnsurePasswordIsChanged::class,
    ...
];

so you can attach it to your routes:

// routes/web.php

Route::middleware(['auth', 'password_changed'])->group(function () {
    return view('welcome');
});

Translations.

You may translate the package string messages (defined in config lara-pass.messages) adding the translated strings in lang/<locale>.json files.

Environment settings.

If you want to disable Password Policy on specific environment (ex: local) set to false this variable in .env file:

# Set to false to disable password policy.
PASSWORD_POLICY_ENABLED=false

You may also customize the number of days before the passwords expire setting the variable in .env file:

# Set to false to disable password policy.
PASSWORD_LIFETIME=30

Validation rules.

If you need to apply your own default password rules, you should define a defaults callback within the boot method of one of your application's service providers, as described in Laravel docs: this package will validate new passwords against those defaults.

Credits

License

The MIT License (MIT). Please see License File for more information.