The Laravel package maintains encrypted user password history so that you can prevent users from using a previously used password.
You can install the package via composer:
composer require chrysanthos/password-historyThe package service provider is registered automatically and a migration is provided to be run.
Run your migrations
php artisan migrateIn your App\Http\Controllers\Auth\ResetPasswordController override Laravel's default rules method with the following
use Chrysanthos\PasswordHistory\Rules\NoOldPasswords;
/**
* Get the password reset validation rules.
*
* @return array
*/
protected function rules()
{
return [
'token' => 'required',
'email' => 'required|email',
'password' => [
'required', 'confirmed', 'min:8',
new NoOldPasswords(User::whereEmail(request('email'))->first()->id, request('password'))
],
];
}Note: In case you changed the default Laravel auth ResetPasswordController you will need to dispatch the PasswordReset event that Laravel includes out of the box.
use Illuminate\Auth\Events\PasswordReset;
event(new PasswordReset($user));composer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please send me a message on twitter (@chrysanthos_cy) instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.