PHPackages inventas/laravel-password-compliance - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. inventas/laravel-password-compliance ActiveLibrary[Authentication & Authorization](/categories/authentication) inventas/laravel-password-compliance ==================================== Enforce password change for next login in a Laravel app. v0.1.6(7mo ago)054↓100%[4 PRs](https://github.com/Inventas/laravel-password-compliance/pulls)MITPHPPHP ^8.4CI passing Since Sep 27Pushed 1mo agoCompare [ Source](https://github.com/Inventas/laravel-password-compliance)[ Packagist](https://packagist.org/packages/inventas/laravel-password-compliance)[ Docs](https://github.com/inventas/laravel-password-compliance)[ GitHub Sponsors](https://github.com/Inventas)[ RSS](/packages/inventas-laravel-password-compliance/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (12)Versions (10)Used By (0) Laravel Password Compliance =========================== [](#laravel-password-compliance) Enforce forced password resets in your Laravel application. This package lets you mark users as requiring a password change and redirect them to a dedicated change-password page using a middleware. It provides a small programmatic API, a convenient trait for your Authenticatable model, and a middleware alias you can attach to routes. Installation ------------ [](#installation) You can install the package via composer: ``` composer require inventas/laravel-password-compliance ``` You can publish and run the migrations with: ``` php artisan vendor:publish --tag="password-compliance-migrations" php artisan migrate ``` You can publish the config file with: ``` php artisan vendor:publish --tag="password-compliance-config" ``` This is the contents of the published config file: ``` return [ ]; ``` Optionally, you can publish the views using ``` php artisan vendor:publish --tag="password-compliance-views" ``` Overview -------- [](#overview) - Programmatic API to require a user to change their password. - Middleware alias `password.compliance` which redirects users that must change their password to a configured route or URL. - A trait `RequiresPasswordChange` you can add to your Authenticatable model for convenience methods and relationship access. Configuration ------------- [](#configuration) The published config file is `config/password-compliance.php` and contains a few options: - `redirect_route` — optional route name to redirect users to (recommended) - `redirect_url` — fallback URL when `redirect_route` is not set - `exempt_routes` — an array of route names which should be exempt from the middleware (useful for the change-password route itself) - `guard` — optional guard name to check for the authenticated user Example (config/password-compliance.php): ``` return [ 'redirect_route' => 'password.change', 'redirect_url' => '/password/change', 'exempt_routes' => ['password.change'], 'guard' => null, ]; ``` Usage ----- [](#usage) ### Trait [](#trait) Add the trait to your `User` model: ``` use Inventas\PasswordCompliance\Traits\RequiresPasswordChange; class User extends Authenticatable { use RequiresPasswordChange; } ``` This trait provides these convenience methods: - `$user->requirePasswordChange($until = null, $reason = null)` — mark the user as required to change their password until an optional time (pass `null` for indefinite). - `$user->clearPasswordRequirement()` — clear the requirement for the user. - `$user->isPasswordChangeRequired()` — check whether the user currently must change their password. - `$user->passwordCompliance()` — a `morphOne` relation to the underlying database record. ### Programmatic API / Facade [](#programmatic-api--facade) The package exposes a small service and a facade. Use the facade if you prefer a static-looking interface: ``` use Inventas\PasswordCompliance\Facades\PasswordCompliance; // require indefinitely PasswordCompliance::requirePasswordChange($user, null, 'Admin forced reset'); // require until a date PasswordCompliance::requirePasswordChange($user, now()->addDays(7)); // clear PasswordCompliance::clearRequirement($user); ``` ### Middleware [](#middleware) The middleware alias `password.compliance` is registered by the package. Attach it to routes or route groups to ensure users who are required to change their password are redirected: ``` Route::middleware(['auth', 'password.compliance'])->group(function () { // protected routes }); ``` The middleware will: - skip unauthenticated requests - skip API/JSON requests by default (so APIs won't receive HTML redirects) - skip routes listed in `exempt_routes` in the config - redirect to the named route in `redirect_route` or to `redirect_url` if the route is not set Testing ------- [](#testing) The package includes Pest tests. Run them with: ``` vendor/bin/pest ``` Contributing ------------ [](#contributing) Contributions are very welcome. Please open issues or PRs. If you add functionality, include tests (Pest) and keep backwards compatibility where possible. License ------- [](#license) The package is open-sourced software licensed under the MIT license. ### Health Score 39 — LowBetter than 86% of packages Maintenance79 Regular maintenance activity Popularity9 Limited adoption so far Community9 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 90% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 6 Last Release 216d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/eb9f778ee50e9e2e2bcf37ef735ffa008c72fd47de55ab9e48b6b5eaaf6ae1e5?d=identicon)[Inventas](/maintainers/Inventas) --- Top Contributors [![LambdaDigamma](https://avatars.githubusercontent.com/u/19361610?v=4)](https://github.com/LambdaDigamma "LambdaDigamma (18 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)") --- Tags laravelloginpasswordlaravelInventaslaravel-password-compliance ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/inventas-laravel-password-compliance/health.svg) ``` [![Health](https://phpackages.com/badges/inventas-laravel-password-compliance/health.svg)](https://phpackages.com/packages/inventas-laravel-password-compliance) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[jeffgreco13/filament-breezy A custom package for Filament with login flow, profile and teams support. 1.0k1.7M41](/packages/jeffgreco13-filament-breezy)[spatie/laravel-login-link Quickly login to your local environment 4381.2M1](/packages/spatie-laravel-login-link)[ryangjchandler/laravel-cloudflare-turnstile A simple package to help integrate Cloudflare Turnstile. 438896.6k2](/packages/ryangjchandler-laravel-cloudflare-turnstile)[spatie/laravel-passkeys Use passkeys in your Laravel app 444494.4k16](/packages/spatie-laravel-passkeys) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)