[PR #4837] [CLOSED] Added password history, complexity, and expiry validations #6414

New Issue

Closed

opened 2026-02-05 10:31:38 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-05 10:31:38 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/4837
Author: @bosaleh
Created: 2/12/2024
Status: ❌ Closed

Base: development ← Head: development

---

📝 Commits (4)

• 6cb7c1c add password history, complexity, and expiry validations
• 2e76258 added translations for password history errors
• 9672d79 fixed dependencies
• 9a41c1b added useful comments

📊 Changes

10 files changed (+187 additions, -2 deletions)

View changed files

📝 .env.example.complete (+21 -0)
📝 app/Access/Controllers/LoginController.php (+9 -0)
📝 app/Access/Controllers/ResetPasswordController.php (+10 -1)
📝 app/Access/Controllers/UserInviteController.php (+8 -0)
📝 app/App/Providers/AuthServiceProvider.php (+9 -1)
➕ app/Exceptions/PasswordHistoryException.php (+7 -0)
➕ app/Users/Models/PasswordHistory.php (+62 -0)
📝 app/Users/UserRepo.php (+9 -0)
➕ database/migrations/2024_01_28_112712_create_password_histories_table.php (+46 -0)
📝 lang/en/errors.php (+6 -0)

📄 Description

This PR implements the following validations for passwords:

1- Password history: stops the user from re-using a password they have previously used. The number of passwords to be validated can be set in the PASSWORD_HISTORY environment variable.

2- Password expiry: forces the user to reset their password after a specified period. The number of days before expiry can be set in the PASSWORD_MAX_AGE environment variable.

3- Password lock: Stops the password from being changed until a specified period has elapsed. The number of days until a password can be changed can be set in the PASSWORD_MIN_AGE environment variable.

4- Password complexity: uses Laravel's built-in password validation to enforce password policies that can be set as environment variables. Please see .env.example.complete for the complete list of complexity validations.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/4837 **Author:** [@bosaleh](https://github.com/bosaleh) **Created:** 2/12/2024 **Status:** ❌ Closed **Base:** `development` ← **Head:** `development` --- ### 📝 Commits (4) - [`6cb7c1c`](https://github.com/BookStackApp/BookStack/commit/6cb7c1cb33ed2cea211eb554d3a73b70824c6dd1) add password history, complexity, and expiry validations - [`2e76258`](https://github.com/BookStackApp/BookStack/commit/2e762586b671fec87c085b3a909621403d5ec2a6) added translations for password history errors - [`9672d79`](https://github.com/BookStackApp/BookStack/commit/9672d79a2dc6159b96a09d2082f0b091ceb1ced2) fixed dependencies - [`9a41c1b`](https://github.com/BookStackApp/BookStack/commit/9a41c1bd506d63d60c0229391c2bdfe9b234b749) added useful comments ### 📊 Changes **10 files changed** (+187 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.env.example.complete` (+21 -0) 📝 `app/Access/Controllers/LoginController.php` (+9 -0) 📝 `app/Access/Controllers/ResetPasswordController.php` (+10 -1) 📝 `app/Access/Controllers/UserInviteController.php` (+8 -0) 📝 `app/App/Providers/AuthServiceProvider.php` (+9 -1) ➕ `app/Exceptions/PasswordHistoryException.php` (+7 -0) ➕ `app/Users/Models/PasswordHistory.php` (+62 -0) 📝 `app/Users/UserRepo.php` (+9 -0) ➕ `database/migrations/2024_01_28_112712_create_password_histories_table.php` (+46 -0) 📝 `lang/en/errors.php` (+6 -0) </details> ### 📄 Description This PR implements the following validations for passwords: 1- Password history: stops the user from re-using a password they have previously used. The number of passwords to be validated can be set in the PASSWORD_HISTORY environment variable. 2- Password expiry: forces the user to reset their password after a specified period. The number of days before expiry can be set in the PASSWORD_MAX_AGE environment variable. 3- Password lock: Stops the password from being changed until a specified period has elapsed. The number of days until a password can be changed can be set in the PASSWORD_MIN_AGE environment variable. 4- Password complexity: uses Laravel's built-in password validation to enforce password policies that can be set as environment variables. Please see .env.example.complete for the complete list of complexity validations. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-05 10:31:38 +03:00

OVERLORD closed this issue 2026-02-05 10:31:42 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6414