Automatically Detect and Rehash Passwords

Automatically Detect and Rehash Passwords

Laravel Auto Rehash is a package by Samson Endale that automates the common password “needs rehash” routine by hooking into the built-in event system. You install this package, and it takes care of automatically rehashing user passwords during login.

When you decide to change the default hashing algorithm or change the cost factor bcrypt, your changes only reflect new registrants or existing users changing their password.

This package works by listening for the built-en Attempting event and validate the credentials using built-in authentication features. If the user’s password needs it, this package automatically rehashes the password and update the model.

Here’s the package’s event listener handler:

public function handle(Attempting $event)
    $user = $this->provider->retrieveByCredentials($event->credentials);

    if (!is_null($user) && $this->validCredentials($event) && $this->passwordNeedsRehash($user)) {
        $this->passwordUpdateRehash($user, $event->credentials['password']);

You can learn more about this package, get full installation instructions, and view the source code on GitHub at laravel-needs-auto-rehash.

Filed in: News


Join 31,000+ others and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Laravel Developer
EC Pro
Senior Full-Stack Engineer
[REMOTE: USA Only] All Other Applications Will be Rejected Immediately"
Senior Full Stack PHP Developer
Motto Design Studio
Software Engineer
Remote, USA Only
Grow Progress
Lead Backend PHP Developer
Hamburg, Deutschland