Automatically Detect and Rehash Passwords


September 24th, 2020


Laravel Auto Rehash is a package by Samson Endale that automates the common password “needs rehash” routine by hooking into the built-in event system. You install this package, and it takes care of automatically rehashing user passwords during login.

When you decide to change the default hashing algorithm or change the cost factor bcrypt, your changes only reflect new registrants or existing users changing their password.

This package works by listening for the built-en Attempting event and validate the credentials using built-in authentication features. If the user’s password needs it, this package automatically rehashes the password and update the model.

Here’s the package’s event listener handler:

1public function handle(Attempting $event)
3 $user = $this->provider->retrieveByCredentials($event->credentials);
5 if (!is_null($user) && $this->validCredentials($event) && $this->passwordNeedsRehash($user)) {
6 $this->passwordUpdateRehash($user, $event->credentials['password']);
7 }

You can learn more about this package, get full installation instructions, and view the source code on GitHub at laravel-needs-auto-rehash.

Filed in:

Paul Redmond

Full stack web developer. Author of Lumen Programming Guide and Docker for PHP Developers.