Feat: history password#1659
Open
pandigresik wants to merge 3 commits into
Open
Conversation
Contributor
|
🔄 AI PR Review sedang antri di server...
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat: Terapkan Password History (10 Kata Sandi Terakhir)
Deskripsi
Menerapkan mekanisme Password History yang mencegah pengguna menggunakan kembali kata sandi yang pernah digunakan sebelumnya. Sistem menyimpan maksimal 10 kata sandi terakhir untuk setiap akun dan melakukan validasi pada setiap proses perubahan maupun reset kata sandi. Apabila kata sandi baru sama dengan salah satu dari 10 kata sandi terakhir, proses akan ditolak dengan pesan kesalahan.
Perubahan
Migrasi —
database/migrations/2026_07_13_000001_create_password_histories_table.phppassword_historiesdengan kolomuser_id(foreign key ke users),password(bcrypt hash), dan timestamps.Model Baru —
app/Models/PasswordHistory.phpHasFactorydan relasibelongsTo(User::class).Service Baru —
app/Services/PasswordHistoryService.phpisPasswordReused(User $user, string $password): bool— memeriksa apakah password sudah pernah digunakan (current + history).storeCurrentPassword(User $user): void— menyimpan password saat ini ke riwayat lalu memangkas ke 10.prune(User $user): void— mempertahankan hanya 10 riwayat terbaru.Custom Validation Rule —
app/Rules/NotInPasswordHistory.phpObserver —
app/Observers/UserObserver.phpsaving: otomatis menyimpan password lama ke riwayat sebelum diubah.saved: otomatis memangkas riwayat ke maksimal 10 setelah perubahan.Modifikasi User Model —
app/Models/User.phppasswordHistories()(hasMany).UserObserverdi methodbooted().Validasi di FormRequest — 3 file berubah:
ChangePasswordRequest— tambahnew NotInPasswordHistory()untuk ubah password profil.ChangeRequest— tambahnew NotInPasswordHistory()untuk ubah password default pertama login.UserUpdateRequest— tambahnew NotInPasswordHistory($targetUser)untuk reset password oleh admin.Validasi di Reset Password via Email —
app/Http/Controllers/Auth/ResetPasswordController.phpresetPassword()untuk memeriksa riwayat sebelum menyimpan password baru (tidak ada FormRequest khusus untuk flow ini).Translasi —
lang/id/passwords.phpdanlang/en/passwords.phphistory_founddengan pesan error dalam Bahasa Indonesia dan Inggris.Factory —
database/factories/PasswordHistoryFactory.phpUnit Test Service —
tests/Unit/Services/PasswordHistoryServiceTest.php(17 test cases)isPasswordReused— 6 skenario (match current, match history, not found, no history, multiple entries, other users ignored).storeCurrentPassword— 3 skenario (create record, preserve user password, store hash correctly).prune— 4 skenario (within limit, trim to 10, remove oldest, preserve 10 recent).Feature Test —
tests/Feature/Auth/PasswordHistoryTest.php(13 test cases)Alasan
Meningkatkan keamanan akun pengguna dengan mencegah penggunaan ulang kata sandi lama sesuai standar keamanan yang lebih baik. Mengurangi risiko kompromi akun akibat kebiasaan pengguna menggunakan kembali kata sandi yang sama secara periodik.
Dampak
Related Issue
#1646
Steps to Reproduce
Sebelum
Password1!, laluPassword2!, laluPassword1!lagi.Sesudah
Password1!, laluPassword2!, laluPassword1!lagi.Testing Checklist
Automated Tests
php artisan test --filter=PasswordHistoryServiceTest— 17 test cases (unit)php artisan test --filter=PasswordHistoryTest— 13 test cases (feature)php artisan test --filter=PasswordTest— 3 test cases (existing, masih pass)Manual Testing
Technical Details
Arsitektur
Alur Validasi
NotInPasswordHistoryrule dijalankan:Hash::check(password_baru, password_saat_ini)→ jika cocok, tolak.Hash::check(password_baru, riwayat_hash)→ jika cocok, tolak.$user->save()memicu Observer.saving: simpan password lama kepassword_histories.saved: panggilprune()→ buang riwayat paling tua jika > 10.Keamanan
Breaking Changes
Tidak ada. Semua perubahan bersifat non-breaking dan kompatibel mundur.
Total Perubahan
Video
simplescreenrecorder-2026-07-14_05.54.14.mp4