Installation & setup | laravel-one-time-passwords | Spatie

 SPATIE

  Laravel One-Time Passwords
=============================

spatie.be/open-source

  [Docs](https://spatie.be/docs)  [Laravel-one-time-passwords](https://spatie.be/docs/laravel-one-time-passwords/v2)  Installation & setup

 Version   v2   v1

 Other versions for crawler [v2](https://spatie.be/docs/laravel-one-time-passwords/v2) [v1](https://spatie.be/docs/laravel-one-time-passwords/v1)

- [ Introduction ](https://spatie.be/docs/laravel-one-time-passwords/v2/introduction)
- [ Support us ](https://spatie.be/docs/laravel-one-time-passwords/v2/support-us)
- [ Installation & setup ](https://spatie.be/docs/laravel-one-time-passwords/v2/installation-setup)
- [ Questions and issues ](https://spatie.be/docs/laravel-one-time-passwords/v2/questions-issues)
- [ Changelog ](https://spatie.be/docs/laravel-one-time-passwords/v2/changelog)
- [ About us ](https://spatie.be/docs/laravel-one-time-passwords/v2/about-us)

Basic usage
-----------

- [ Introducing one-time-passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/introducing-one-time-passwords)
- [ Creating one-time passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/creating-one-time-passwords)
- [ Configuring notifications ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/configuring-notifications)
- [ Consuming one-time passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/consuming-one-time-passwords)
- [ Using the Livewire component ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/using-the-livewire-component)

Configuring security
--------------------

- [ Introduction ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/introduction)
- [ Enforcing origin ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/enforcing-origin)
- [ Configuring password format ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/configuring-password-format)
- [ Allowing multiple passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/allowing-multiple-passwords)
- [ Setting default expiration time ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/setting-default-expiration-time)

Advanced usage
--------------

- [ Customizing actions ](https://spatie.be/docs/laravel-one-time-passwords/v2/advanced-usage/customizing-actions)
- [ Using your own model ](https://spatie.be/docs/laravel-one-time-passwords/v2/advanced-usage/using-your-own-model)
- [ Handling events ](https://spatie.be/docs/laravel-one-time-passwords/v2/advanced-usage/handling-events)

 Installation & setup
========================

###  On this page

1. [ Migrating the database ](#content-migrating-the-database)
2. [ Preparing your model ](#content-preparing-your-model)
3. [ Deleting expired one-time passwords ](#content-deleting-expired-one-time-passwords)
4. [ Publishing the config file ](#content-publishing-the-config-file)

You can install the package via composer:

```
composer require spatie/laravel-one-time-passwords
```

Migrating the database
--------------------------------------------------------------------------------------------------------------------------

This package can store one-time passwords in the database. You can create the `one_time_passwords` table by publishing and running the migrations.

```
php artisan vendor:publish --tag="one-time-passwords-migrations"
php artisan migrate
```

Preparing your model
--------------------------------------------------------------------------------------------------------------------

You should let your `User` model use the `HasOneTimePasswords` trait.

```
namespace App\Models;

use Spatie\OneTimePasswords\Models\Concerns\HasOneTimePasswords;

class User
{
    use HasOneTimePasswords;

    // ...
}
```

Deleting expired one-time passwords
-----------------------------------------------------------------------------------------------------------------------------------------------------------------

This package uses [the `MassPrunable` trait provided by Laravel](https://laravel.com/docs/12.x/eloquent#pruning-models).

To delete expired one-time password, you can add the `model:prune` command to your schedule.

Here's an example where expired one-time passwords are deleted daily.

```
use Spatie\OneTimePasswords\Models\OneTimePassword;

Schedule::command('model:prune', [
    '--model' => [OneTimePassword::class],
])->daily();
```

Publishing the config file
--------------------------------------------------------------------------------------------------------------------------------------

Optionally, you can publish the `one-time-passwords` config file with this command.

```
php artisan vendor:publish --tag="one-time-passwords-config"
```

This is the content of the published config file:

```
return [
    /*
     * One time passwords should be consumed within this number of minutes
     */
    'default_expires_in_minutes' => 2,

    /*
     * When this setting is active, we'll delete all previous one-time passwords for
     * a user when generating a new one
     */
    'only_one_active_one_time_password_per_user' => true,

    /*
     * When this option is active, we'll try to ensure that the one-time password can only
     * be consumed on the platform where it was requested on
     */
    'enforce_same_origin' => true,

    /*
     * This class is responsible to enforce that the one-time password can only be consumed on
     * the platform it was requested on.
     *
     * If you do not wish to enforce this, set this value to
     * Spatie\OneTimePasswords\Support\OriginInspector\DoNotEnforceOrigin
     */
    'origin_enforcer' => Spatie\OneTimePasswords\Support\OriginInspector\DefaultOriginEnforcer::class,

    /*
     * This class generates a random password
     */
    'password_generator' => Spatie\OneTimePasswords\Support\PasswordGenerators\NumericOneTimePasswordGenerator::class,

    /*
     * By default, the password generator will create a password with
     * this number of digits
     */
    'password_length' => 6,

    'redirect_successful_authentication_to' => '/dashboard',

    /*
     * These values are used to rate limit the number of attempts
     * that may be made to consume a one-time password.
     */
    'rate_limit_attempts' => [
        'max_attempts_per_user' => 5,
        'time_window_in_seconds' => 60,
    ],

    /*
     * The model uses to store one-time passwords
     */
    'model' => Spatie\OneTimePasswords\Models\OneTimePassword::class,

    /*
     * The notification used to send a one-time password to a user
     */
    'notification' => Spatie\OneTimePasswords\Notifications\OneTimePasswordNotification::class,

    /*
     * These class are responsible for performing core tasks regarding one-time passwords.
     * You can customize them by creating a class that extends the default, and
     * by specifying your custom class name here.
     */
    'actions' => [
        'create_one_time_password' => Spatie\OneTimePasswords\Actions\CreateOneTimePasswordAction::class,
        'consume_one_time_password' => Spatie\OneTimePasswords\Actions\ConsumeOneTimePasswordAction::class,
    ],
];
```