Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Authentication Log
Release Notes

Laravel Authentication Log Laravel Package

rappasoft/laravel-authentication-log

View on GitHub
Deep Wiki
Context7
v6.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/rappasoft/laravel-authentication-log/compare/v6.0.0...v6.0.1

v6.0.0

Laravel Authentication Log v6.0.0 Release Notes

🎉 Major Release - Enhanced Features & Modernization

This is a major release that modernizes the package for Laravel 11.x and 12.x, adds numerous new features, and fixes several long-standing issues.

⚠️ Breaking Changes

  • Laravel 10.x support dropped: This package now only supports Laravel 11.x and 12.x (Laravel 12 support was added in v5.0.0)
  • PHP 8.1+ required: Minimum PHP version is now 8.1
  • Database migration required: Existing installations must run the upgrade migration to add new columns

🚀 New Features

1. Suspicious Activity Detection

Automatically detect and flag suspicious login patterns including:

  • Multiple failed login attempts
  • Rapid location changes
  • Unusual login times (configurable)

Configuration:

'suspicious' => [
    'failed_login_threshold' => 5,
    'check_unusual_times' => false,
    'usual_hours' => [9, 10, 11, 12, 13, 14, 15, 16, 17],
],

2. Session Management

Comprehensive session management capabilities:

  • View active sessions
  • Revoke specific sessions
  • Revoke all other sessions (keep current device)
  • Revoke all sessions
  • Track last activity timestamp

Usage:

$user->getActiveSessions();
$user->revokeSession($sessionId);
$user->revokeAllOtherSessions($currentDeviceId);
$user->revokeAllSessions();

3. Device Fingerprinting & Management

  • Unique device identification (normalized user agent to prevent false positives)
  • Device trust management
  • Device naming
  • Browser version normalization (prevents false "new device" notifications)

Usage:

$user->getDevices();
$user->trustDevice($deviceId);
$user->untrustDevice($deviceId);
$user->isDeviceTrusted($deviceId);

4. Query Scopes

Powerful query scopes for filtering authentication logs:

  • successful() - Only successful logins
  • failed() - Only failed attempts
  • fromIp($ip) - Filter by IP address
  • recent($hours) - Recent logs
  • suspicious() - Suspicious activities
  • trusted() - Trusted devices only
  • fromDevice($deviceId) - Specific device
  • forUser($user) - Specific user
  • active() - Active sessions

Usage:

AuthenticationLog::suspicious()->recent(24)->get();
$user->authentications()->failed()->recent(1)->count();

5. Statistics & Insights

Get authentication statistics for users:

  • Total logins count
  • Failed attempts count
  • Unique devices count
  • Suspicious activities count
  • Comprehensive login stats array

Usage:

$stats = $user->getLoginStats();
$totalLogins = $user->getTotalLogins();
$failedAttempts = $user->getFailedAttempts();
$uniqueDevices = $user->getUniqueDevicesCount();

6. Rate Limiting for Notifications

Prevent notification spam with configurable rate limiting:

  • Configurable max attempts per time period
  • Separate limits for new device and failed login notifications
  • Automatic rate limit decay

Configuration:

'new-device' => [
    'rate_limit' => 3,
    'rate_limit_decay' => 60, // minutes
],

7. Middleware for Device Trust

Restrict access to trusted devices only:

Usage:

Route::middleware(['auth', \Rappasoft\LaravelAuthenticationLog\Middleware\RequireTrustedDevice::class])
    ->group(function () {
        // Protected routes
    });

8. Export Functionality

Export authentication logs to CSV or JSON:

Usage:

php artisan authentication-log:export --format=csv --path=storage/app/logs.csv
php artisan authentication-log:export --format=json

9. Webhook Support

Send webhooks for authentication events:

  • Login events
  • Failed login events
  • New device events
  • Suspicious activity events

Configuration:

'webhooks' => [
    [
        'url' => 'https://example.com/webhook',
        'events' => ['login', 'failed', 'new_device', 'suspicious'],
        'headers' => [
            'Authorization' => 'Bearer your-token',
        ],
    ],
],

10. Enhanced Notifications

  • Support for Vonage (formerly Nexmo) SMS notifications
  • Custom notification templates
  • Improved email templates with better error handling

11. Configurable New User Threshold

Prevent false positives for new users connecting from multiple devices/locations:

Configuration:

'new-device' => [
    'new_user_threshold_minutes' => 1, // Default: 1 minute
],

12. Session Restoration Prevention

Fixes #13

Automatically prevents session restorations (page refreshes, remember me cookies) from creating duplicate log entries. Updates last_activity_at instead of creating new entries.

Configuration:

'prevent_session_restoration_logging' => true,
'session_restoration_window_minutes' => 5,

🐛 Bug Fixes

Fixed Issue #40 - Browser Version Updates Triggering False Notifications

Fixes #40

Browser version updates (e.g., Safari 14.1.2 → 15.1) no longer trigger false "new device" notifications. Device fingerprinting now normalizes user agent strings by removing version numbers.

Fixed Issue #13 - Session Restoration Logging

Fixes #13

Session restorations (page refreshes, remember me cookies) no longer create duplicate log entries. The package now detects and handles session restorations automatically.

Fixed Issue #48, #87, #111 - SQL Server Duplicate ORDER BY Error

Fixes #48, #87, #111

Fixed SQL Server error "A column has been specified more than once in the order by list" by removing duplicate orderByDesc('login_at') calls. The authentications() relationship already orders by login_at DESC, so additional ordering was unnecessary.

Fixed Issue #33, #58 - Model Exception for Models Without Trait

Fixes #33, #58

All listeners now check if the authenticatable model implements the AuthenticationLoggable trait before processing, preventing BadMethodCallException errors when using multiple authenticatable models where only some have the trait.

Fixed Issue #82 - Duplicate Log Entries

Fixes #82

Duplicate log entries issue resolved by session restoration prevention (same fix as Issue #13).

✅ Pull Requests Implemented

PR #15 - Notification After Failed Login on New Device

Closes #15

The package now sends new device notifications when a successful login occurs after a failed login attempt on an unknown device.

PR #52 - Optimize Other Devices Logout Listener

Closes #52

Already implemented. The listener filters to only active sessions using whereNull('logout_at').

PR #57 - Use Null Safe/Chaining Operator

Closes #57

Already implemented. The codebase uses null-safe operators (?->) instead of optional().

PR #80 - Added PHPDocs for IDE Autocompletion

Closes #80

Already implemented. The AuthenticationLog model includes PHPDoc comments for all properties including new fields.

PR #85 - Configurable New User Threshold

Closes #85

Added new_user_threshold_minutes configuration option to reduce false positives for users connecting from multiple devices/locations shortly after registration.

PR #92 - Configurable Listeners

Closes #92

Already implemented. The config file includes configurable listeners for all authentication events.

PR #94 - Check Trait Implementation

Closes #94

Already implemented. All listeners check if the user model implements the AuthenticationLoggable trait before processing.

PR #100 - Laravel 11 Support

Closes #100

Package now supports Laravel 11.x and 12.x.

PR #115 - Check if GeoIP is Installed

Closes #115

Config defaults now check if geoip function exists before enabling location tracking, preventing errors when the geoip package is not installed.

PR #120 - Laravel 12 Support & Arabic Translation

Closes #120

Laravel 12 support added and Arabic translation (ar.json) included.

PR #125 - Test Configuration Updates

Closes #125

Test configuration updated for Laravel 11+ support.

PR #127 - Spanish Translation & Blade Fixes

Closes #127

Spanish translation (es_ES.json) exists and blade templates use the null coalescing operator (??) for state/country fields.

📝 Pull Requests No Longer Applicable

PR #70 - Laravel 10 Support

Closes #70

No longer applicable. Package v4.0.0 dropped Laravel 10 support and now only supports Laravel 11.x and 12.x.

📚 Documentation

  • Comprehensive upgrade guide added
  • All new features documented
  • Configuration examples updated
  • Usage examples for all new features

🧪 Testing

  • 76 tests passing (146 assertions)
  • Comprehensive test coverage for all new features
  • Tests for session restoration prevention
  • Tests for device fingerprinting normalization
  • Tests for suspicious activity detection
  • Tests for all query scopes and statistics

📦 Installation & Upgrade

New Installation

composer require rappasoft/laravel-authentication-log
php artisan vendor:publish --provider="Rappasoft\LaravelAuthenticationLog\LaravelAuthenticationLogServiceProvider"
php artisan migrate

Upgrading from v5.x or Earlier

composer update rappasoft/laravel-authentication-log
php artisan vendor:publish --provider="Rappasoft\LaravelAuthenticationLog\LaravelAuthenticationLogServiceProvider" --tag="authentication-log-migrations"
php artisan migrate

The upgrade migration will safely add new columns to your existing authentication_log table without data loss.

🙏 Credits

Thank you to all contributors who submitted issues, pull requests, and feedback that made this release possible!

📖 Full Documentation

See the documentation for complete usage instructions and examples.

Note: This release includes breaking changes. Please review the upgrade guide before upgrading from v5.x or earlier.

v5.0.0

What's Changed

Full Changelog: https://github.com/rappasoft/laravel-authentication-log/compare/v4.0.0...v5.0.0

v4.0.0

4.0.0 - 2024-03-28

v3.0.0
v2.0.0

Laravel 9 Support

v1.3.0

Changed

v1.2.1

Added

Changed

v1.2.0

Added

v1.1.1

Changed

v1.1.0

Added

v1.0.0

Initial Release

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport