Skip to content
Limit access to your Laravel applications by using invite codes
Branch: master
Clone or download
Latest commit 347dade Aug 12, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources add arabic translations Aug 8, 2019
src update prefixes. fixes #40 Jul 13, 2019
tests use custom validation rule Jul 13, 2019
.gitignore update reqs Sep 30, 2017
.scrutinizer.yml Update .scrutinizer.yml Mar 15, 2018
.travis.yml test 5.8 Jul 13, 2019
LICENSE Update license year Dec 29, 2017 update tag references Jul 13, 2019
composer.json change version requirements Oct 6, 2018
composer.lock switch to base model, and inject it Jul 13, 2019
phpunit.xml add coverage Apr 5, 2017


Doorman provides a way to limit access to your Laravel applications by using invite codes.

Invite Codes:

  • Can be tied to a specific email address.
  • Can be available to anyone (great for sharing on social media).
  • Can have a limited number of uses or unlimited.
  • Can have an expiry date, or never expire.


You can pull in the package using composer:

$ composer require clarkeash/doorman

Next, register the service provider with Laravel:

// config/app.php
'providers' => [

And, register the facade:

// config/app.php
'aliases' => [
    'Doorman' => Clarkeash\Doorman\Facades\Doorman::class,

Finally, migrate the database:

$ php artisan migrate


Generate Invites

Make a single generic invite code with 1 redemption, and no expiry.


Make 5 generic invite codes with 1 redemption each, and no expiry.


Make an invite with 10 redemptions and no expiry.


Make an invite that expires on a specific date.

$date = Carbon::now('UTC')->addDays(7);

Make an invite that expires in 14 days.


Make an invite for a specific person.


Redeem Invites

You can redeem an invite by calling the redeem method. Providing the invite code and optionally an email address.

// or
Doorman::redeem('ABCDE', '');

If doorman is able to redeem the invite code it will increment the number of redemptions by 1, otherwise it will throw an exception.

  • InvalidInviteCode is thrown if the code does not exist in the database.
  • ExpiredInviteCode is thrown if an expiry date is set and it is in the past.
  • MaxUsesReached is thrown if the invite code has already been used the maximum number of times.
  • NotYourInviteCode is thrown if the email address for the invite does match the one provided during redemption, or one was not provided during redemption.

All of the above exceptions extend DoormanException so you can catch that exception if your application does not need to do anything specific for the above exceptions.

try {
    Doorman::redeem(request()->get('code'), request()->get('email'));
} catch (DoormanException $e) {
    return response()->json(['error' => $e->getMessage()], 422);

Check Invites without redeeming them

You can check an invite by calling the check method. Providing the invite code and optionally an email address. (It has the same signature as the redeem method except it will return true or false instead of throwing an exception.

// or
Doorman::check('ABCDE', '');

Change Error Messages (and translation support)

In order to change the error message returned from doorman, we need to publish the language files like so:

$ php artisan vendor:publish --tag=doorman-translations

The language files will then be in /resources/lang/vendor/doorman/en where you can edit the messages.php file, and these messages will be used by doorman. You can create support for other languages by creating extra folders with a messages.php file in the /resources/lang/vendor/doorman directory such as de where you could place your German translations. Read the localisation docs for more info.


If you would perfer to validate an invite code before you attempt to redeem it or you are using Form Requests then you can validate it like so:

public function store(Request $request)
    $this->validate($request, [
        'email' => 'required|email|unique:users',
        'code' => ['required', new DoormanRule($request->get('email'))],

    // Add the user to the database.

You should pass the email address into the constructor to validate the code against that email. If you know the code can be used with any email, then you can leave the parameter empty.

Config - change table name

First publish the package configuration:

$ php artisan vendor:publish --tag=doorman-config

In config/doorman.php you will see:

return [
    'invite_table_name' => 'invites',

If you change the table name and then run your migrations Doorman will then use the new table name.


To remove used and expired invites you can use the cleanup command:

$ php artisan doorman:cleanup
You can’t perform that action at this time.