Skip to content
Limit access to your Laravel applications by using invite codes
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources make email unique fixes #29 Mar 17, 2018
src fix failing test and fixes #34 Oct 14, 2018
tests change tests Oct 14, 2018
.gitignore update reqs Sep 30, 2017
.travis.yml Test 7.3 Oct 25, 2018
LICENSE Update license year Dec 29, 2017 upgrade all the things Mar 17, 2018
composer.lock add failing tests Oct 14, 2018


Doorman provides a way to limit access to your Laravel applications by using invite codes.

Invite Codes:

  • Can be tied to a specific email address.
  • Can be available to anyone (great for sharing on social media).
  • Can have a limited number of uses or unlimited.
  • Can have an expiry date, or never expire.


You can pull in the package using composer:

$ composer require clarkeash/doorman

Next, register the service provider with Laravel:

// config/app.php
'providers' => [

And, register the facade:

// config/app.php
'aliases' => [
    'Doorman' => Clarkeash\Doorman\Facades\Doorman::class,

Finally, migrate the database:

$ php artisan migrate


Generate Invites

Make a single generic invite code with 1 redemption, and no expiry.


Make 5 generic invite codes with 1 redemption each, and no expiry.


Make an invite with 10 redemptions and no expiry.


Make an invite that expires on a specific date.

$date = Carbon::now('UTC')->addDays(7);

Make an invite that expires in 14 days.


Make an invite for a specific person.


Redeem Invites

You can redeem an invite by calling the redeem method. Providing the invite code and optionally an email address.

// or
Doorman::redeem('ABCDE', '');

If doorman is able to redeem the invite code it will increment the number of redemptions by 1, otherwise it will throw an exception.

  • InvalidInviteCode is thrown if the code does not exist in the database.
  • ExpiredInviteCode is thrown if an expiry date is set and it is in the past.
  • MaxUsesReached is thrown if the invite code has already been used the maximum number of times.
  • NotYourInviteCode is thrown if the email address for the invite does match the one provided during redemption, or one was not provided during redemption.

All of the above exceptions extend DoormanException so you can catch that exception if your application does not need to do anything specific for the above exceptions.

try {
    Doorman::redeem(request()->get('code'), request()->get('email'));
} catch (DoormanException $e) {
    return response()->json(['error' => $e->getMessage()], 422);

Check Invites without redeeming them

You can check an invite by calling the check method. Providing the invite code and optionally an email address. (It has the same signature as the redeem method except it will return true or false instead of throwing an exception.

// or
Doorman::check('ABCDE', '');

Change Error Messages (and translation support)

In order to change the error message returned from doorman, we need to publish the language files like so:

$ php artisan vendor:publish --tag=translations

The language files will then be in /resources/lang/vendor/doorman/en where you can edit the messages.php file, and these messages will be used by doorman. You can create support for other languages by creating extra folders with a messages.php file in the /resources/lang/vendor/doorman directory such as de where you could place your German translations. Read the localisation docs for more info.


If you would perfer to validate an invite code before you attempt to redeem it or you are using Form Requests then you can validate it like so:

public function store(Request $request)
    $this->validate($request, [
        'email' => 'required|email|unique:users',
        'code' => 'required|doorman:email',

    // Add the user to the database.

The :email part is optional and will pass the email address to the Doorman::check method. The string after the colon : is the name of the email field in the request (this could be email or email_address etc).

Config - change table name

First publish the package configuration:

$ php artisan vendor:publish --tag=config

In config/doorman.php you will see:

return [
    'invite_table_name' => 'invites',

If you change the table name and then run your migrations Doorman will then use the new table name.


To remove used and expired invites you can use the cleanup command:

$ php artisan doorman:cleanup
You can’t perform that action at this time.