Welcome to 16892 Developer Community-Open, Learning,Share
menu search
person
editAsk a Question
Welcome To Ask or Share your Answers For Others

Categories

laravel - How to change login hash bcrypt to hash256

in Technique[技术] by (71.8m points)

I am trying to change hashing in the laravel. So I made custom SHA256 with salt in the RegisterController. Register completed but how to change in the login?

protected function create(array $data)
{
    $salt = Str::random(8);
    return User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => '$SHA$' . $salt . '$' . hash('sha256', hash('sha256', $data['password']) . $salt),
    ]);
}

This is code of LoginController. $this->guard()->attempt($this->credentials($request)) this goes to something and hash then get token.

<?php

namespace AppHttpControllersAuth;

use IlluminateHttpRequest;
use AppHttpControllersController;
use AppExceptionsVerifyEmailException;
use IlluminateContractsAuthMustVerifyEmail;
use IlluminateValidationValidationException;
use IlluminateFoundationAuthAuthenticatesUsers;

class LoginController extends Controller
{
    use AuthenticatesUsers;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    /**
     * Attempt to log the user into the application.
     *
     * @param  IlluminateHttpRequest  $request
     * @return bool
     */
    protected function attemptLogin(Request $request)
    {
        $token = $this->guard()->attempt($this->credentials($request));

        if (! $token) {
            return false;
        }

        $user = $this->guard()->user();
        if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
            return false;
        }

        $this->guard()->setToken($token);

        return true;
    }

    /**
     * Send the response after the user was authenticated.
     *
     * @param  IlluminateHttpRequest  $request
     * @return IlluminateHttpJsonResponse
     */
    protected function sendLoginResponse(Request $request)
    {
        $this->clearLoginAttempts($request);
        $user = $this->guard()->user();
        $token = (string) $this->guard()->getToken();
        $expiration = $this->guard()->getPayload()->get('exp');

        return response()->json([
            'token' => $token,
            'token_type' => 'bearer',
            'expires_in' => $expiration - time(),
        ]);
    }

    /**
     * Get the failed login response instance.
     *
     * @param  IlluminateHttpRequest  $request
     * @return IlluminateHttpJsonResponse
     *
     * @throws IlluminateValidationValidationException
     */
    protected function sendFailedLoginResponse(Request $request)
    {
        $user = $this->guard()->user();
        if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
            throw VerifyEmailException::forUser($user);
        }

        throw ValidationException::withMessages([
            $this->username() => [trans('auth.failed')],
        ]);
    }

    /**
     * Log the user out of the application.
     *
     * @param  IlluminateHttpRequest  $request
     * @return IlluminateHttpResponse
     */
    public function logout(Request $request)
    {
        $this->guard()->logout();
    }
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
519 views
Welcome To Ask or Share your Answers For Others

1 Answer

by (71.8m points)

First, create this function where you can reuse it:

protected function hash($string){
    return hash('sha256', $string . config('app.encryption_key'));
}

On user creation you have to call the function to hash the password:

protected function create(array $data){
    return User::create([
       'name' => $data['name'],
       'password' => $this->hash($data['password'])
    ]);
}

On login, you would have to call hash function on password again:

protected function login(Request $request){
    $user = User::where([
           'email' => $request->request('email'), 
           'password' => $this->hash($request->input('password')) 
    ])->first();
    Auth::login($user);
    $token = $user->createToken('MyApp')->accessToken;
    return response()->json(compact('token', 'user'));
}

I think that is the best approach to consider.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to 16892 Developer Community-Open, Learning and Share

Just Browsing Browsing

548k questions

547k answers

4 comments

56.5k users

Most popular tags

Theme made by Momin Raza, Modified by Ostack
Powered by Question2Answer
...