Mapping database authentication to Sunday English

4 weeks ago · 221b2f16b0
parent 37f0eb287b
commit 221b2f16b0
5 changed files with 7 additions and 165 deletions
--- a/app/Models/GKUser.php
+++ b/app/Models/GKUser.php
@ -1,36 +0,0 @@
-<?php
-
-namespace App\Models;
-
-use Illuminate\Foundation\Auth\User as Authenticatable;
-use Illuminate\Notifications\Notifiable;
-use Laravel\Passport\HasApiTokens;
-use Spatie\Permission\Traits\HasRoles;
-
-class GKUser extends Authenticatable
-{
-    use HasApiTokens, Notifiable, HasRoles;
-
-    protected $table = 'gk_user';
-
-    protected $connection = 'db_sunday';
-
-    protected $fillable = [
-        'name',
-        'email',
-        'password',
-    ];
-
-    protected $hidden = [
-        'password',
-        'remember_token',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'email_verified_at' => 'datetime',
-            'password' => 'hashed',
-        ];
-    }
-}
--- a/app/Passport/CustomUserRepository.php
+++ b/app/Passport/CustomUserRepository.php
@ -1,48 +0,0 @@
-<?php
-
-namespace App\Passport;
-
-use Laravel\Passport\Bridge\User;
-use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
-use League\OAuth2\Server\Entities\ClientEntityInterface;
-use Illuminate\Support\Facades\Hash;
-use App\Models\GKUser;
-
-class CustomUserRepository extends PassportUserRepository
-{
-    /**
-     * Retrieve a user entity by user credentials.
-     *
-     * @param string $username
-     * @param string $password
-     * @param string $grantType
-     * @param ClientEntityInterface $client
-     * @return User|null
-     */
-    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
-    {
-        $user = GKUser::where('email', $username)->first();
-
-        if (! $user) {
-            return;
-        }
-
-        $hashed = $user->password;
-
-        // Check if the password is already hashed using bcrypt
-        if (!Hash::needsRehash($hashed)) {
-            if (!Hash::check($password, $hashed)) {
-                return;
-            }
-        }
-        // If the password is hashed using MD5, verify and upgrade to bcrypt
-        elseif (md5($password) !== $hashed) {
-            return;
-        } else {
-            $user->password = Hash::make($password);
-            $user->save();
-        }
-
-        return new User($user->getAuthIdentifier());
-    }
-}
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -5,11 +5,8 @@ namespace App\Providers;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Laravel\Passport\Passport;
 use League\OAuth2\Server\AuthorizationServer;
-use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
+use Laravel\Passport\Bridge\UserRepository;
 use Laravel\Passport\Bridge\RefreshTokenRepository;
-use Illuminate\Support\Facades\Auth;
-use App\Auth\Providers\MD5UserProvider;
-use App\Passport\CustomUserRepository; // ⬅️ bạn sẽ tạo file này
 use DateInterval;

 class AuthServiceProvider extends ServiceProvider
@ -18,27 +15,17 @@ class AuthServiceProvider extends ServiceProvider

    public function boot(): void
    {
-        // Register custom user provider for MD5 password support
-        Auth::provider('md5provider', function ($app, array $config) {
-            return new MD5UserProvider($app['hash'], $config['model']);
-        });
-
-        // Override Passport's UserRepository to support MD5
-        $this->app->bind(PassportUserRepository::class, CustomUserRepository::class);
-
-        // Set Passport token expiration times
        Passport::tokensExpireIn(now()->addHour());
        Passport::refreshTokensExpireIn(now()->addMonth());

-        // Register Password Grant for OAuth
        $this->app->afterResolving(AuthorizationServer::class, function ($server) {
            $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
-                app(PassportUserRepository::class),
+                app(UserRepository::class),
                app(RefreshTokenRepository::class)
            );
+            $grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 tháng

-            $grant->setRefreshTokenTTL(new DateInterval('P1M'));
-            $server->enableGrantType($grant, new DateInterval('PT1H'));
+            $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 giờ
        });
    }
 }
--- a/app/Providers/MD5UserProvider.php
+++ b/app/Providers/MD5UserProvider.php
@ -1,60 +0,0 @@
-<?php
-
-namespace App\Auth\Providers;
-
-use Illuminate\Auth\EloquentUserProvider;
-use Illuminate\Contracts\Auth\Authenticatable;
-use Illuminate\Support\Facades\Hash;
-
-class MD5UserProvider extends EloquentUserProvider
-{
-    /**
-     * Validate the user's credentials.
-     *
-     * This method checks the provided plain password against the stored hashed password.
-     * - If the stored password is hashed using Bcrypt (i.e., does not need rehashing), it uses Laravel's Hash::check.
-     * - If the stored password is an MD5 hash, it manually compares the MD5 hash of the plain password.
-     *   If matched, it automatically upgrades the password to Bcrypt and saves the user.
-     *
-     * @param \Illuminate\Contracts\Auth\Authenticatable $user The user instance.
-     * @param array $credentials The credentials array containing at least a 'password' key.
-     * @return bool Returns true if the credentials are valid, otherwise false.
-     */
-    public function validateCredentials(Authenticatable $user, array $credentials)
-    {
-        $plain = $credentials['password'];
-        $hashed = $user->getAuthPassword();
-
-        /**
-         * Checks if the given hashed password needs to be rehashed.
-         * If the hash does not require rehashing (e.g., it is already using Bcrypt),
-         * verifies the plain password against the hashed value using Laravel's Hash facade.
-         *
-         * @param string $plain  The plain text password to verify.
-         * @param string $hashed The hashed password stored in the database.
-         * @return bool Returns true if the plain password matches the hashed value, false otherwise.
-         */
-        if (!Hash::needsRehash($hashed)) {
-            return Hash::check($plain, $hashed);
-        }
-
-        /**
-         * Checks if the given plain password matches the stored MD5 hash.
-         * If matched, automatically upgrades the user's password to a secure hash using Laravel's Hash facade.
-         * Saves the upgraded password to the database.
-         *
-         * @param string $plain  The plain text password provided by the user.
-         * @param string $hashed The stored MD5 hashed password.
-         * @return bool Returns true if the password matches and is upgraded, otherwise false.
-         */
-        if (md5($plain) === $hashed) {
-            // Tự động upgrade
-            $user->password = Hash::make($plain);
-            $user->save();
-
-            return true;
-        }
-
-        return false;
-    }
-}
--- a/config/auth.php
+++ b/config/auth.php
@ -42,7 +42,7 @@ return [
        ],

        'api' => [
-            'driver' => 'passport',  //
+            'driver' => 'passport',  // ← Quan trọng: phải là 'passport'
            'provider' => 'users',
        ],
    ],
@ -66,9 +66,8 @@ return [

    'providers' => [
        'users' => [
-            // 'driver' => 'eloquent',
-            'driver' => 'md5provider',
-            'model' => App\Models\GKUser::class,
+            'driver' => 'eloquent',
+            'model' => env('AUTH_MODEL', App\Models\User::class),
        ],

        // 'users' => [