sundayenglish
/
GK-Content-Management
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mapping database authentication to Sunday English

Browse Source
pull/2/head
sundayenglish 4 weeks ago
parent 37f0eb287b
commit 221b2f16b0
5 changed files with 7 additions and 165 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      app/Models/GKUser.php
  2. 48
      app/Passport/CustomUserRepository.php
  3. 21
      app/Providers/AuthServiceProvider.php
  4. 60
      app/Providers/MD5UserProvider.php
  5. 7
      config/auth.php

36
app/Models/GKUser.php
Unescape View File

@ -1,36 +0,0 @@
<?php
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Passport\HasApiTokens;
use Spatie\Permission\Traits\HasRoles;
class GKUser extends Authenticatable
{
use HasApiTokens, Notifiable, HasRoles;
protected $table = 'gk_user';
protected $connection = 'db_sunday';
protected $fillable = [
'name',
'email',
'password',
];
protected $hidden = [
'password',
'remember_token',
];
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
];
}
}

48
app/Passport/CustomUserRepository.php
Unescape View File

@ -1,48 +0,0 @@
<?php
namespace App\Passport;
use Laravel\Passport\Bridge\User;
use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use Illuminate\Support\Facades\Hash;
use App\Models\GKUser;
class CustomUserRepository extends PassportUserRepository
{
/**
* Retrieve a user entity by user credentials.
*
* @param string $username
* @param string $password
* @param string $grantType
* @param ClientEntityInterface $client
* @return User|null
*/
public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
{
$user = GKUser::where('email', $username)->first();
if (! $user) {
return;
}
$hashed = $user->password;
// Check if the password is already hashed using bcrypt
if (!Hash::needsRehash($hashed)) {
if (!Hash::check($password, $hashed)) {
return;
}
}
// If the password is hashed using MD5, verify and upgrade to bcrypt
elseif (md5($password) !== $hashed) {
return;
} else {
$user->password = Hash::make($password);
$user->save();
}
return new User($user->getAuthIdentifier());
}
}

21
app/Providers/AuthServiceProvider.php
Unescape View File

@ -5,11 +5,8 @@ namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Laravel\Passport\Passport; use Laravel\Passport\Passport;
use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\AuthorizationServer;
use Laravel\Passport\Bridge\UserRepository as PassportUserRepository; use Laravel\Passport\Bridge\UserRepository;
use Laravel\Passport\Bridge\RefreshTokenRepository; use Laravel\Passport\Bridge\RefreshTokenRepository;
use Illuminate\Support\Facades\Auth;
use App\Auth\Providers\MD5UserProvider;
use App\Passport\CustomUserRepository; // ⬅ bạn sẽ tạo file này
use DateInterval; use DateInterval;
class AuthServiceProvider extends ServiceProvider class AuthServiceProvider extends ServiceProvider
@ -18,27 +15,17 @@ class AuthServiceProvider extends ServiceProvider
public function boot(): void public function boot(): void
{ {
// Register custom user provider for MD5 password support
Auth::provider('md5provider', function ($app, array $config) {
return new MD5UserProvider($app['hash'], $config['model']);
});
// Override Passport's UserRepository to support MD5
$this->app->bind(PassportUserRepository::class, CustomUserRepository::class);
// Set Passport token expiration times
Passport::tokensExpireIn(now()->addHour()); Passport::tokensExpireIn(now()->addHour());
Passport::refreshTokensExpireIn(now()->addMonth()); Passport::refreshTokensExpireIn(now()->addMonth());
// Register Password Grant for OAuth
$this->app->afterResolving(AuthorizationServer::class, function ($server) { $this->app->afterResolving(AuthorizationServer::class, function ($server) {
$grant = new \League\OAuth2\Server\Grant\PasswordGrant( $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
app(PassportUserRepository::class), app(UserRepository::class),
app(RefreshTokenRepository::class) app(RefreshTokenRepository::class)
); );
$grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 tháng
$grant->setRefreshTokenTTL(new DateInterval('P1M')); $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 giờ
$server->enableGrantType($grant, new DateInterval('PT1H'));
}); });
} }
} }

60
app/Providers/MD5UserProvider.php
Unescape View File

@ -1,60 +0,0 @@
<?php
namespace App\Auth\Providers;
use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Support\Facades\Hash;
class MD5UserProvider extends EloquentUserProvider
{
/**
* Validate the user's credentials.
*
* This method checks the provided plain password against the stored hashed password.
* - If the stored password is hashed using Bcrypt (i.e., does not need rehashing), it uses Laravel's Hash::check.
* - If the stored password is an MD5 hash, it manually compares the MD5 hash of the plain password.
* If matched, it automatically upgrades the password to Bcrypt and saves the user.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user The user instance.
* @param array $credentials The credentials array containing at least a 'password' key.
* @return bool Returns true if the credentials are valid, otherwise false.
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
$plain = $credentials['password'];
$hashed = $user->getAuthPassword();
/**
* Checks if the given hashed password needs to be rehashed.
* If the hash does not require rehashing (e.g., it is already using Bcrypt),
* verifies the plain password against the hashed value using Laravel's Hash facade.
*
* @param string $plain The plain text password to verify.
* @param string $hashed The hashed password stored in the database.
* @return bool Returns true if the plain password matches the hashed value, false otherwise.
*/
if (!Hash::needsRehash($hashed)) {
return Hash::check($plain, $hashed);
}
/**
* Checks if the given plain password matches the stored MD5 hash.
* If matched, automatically upgrades the user's password to a secure hash using Laravel's Hash facade.
* Saves the upgraded password to the database.
*
* @param string $plain The plain text password provided by the user.
* @param string $hashed The stored MD5 hashed password.
* @return bool Returns true if the password matches and is upgraded, otherwise false.
*/
if (md5($plain) === $hashed) {
// Tự động upgrade
$user->password = Hash::make($plain);
$user->save();
return true;
}
return false;
}
}

7
config/auth.php
Unescape View File

@ -42,7 +42,7 @@ return [
], ],
'api' => [ 'api' => [
'driver' => 'passport', // 'driver' => 'passport', // ← Quan trọng: phải là 'passport'
'provider' => 'users', 'provider' => 'users',
], ],
], ],
@ -66,9 +66,8 @@ return [
'providers' => [ 'providers' => [
'users' => [ 'users' => [
// 'driver' => 'eloquent', 'driver' => 'eloquent',
'driver' => 'md5provider', 'model' => env('AUTH_MODEL', App\Models\User::class),
'model' => App\Models\GKUser::class,
], ],
// 'users' => [ // 'users' => [

Write Preview
Loading…
Cancel
Save