Mapping database authentication to Sunday English

4 weeks ago · 37f0eb287b
parent 09b547e18f
commit 37f0eb287b
3 changed files with 47 additions and 8 deletions
--- a/app/Passport/CustomUserRepository.php
+++ b/app/Passport/CustomUserRepository.php
@ -10,6 +10,15 @@ use App\Models\GKUser;

 class CustomUserRepository extends PassportUserRepository
 {
+    /**
+     * Retrieve a user entity by user credentials.
+     *
+     * @param string $username
+     * @param string $password
+     * @param string $grantType
+     * @param ClientEntityInterface $client
+     * @return User|null
+     */
    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
    {
        $user = GKUser::where('email', $username)->first();
@ -20,14 +29,16 @@ class CustomUserRepository extends PassportUserRepository

        $hashed = $user->password;

+        // Check if the password is already hashed using bcrypt
        if (!Hash::needsRehash($hashed)) {
            if (!Hash::check($password, $hashed)) {
                return;
            }
-        } elseif (md5($password) !== $hashed) {
+        }
+        // If the password is hashed using MD5, verify and upgrade to bcrypt
+        elseif (md5($password) !== $hashed) {
            return;
        } else {
-            // ✅ Nếu MD5 khớp → nâng cấp lên bcrypt
            $user->password = Hash::make($password);
            $user->save();
        }
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -18,19 +18,19 @@ class AuthServiceProvider extends ServiceProvider

    public function boot(): void
    {
-        // ✅ Đăng ký custom provider hỗ trợ MD5 password
+        // Register custom user provider for MD5 password support
        Auth::provider('md5provider', function ($app, array $config) {
            return new MD5UserProvider($app['hash'], $config['model']);
        });

-        // ✅ Ghi đè UserRepository để Passport hỗ trợ MD5
+        // Override Passport's UserRepository to support MD5
        $this->app->bind(PassportUserRepository::class, CustomUserRepository::class);

-        // ✅ Thiết lập thời hạn token Passport
+        // Set Passport token expiration times
        Passport::tokensExpireIn(now()->addHour());
        Passport::refreshTokensExpireIn(now()->addMonth());

-        // ✅ Đăng ký Password Grant cho OAuth
+        // Register Password Grant for OAuth
        $this->app->afterResolving(AuthorizationServer::class, function ($server) {
            $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
                app(PassportUserRepository::class),
--- a/app/Providers/MD5UserProvider.php
+++ b/app/Providers/MD5UserProvider.php
@ -8,17 +8,45 @@ use Illuminate\Support\Facades\Hash;

 class MD5UserProvider extends EloquentUserProvider
 {
+    /**
+     * Validate the user's credentials.
+     *
+     * This method checks the provided plain password against the stored hashed password.
+     * - If the stored password is hashed using Bcrypt (i.e., does not need rehashing), it uses Laravel's Hash::check.
+     * - If the stored password is an MD5 hash, it manually compares the MD5 hash of the plain password.
+     *   If matched, it automatically upgrades the password to Bcrypt and saves the user.
+     *
+     * @param \Illuminate\Contracts\Auth\Authenticatable $user The user instance.
+     * @param array $credentials The credentials array containing at least a 'password' key.
+     * @return bool Returns true if the credentials are valid, otherwise false.
+     */
    public function validateCredentials(Authenticatable $user, array $credentials)
    {
        $plain = $credentials['password'];
        $hashed = $user->getAuthPassword();

-        // Nếu là Bcrypt → dùng bình thường
+        /**
+         * Checks if the given hashed password needs to be rehashed.
+         * If the hash does not require rehashing (e.g., it is already using Bcrypt),
+         * verifies the plain password against the hashed value using Laravel's Hash facade.
+         *
+         * @param string $plain  The plain text password to verify.
+         * @param string $hashed The hashed password stored in the database.
+         * @return bool Returns true if the plain password matches the hashed value, false otherwise.
+         */
        if (!Hash::needsRehash($hashed)) {
            return Hash::check($plain, $hashed);
        }

-        // Nếu là MD5 → kiểm tra tay
+        /**
+         * Checks if the given plain password matches the stored MD5 hash.
+         * If matched, automatically upgrades the user's password to a secure hash using Laravel's Hash facade.
+         * Saves the upgraded password to the database.
+         *
+         * @param string $plain  The plain text password provided by the user.
+         * @param string $hashed The stored MD5 hashed password.
+         * @return bool Returns true if the password matches and is upgraded, otherwise false.
+         */
        if (md5($plain) === $hashed) {
            // Tự động upgrade
            $user->password = Hash::make($plain);