You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.2 KiB
44 lines
1.2 KiB
<?php
|
|
|
|
namespace App\Auth;
|
|
|
|
use Illuminate\Auth\EloquentUserProvider;
|
|
use Illuminate\Contracts\Auth\Authenticatable;
|
|
|
|
class CustomUserProvider extends EloquentUserProvider
|
|
{
|
|
public function validateCredentials(Authenticatable $user, array $credentials): bool
|
|
{
|
|
$plain = $credentials['password'];
|
|
$hashed = $user->getAuthPassword();
|
|
|
|
// Check if the stored password is a bcrypt hash
|
|
if ($this->isBcryptHash($hashed)) {
|
|
// Use the hasher to verify the password
|
|
if ($this->hasher->check($plain, $hashed)) {
|
|
return true;
|
|
}
|
|
} else {
|
|
// Fallback for legacy MD5 hashes
|
|
if (md5($plain) === $hashed) {
|
|
// Upgrade the password to bcrypt
|
|
$user->password = $this->hasher->make($plain);
|
|
$user->save();
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Determine if the given hash is a bcrypt hash.
|
|
*
|
|
* @param string $hashedPassword
|
|
* @return bool
|
|
*/
|
|
protected function isBcryptHash($hashedPassword): bool
|
|
{
|
|
return password_get_info($hashedPassword)['algo'] === PASSWORD_BCRYPT;
|
|
}
|
|
}
|
|
|