我对Laravel来说真的很新。我很享受这个框架的每一点。我最近遇到了一些身份验证/登录问题。
用户注册工作正常,但当我尝试使用注册期间创建的相同凭据登录时,应用程序会抛出此错误:
这些凭据与我们的记录不匹配
我还查看了数据库中的users表,并捕获了注册表单中的所有字段。我只是想知道为什么应用程序无法从数据库中检索这些。
请参阅下面的LoginController代码:
namespace App\Http\Controllers\Auth;
use App\Models\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Firebase\JWT\JWT;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/dashboard';
// Get your service account's email address and private key from the JSON
key file
protected $service_account_email = "abc-123@a-b-c-
123.iam.gserviceaccount.com";
protected $private_key = "-----BEGIN PRIVATE KEY-----...";
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
$this->service_account_email = config('services.firebase.client_email');
$this->private_key = config('services.firebase.private_key');
}
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
$data = $request->only($this->username(), 'password');
$data['email_confirmed'] = 1;
return $data;
}
protected function authenticated(Request $request, $user)
{
$jwt = $this->create_custom_token($user,false);
session(['jwt' => $jwt]);
return redirect()->intended($this->redirectPath());
}
function create_custom_token(User $user, $is_premium_account) {
$now_seconds = time();
$payload = array(
"iss" => $this->service_account_email,
"sub" => $this->service_account_email,
"aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"iat" => $now_seconds,
"exp" => $now_seconds+(60*60), // Maximum expiration time is one hour
"uid" => $user->ref_code,
"email" => $user->email,
"name" => $user->name,
"phone_number" => $user->phone_number,
"claims" => array(
"premium_account" => $is_premium_account
)
);
return JWT::encode($payload, $this->private_key, "RS256");
}
}
我怎样才能解决这个问题?
答案 0 :(得分:4)
我找到了解决上述问题的方法!
好吧,显然,问题是应用程序双重哈希密码。我从http://laravel.com/docs/5.1/authentication
读到从哪里谈论尝试方法: “如果找到用户,则数据库中存储的散列密码将与通过阵列传递给方法的散列密码值进行比较。如果两个散列密码匹配,则将为用户启动经过身份验证的会话。”
因此,即使我使用表单传递了正确的密码,尝试方法也是在从表单发送的密码上调用bcrypt。经过哈希处理后,它将不再与计划文本密码匹配。
所以,我没有试图记住在save / update / db seeding上哈希我的密码,而是在User类中添加了一个属性mutator:
public function setPasswordAttribute($password)
{
$this->attributes['password'] = bcrypt($password);
}
瞧!问题已解决
答案 1 :(得分:1)
如果你用这个方法设置密码hash
public function setPasswordAttribute($password)
{
$this->attributes['password'] = bcrypt($password);
}
不要在控制器或播种机中使用 hash 或 bcrypt 方法以避免密码散列两次,如下所示:
$admin = User::create([
'name' => 'Admin',
'username' => 'admin',
'email' => 'admin@admin.com',
'mobile' => '0123456789',
'role_id' => 1,
'status' => 1,
'email_verified_at' => Carbon::now(),
'bio' => 'Administrator',
'password' => 'admin',
]);
答案 2 :(得分:0)
我也面临这个问题。
默认情况下,Lavarel对您的密码进行哈希处理,只需在 RegisterController.php
中将“哈希”更改为“ bcrypt”protected function create(array $data)
{
return User::create([
'password' =>bcrypt($data['password']),
]);
}