6

I'm trying to extend the default Bcrypt HashServiceProvider in laravel 5, to make use of the SHA1 encryption instead.

Using the answer from this question: How to use SHA1 encryption instead of BCrypt in Laravel 4? and the official documentation at http://laravel.com/docs/5.0/extending#container-based-extension, I'v managed to cook up the following code:

In app/Providers/ShaHashServiceProvider.php


    use App\ShaHasher;
    use Illuminate\Hashing\HashServiceProvider;

    class ShaHashServiceProvider extends HashServiceProvider {

        public function boot()
        {
            parent::boot();

            $this->app->bindShared('hash', function()
            {
                return new ShaHasher();
            });
        }

    }

In app/ShaHasher.php


    use Illuminate\Contracts\Hashing\Hasher as HasherContract;

    class ShaHasher implements HasherContract {

        public function make($value, array $options = array()) {
            $value = env('SALT', '').$value;
            return sha1($value);
        }

        public function check($value, $hashedValue, array $options = array()) {
            return $this->make($value) === $hashedValue;
        }

        public function needsRehash($hashedValue, array $options = array()) {
            return false;
        }

    }

In app/config/app.php


    'providers' => [
            ...
            //'Illuminate\Hashing\HashServiceProvider',
            'App\Providers\ShaHashServiceProvider',
            ...
    ],

I'm also using Laravels out-of-the-box AuthController to handle logins.

But it seems that it does not work as I intended. The very first time I tried to login, everything worked perfectly fine. Then I logged out, and since then, every attempt to login has failed.

I'm not getting any errors, just the "Whoops! There were some problems with your input. These credentials do not match our records." message.

I'm wondering what exactly what went wrong, and where? I hope some of you geniuses can help me out!

Community
  • 1
  • 1
TheNish
  • 330
  • 3
  • 15
  • 2
    Why? SHA1 is not very secure. – lukasgeiter Mar 11 '15 at 09:37
  • @lukasgeiter - I'm migrating an old CakePHP App (Which uses SHA1) to Laravel 5. – TheNish Mar 11 '15 at 09:39
  • 1
    Then I would try to actually migrate the passwords to bcrypt. [This answer describes how such migration process could work](http://stackoverflow.com/a/28519426/1903366) – lukasgeiter Mar 11 '15 at 09:44
  • @lukasgeiter I'v considered that possibility as well, but I did not like the idea of changing the users schema and adding extra logic to the login process, for something that doesn't need to be that secure (in this case). I even found this guide on how to migrate the password: http://laravel-tricks.com/tricks/transitioning-to-bcrypt-password-while-allowing-legacy-password-hashing – TheNish Mar 11 '15 at 09:50
  • In any case, I'm still curious why this code is not working :-) – TheNish Mar 11 '15 at 10:10
  • Thought so... Can you figure out if it fails `check()` or if something else is causing the problem? – lukasgeiter Mar 11 '15 at 10:11
  • I'v tried to Die'n'Dump in the ShaHasher.php methods, but seems they are never called. But when I dd() in boot(), the dump is called. – TheNish Mar 11 '15 at 10:20

1 Answers1

7

I'v solved the problem myself :-)

In app/Providers/ShaHashServiceProvider.php I overrided the wrong method boot(), when it was in fact the method register() I should have overridden.


    use App\ShaHasher;
    use Illuminate\Hashing\HashServiceProvider;

    class ShaHashServiceProvider extends HashServiceProvider {

        public function register()
        {
            $this->app->singleton('hash', function() { return new ShaHasher; });
        }

    }
TheNish
  • 330
  • 3
  • 15