4

My project in Laravel 5.1 and I can't login after Composer update

Everything was working before I run

composer update

I'm using standard built in Laravel's register and login process the function Auth::attempt() in AuthController.php always returns false.

I have tested it on a new project of Laravel 5.1 and it's the same problem. I did a password reset, created new user, nothing works …

I get this error:

These credentials do not match our records

Those are the packages that were updated:

Updating dependencies (including require-dev)
- Removing giggsey/libphonenumber-for-php (7.2.6)
- Installing giggsey/libphonenumber-for-php (7.2.8)
  Downloading: 100%

- Removing symfony/var-dumper (v2.7.10)
- Installing symfony/var-dumper (v2.7.11)
  Downloading: 100%

- Removing symfony/translation (v2.7.10)
- Installing symfony/translation (v2.7.11)
  Downloading: 100%

- Removing symfony/routing (v2.7.10)
- Installing symfony/routing (v2.7.11)
  Downloading: 100%

- Removing symfony/process (v2.7.10)
- Installing symfony/process (v2.7.11)
  Downloading: 100%

- Installing symfony/polyfill-mbstring (v1.1.1)
  Downloading: 100%

- Removing symfony/http-foundation (v2.7.10)
- Installing symfony/http-foundation (v2.7.11)
  Downloading: 100%

- Removing symfony/event-dispatcher (v2.8.3)
- Installing symfony/event-dispatcher (v2.8.4)
  Downloading: 100%

- Removing symfony/debug (v2.7.10)
- Installing symfony/debug (v2.7.11)
  Downloading: 100%

- Removing symfony/http-kernel (v2.7.10)
- Installing symfony/http-kernel (v2.7.11)
  Downloading: 100%

- Removing symfony/finder (v2.7.10)
- Installing symfony/finder (v2.7.11)
  Downloading: 100%

- Removing symfony/dom-crawler (v2.7.10)
- Installing symfony/dom-crawler (v2.7.11)
  Downloading: 100%

- Removing symfony/css-selector (v2.7.10)
- Installing symfony/css-selector (v2.7.11)
  Downloading: 100%

- Removing symfony/console (v2.7.10)
- Installing symfony/console (v2.7.11)
  Downloading: 100%

- Removing psy/psysh (v0.7.1)
- Installing psy/psysh (v0.7.2)
  Downloading: 100%

- Removing paragonie/random_compat (v1.2.1)
- Installing paragonie/random_compat (v1.4.1)
  Downloading: 100%

- Removing monolog/monolog (1.18.0)
- Installing monolog/monolog (1.18.1)
  Downloading: 100%

- Removing league/flysystem (1.0.18)
- Installing league/flysystem (1.0.20)
  Downloading: 100%

- Removing symfony/polyfill-util (v1.1.0)
- Installing symfony/polyfill-util (v1.1.1)
  Downloading: 100%

- Removing symfony/polyfill-php56 (v1.1.0)
- Installing symfony/polyfill-php56 (v1.1.1)
  Downloading: 100%

- Removing propaganistas/laravel-phone (2.6.1)
- Installing propaganistas/laravel-phone (2.7.0)
  Downloading: 100%

- Removing symfony/yaml (v3.0.3)
- Installing symfony/yaml (v3.0.4)
  Downloading: 100%

- Removing phpunit/phpunit (4.8.23)
- Installing phpunit/phpunit (4.8.24)
  Downloading: 100%

- Removing phpspec/phpspec (2.4.1)
- Installing phpspec/phpspec (2.5.0)
  Downloading: 100%

Any idea which package is causing the problem? Any workaround or idea how to fix this?

The postLogin function (it's standard, I didn't do any changes):

public function postLogin(Request $request)
{
    $this->validate($request, [
        $this->loginUsername() => 'required', 'password' => 'required',
    ]);

    // If the class is using the ThrottlesLogins trait, we can automatically throttle
    // the login attempts for this application. We'll key this by the username and
    // the IP address of the client making these requests into this application.
    $throttles = $this->isUsingThrottlesLoginsTrait();

    if ($throttles && $this->hasTooManyLoginAttempts($request)) {
        return $this->sendLockoutResponse($request);
    }

    $credentials = $this->getCredentials($request);

    if (Auth::attempt($credentials, $request->has('remember'))) {
        return $this->handleUserWasAuthenticated($request, $throttles);
    }

    // If the login attempt was unsuccessful we will increment the number of attempts
    // to login and redirect the user back to the login form. Of course, when this
    // user surpasses their maximum number of attempts they will get locked out.
    if ($throttles) {
        $this->incrementLoginAttempts($request);
    }

    return redirect($this->loginPath())
        ->withInput($request->only($this->loginUsername(), 'remember'))
        ->withErrors([
            $this->loginUsername() => $this->getFailedLoginMessage(),
        ]);
}

the postRegister function:

public function postRegister(Request $request)
{
    $validator = $this->validator($request->all());

    if ($validator->fails()) {
        $this->throwValidationException(
            $request, $validator
        );
    }

    Auth::login($this->create($request->all()));

    return redirect($this->redirectPath());
}
Tomer Ofer
  • 378
  • 3
  • 15
  • `Auth::attempt()` method has got nothing to do with the `composer install` and/or `composer update`.. The problem lies in your Controller code.. Are you sure that your authentication code is correct ?? Provide the controller method code... – Saiyan Prince Mar 31 '16 at 10:21
  • what do you mean by don't work?Did you got any error message,if have share the error message. – Imtiaz Pabel Mar 31 '16 at 10:26
  • @user3514160 it was working before the update. i get the error: These credentials do not match our records – Tomer Ofer Mar 31 '16 at 10:34
  • Can you show me the code ?? Also note that `Auth::attempt()` method checks if the password is hashed or not, using the `password_verify()` method.. Have you stored the password in its hashed format ??? – Saiyan Prince Mar 31 '16 at 10:36
  • @user3514160 no i can't show you the code but as i said, it's standard laravel's login proccess, nothing special... you can try it, clone a new project of laravel 5.1 and do a composer update https://laravel.com/docs/5.2/authentication#authentication-quickstart – Tomer Ofer Mar 31 '16 at 10:42
  • Then I am at least possible help.. Also, chances are less that anybody will try to help you without the code.. Anyways.. Good luck with your code then.. – Saiyan Prince Mar 31 '16 at 10:44
  • @SaiyanPrince i added the postLogin code dose it help to understand it better? – Tomer Ofer Mar 31 '16 at 11:30
  • How is your password getting stored ? Is it a hashed string or just a normal string ? – Saiyan Prince Mar 31 '16 at 11:33
  • hashed it's 60 char length – Tomer Ofer Mar 31 '16 at 11:36
  • Remember that you can always rollback your `composer.lock` from VCS and upgrade the packages in groups to discover which one is causing the issue. A full `composer update` can do that of course when hitting 50 packages. – Niels Keurentjes Mar 31 '16 at 22:31

1 Answers1

0

I have found the problem!

I'm using this package Roles And Permissions For Laravel 5 and forgot to put a role with login permissions to the user on creation …

Apparently I was testing with a user that was created in the seeding process (it has a role attached), but when I tried to register a new user the problems started …

$user->attachRole($regularUserRole);

/**
 * Create a new user instance after a valid registration.
 *
 * @param  array  $data
 * @return User
 */
protected function create(array $data)
{
    $team = new Team(["name" => ""]);
    $regularUserRole = Role::where('slug','user')->first();
    $user = User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => bcrypt($data['password']),
    ]);
    if ($team->save() && $regularUserRole) {
        $user->team()->associate($team);
        $user->attachRole($regularUserRole);
        if ($user->save()) {
            $team->owner()->associate($user);
            $team->save();
            return $user;
        }
    }
    return false;
}
Pᴇʜ
  • 56,719
  • 10
  • 49
  • 73
Tomer Ofer
  • 378
  • 3
  • 15