Laravel - disable hashing on attempt method

Question

So, the problem i have is the following:

I have this login method. The problem is that the email and password are in an external database. The password has already the hashing done in a specific way that i can't change and because the attempt method hashes the password given in the request to compare it to the database one, it will always fail because the hashing algorithm is not the same. Can i disable that auto hashing? To make it in the way it is done in the other external database?

public function login(Request $request)
{
    //Validating the request body
    $validator = Validator::make($request->all(), [
        'email' => 'required|email',
        'password' => 'required',
    ]);

    if($validator->fails()){
        return response()->json($validator->errors()->first(), 400);
    }

    $credentials = $request->only('email', 'password');

    if ($token = $this->guard()->attempt($credentials)) {
        return $this->respondWithToken($token);
    }

    return response()->json('Invalid email or password', 401);
}

Does this answer your question? [Disable hashing on Auth::attempt](https://stackoverflow.com/questions/47058797/disable-hashing-on-authattempt) — Chris, Aug 18 '20 at 14:49

score 0 · Answer 1 · answered Aug 18 '20 at 14:51

0

I think you have two options.

You can create and override the hash driver in config/hashing.php
You write some custom authentication logic in the LoginController

I think the easier approach is 2. But for long time use you might consider option 1.

Normally you would do the authentication like this:

     /**
     * Handle an authentication attempt.
     *
     * @param  \Illuminate\Http\Request $request
     *
     * @return Response
     */
    public function authenticate(Request $request)
    {
        $credentials = $request->only('email', 'password');

        if (Auth::attempt($credentials)) {
            // Authentication passed...
            return redirect()->intended('dashboard');
        }
    }

https://laravel.com/docs/7.x/authentication#authenticating-users

In your case you will need to replace the if part with some code where you look for the User and your custom hashed password in the database.

answered Aug 18 '20 at 14:51

Aless55

2,652
2
15
26

But in that case the token is not generated and i need it. The attempt method generates the token. – Marco Silva Aug 18 '20 at 15:04
@MarcoSilva you could `Auth::login($user)` instead? – Aless55 Aug 18 '20 at 15:10
https://stackoverflow.com/questions/17710897/how-to-use-sha1-encryption-instead-of-bcrypt-in-laravel-4 maybe something like this could work? – Aless55 Aug 18 '20 at 15:19
The Auth::login($user) won't works. The other link i think it will be useful but i need to check it better. Thanks. – Marco Silva Aug 18 '20 at 15:35

score -1 · Answer 2 · answered Aug 18 '20 at 14:37

-1

You want to use login from another project of laravel?

Not the smartest way, but might work.

Make app.key equal on both projects.
Create a database.connections another connection to the first project. name it for example as auth_mysql
Modify app/User.php and add protected $connection = 'auth_mysql';

This might cause issues if you will want to do JOINS to users table.

Perfect solution would be to do a full blown OAUTH with https://laravel.com/docs/7.x/passport#installation

answered Aug 18 '20 at 14:37

SviesusAlus

429
4
12

I want to make a laravel + react app that needs a login. But does not need registration. The registered users are in other database that i can only get values and the passwords are hashed in a specific way there. The attempt method bcrypts the password in the request to compare it to the database one but it will always fail because the password saved in the other database does not use bcrypt to hash it. – Marco Silva Aug 18 '20 at 14:42

Laravel - disable hashing on attempt method

2 Answers2