0

I am using laravel lumen framework v8 and with jwt authentication on the following website https://jwt-auth.readthedocs.io/en/develop/lumen-installation/.

Here is some of code snippet that I have used in my project

<?php
return [
   'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
          'driver' => 'jwt',
          'provider' => 'users'
        ],
      ],

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ]
    ]
];

cofig/auth.php

I also register this file under the boootstrap/app.php and all the other configuration

This is my controller login function look like

public function login(Request $request)
    {

        $email = $request->input('email');
        $pass = $request->input('password');

        $credentials = [
            'email'=>$email,
            'password'=>md5($pass)
        ];

        dd( Auth::attempt($credentials));
                //return response()->json($credentials);
        if (! $token = auth('web')->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorizedsfwe'], 401);
        }

        return $this->respondWithToken($token);
    }

I am using my existing project DB the password is store in the form of MD5 so I tried this way as well like above but is not working even I also tried to log in with direct hash MD5 but it still not working at all

but when I tried to run this from the response directory on PHPMyAdmin

return response()->json($credentials);

it works but not with the auth('web')->attempt() method

John Conde
  • 217,595
  • 99
  • 455
  • 496
Daljeet Singh
  • 1
  • 2

2 Answers2

0

As I recall when you pass credentials to attempt method you shouldn't hash the password, it handles password hashing. You can check EloquentUserProvider.php 's validateCredentials method here: https://github.com/laravel/framework/blob/574aaece57561e4258d5f9ab4275009d4355180a/src/Illuminate/Auth/EloquentUserProvider.php#L154-L159

It uses built-in hasher.

So it seems you need to override default hash behavior and use MD5 instead of it. When I searched it on Stackoverflow I found this: https://stackoverflow.com/a/44126955/1977031

It simply creates a MD5Hasher which implements Illuminate\Contracts\Hashing\Hasher and use md5 to make hash. And register it in a service provider to give application a MD5Hasher when it needs a Hasher

Dharman
  • 30,962
  • 25
  • 85
  • 135
Uğur Arıcı
  • 1,180
  • 1
  • 10
  • 16
  • Thanks for your answer. I am new in Laravel so that is why I do not know about this it helps. to understand so what works for me I just answer with my new post https://stackoverflow.com/a/68431054/16244846 – Daljeet Singh Jul 18 '21 at 16:30
0

Thanks for your answer, I got my answer basically what my code does it will. just double hash my password with once with md5 and another time larval default hashing so that is my it is not working maybe I have to disable the hashing or just override the default hashing with MD5

now I directly tried like this works for me

 public function login(Request $request)
{

    $email = $request->input('email');
    $pass = $request->input('password');

    $credentials = [
        'email'=>$email,
        'password'=>md5($pass)
    ];


            //return response()->json($credentials);

    $user = User::where('email', $request->email)
        ->where('password',md5($request->password))->first();
  
    if (! $token =  Auth::login($user)) {
        return response()->json(['error' => 'Unauthorizedsfwe'], 401);
    }
    

   return $this->respondWithToken($token);
}
Daljeet Singh
  • 1
  • 2