我是Laravel的新手 . 我很享受这个框架的每一点 . 我最近遇到了一些身份验证/登录问题 .
用户注册工作正常,但当我尝试使用注册期间创建的相同凭据登录时,应用程序会抛出此错误:
这些凭据与我们的记录不符
我还查看了数据库中的users表,并捕获了注册表单中的所有字段 . 我只是想知道为什么应用程序无法从数据库中检索这些 .
请参阅下面的LoginController代码:
namespace App\Http\Controllers\Auth;
use App\Models\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Firebase\JWT\JWT;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/dashboard';
// Get your service account's email address and private key from the JSON
key file
protected $service_account_email = "abc-123@a-b-c-
123.iam.gserviceaccount.com";
protected $private_key = "-----BEGIN PRIVATE KEY-----...";
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
$this->service_account_email = config('services.firebase.client_email');
$this->private_key = config('services.firebase.private_key');
}
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
$data = $request->only($this->username(), 'password');
$data['email_confirmed'] = 1;
return $data;
}
protected function authenticated(Request $request, $user)
{
$jwt = $this->create_custom_token($user,false);
session(['jwt' => $jwt]);
return redirect()->intended($this->redirectPath());
}
function create_custom_token(User $user, $is_premium_account) {
$now_seconds = time();
$payload = array(
"iss" => $this->service_account_email,
"sub" => $this->service_account_email,
"aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"iat" => $now_seconds,
"exp" => $now_seconds+(60*60), // Maximum expiration time is one hour
"uid" => $user->ref_code,
"email" => $user->email,
"name" => $user->name,
"phone_number" => $user->phone_number,
"claims" => array(
"premium_account" => $is_premium_account
)
);
return JWT::encode($payload, $this->private_key, "RS256");
}
}
我怎样才能解决这个问题?
1 回答
我找到了解决上述问题的方法!
好吧,显然,问题是应用程序双重哈希密码 . 我从http://laravel.com/docs/5.1/authentication读到
从它谈论尝试方法的位置:“如果找到用户,则存储在数据库中的散列密码将与通过阵列传递给方法的散列密码值进行比较 . 如果两个散列密码匹配,则经过验证的会话将是为用户开始 . “
因此,即使我使用表单传递了正确的密码,尝试方法也是在从表单发送的密码上调用bcrypt . 对其进行哈希处理后,它将不再与计划文本密码匹配 .
所以,我没有试图记住在save / update / db seeding上哈希我的密码,而是在User类中添加了一个属性mutator:
瞧!问题解决了