Laravel 5.2 Auth authentication and using Salt+passwrod encryption authentication instead

Larval 5.2 Default Auth login incoming mail and user password to the attempt method to authenticate, through the value of the email to obtain, if the user is found, after the hash is stored in the data of the password will be and passed over the hashed processing The Passwrod value is compared. If the two hashed passwords match then an authentication session will be opened for the user.

But often the password in some of our systems is password authentication by Salt+password, or some old system is certified by Salt+passwrod, and now the refactoring is migrated to Laravel framework, So how does the password authentication use the Salt+password authentication method without the default Passwrod?

To solve the problem, we'd better get to the root

First look at how Laravel defaults to password verification, and see what Auth::guard ($this->getguard ())->attempt ($credentials) method does:

illuminate/contracts/auth/statefulguard.php

namespace Illuminate\contracts\auth;interface Statefulguard extends Guard  {    /**     * attempt to authenticate A user using the given credentials.     *     * @param  array  $credentials     * @param  bool   $remember     * @param  bool   $login     * @return BOOL     *    /Public Function attempt (array $credentials = [], $remember = False, $login = true); 
  
   ......
  

The above code see attempt is the method in the Statefulguard interface, the first parameter is the field to be authenticated, the second parameter is whether to remember the login, the third parameter whether to login, continue to see how attempt in Sessionguard is implemented

illuminate/auth/sessionguard.php

Class Sessionguard implements Statefulguard, Supportsbasicauth {use guardhelpers;     .../** * Attempt to authenticate a user using the given credentials.    * * @param array $credentials * @param bool $remember * @param BOOL $login * @return BOOL * * Public function attempt (array $credentials = [], $remember = False, $login = True) {$this->fireattempteven        T ($credentials, $remember, $login);        $this->lastattempted = $user = $this->provider->retrievebycredentials ($credentials); if ($this->hasvalidcredentials ($user, $credentials)) {if ($login) {$this->login ($user, $            Remember);        } return true;    } return false;     }/** * Determine if the user matches the credentials. * * @param mixed $user * @param array $credentials * @return bool */protected function Hasvalidcre Dentials ($user, $credentials) {return !    Is_null ($user) && $this->provider->validatecredentials ($user, $credentials); }.......}

See through $this->provider->retrievebycredentials ($credentials); $this->provider->validatecredentials ($ User, $credentials); To implement validation, Retrievebycredentials is used to verify that the passed field finds whether the user record exists, Validatecredentials is the actual process of verifying the password and incoming password in the user record.

It is important to note that the $this->provider, this provider is actually realized a illuminate\contracts\auth\userprovider provider, we see illuminate/ Contracts/auth below are two userprovider implementations, respectively databaseuserprovider.php and eloquentuserprovider.php. But when we verify the password, which one to verify is the decision?

config/auth.php

' Providers ' = [        ' users ' and ' = '            driver ' = ' eloquent ',            ' model ' + app\models\user::class,// This is the user Model        ]    ,

Here I configured ' driver ' = ' eloquent ', then it is verified by the retrievebycredentials in eloquentuserprovider.php, we continue to see what it has done

illuminate/auth/eloquentuserprovider.php

Class Eloquentuserprovider implements Userprovider {.../** * Retrieve a user by the given credentials. * * @param array $credentials * @return \illuminate\contracts\auth\authenticatable|null */Public Functio n retrievebycredentials (array $credentials) {//First we'll add each credential element to the query as a whe        RE clause. Then we can execute the query and, if we found a user, return it in A//eloquent user "model" that would be util        Ized by the Guard instances.        $query = $this->createmodel ()->newquery (); foreach ($credentials as $key = + $value) {if (!            Str::contains ($key, ' password ')) {$query->where ($key, $value);    }} return $query->first ();     }/** * Validate a user against the given credentials.     * * @param \illuminate\contracts\auth\authenticatable $user * @param array $credentials * @return bool */Public funCtion validatecredentials (usercontract $user, array $credentials) {$plain = $credentials [' Password '];    return $this->hasher->check ($plain, $user->getauthpassword ()); }    ......}

The above two methods Retrievebycredentials use verification fields other than passwords to see if a record exists, such as using an email to find out if a user record exists, and then the Validatecredentials method is through $this Hasher->check to verify that the password is correct by comparing the password entered with the hash, $plain is the encrypted password string that was submitted, $user->getauthpassword () is the encrypted password string that the database record holds.

Well, see here is very obvious, we need to change to our own password verification is not the implementation of their own Validatecredentials method can be, change $this->hasher->check for our own password verification can be, Start doing it!

• First, we will implement $user->getauthpassword (), and pass the salt and password of the user table in the database to Validatecredentials:

Modify app\models\user.php Add the following code

  Public Function Getauthpassword ()    {        return [' password ' = = $this->attributes[' password '], ' salt ' = = $ this->attributes[' Salt '];    }

• Then we build an implementation of our own userprovider.php that you can put anywhere and I put in the custom directory:

New app/foundation/auth/ryaneloquentuserprovider.php

 
  Getauthpassword ();        return SHA1 ($authPassword [' salt ']. SHA1 ($authPassword [' salt ']. SHA1 ($plain)) = = $authPassword [' password '];    }

I pass $user->getauthpassword (), passed over the salt and password of the user record, and then encrypted the authentication submitted password $plain and salt. If the encryption result matches the password string that is recorded in the user database then authentication passes, and of course the cryptographic algorithm is completely customized.

• Finally we replace the user providers with our own Ryaneloquentuserprovider

Modify app/providers/authserviceprovider.php

Public Function boot (gatecontract $gate)      {        $this->registerpolicies ($gate);        \auth::p rovider (' ryan-eloquent ', function ($app, $config) {            return new Ryaneloquentuserprovider ($this->app[' Hash '], $config [' model '];        });    

Modify config/auth.php

' Providers ' = [        ' users ' and ' = '            driver ' = ' ryan-eloquent ',            ' model ' and ' = app\models\user::class,< c9/>],    

OK, try again can use Salt+passwrod way password Authentication!

Reprint Please specify: Reproduced from Ryan is a rookie | LNMP Technology Stack Notes

If you think this article is very useful to you, why not give it a reward?

