我要登录时遇到一些问题,我的Auth::attempt
始终为假值,我遇到了问题,我的代码有问题吗?
控制器:
public function register(Request $register)
{
$validator = Validator::make($register->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
} else {
$name = $register->input('name');
$email = $register->input('email');
$pwd = $register->input('password');
$c_pwd = $register->input('c_password');
// Crypting password & c_password to md5
$md5_pwd = md5($pwd);
$md5_c_pwd = md5($c_pwd);
// Salt password & c_password
$password = crypt($md5_pwd, "asd");
$c_password = crypt($md5_c_pwd, "asd");
$data = new User();
if ($password == $c_password) {
$user = User::create([
'name' => $name,
'email' => $email,
'password' => $password,
]);
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
} else {
return response()->json(['error' => "Password doesn't match"], 401);
}
}
}
public function login()
{
$email = request('email');
$pwd = request('password');
$md5 = md5($pwd);
$password = crypt($md5, "asd");
if (Auth::attempt(['email' => $email, 'password' => $password])) {
$user = Auth::user();
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
} else {
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
], 401);
}
}
答案 0 :(得分:1)
尝试此代码。我不知道您在attempt
中尝试对其加密的密码的代码发生了什么。
public function login(LoginRequest $request) {
if(!Auth::attempt([
'email' => $request->email,
'password' => $request->password,
'active' => true
])) {
return response()->json('Email or Password is incorrect', 500);
}
$this->user = Auth::user()->load('roles');
return $this->createUserAccessTokenResponse();
}
protected function createUserAccessTokenResponse() {
return response()->json([
'status' => 'success',
'data' => [
'token' => $this->user->createToken($this->user->name)->accessToken,
'user' => $this->user
],
], 200);
}
答案 1 :(得分:1)
您的问题是laravel默认情况下会散列密码。因此,当您执行Auth::attempt
时,将对您提供的密码进行哈希处理。结果就是您得到的结果,它将永远是错误的。
相反,您需要Other Authentication Methods。
Auth::login($user);
// Login and "remember" the given user...
Auth::login($user, true);
以上是修复代码的最简单方法。
建议对您的密码进行哈希处理,而不是对密码进行加密。
在laravel中哈希密码也是
Hash::make($password);
然后您可以使用Auth::attempt
登录用户。
答案 2 :(得分:1)
我认为您搞砸了Laravel默认密码哈希系统
public function register(Request $register)
{
$validator = Validator::make($register->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
'c_password' => 'required|same:password',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
} else {
$name = $register->input('name');
$email = $register->input('email');
$pwd = $register->input('password');
$c_pwd = $register->input('c_password');
// $data = new User();
$user = User::create([
'name' => $name,
'email' => $email,
'password' => bcrypt($password . 'salt'),
]);
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
}
}
public function login()
{
$email = request('email');
$pwd = request('password');
if (Auth::attempt(['email' => $email, 'password' => $password . 'salt'])) {
$user = Auth::user();
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
} else {
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
], 401);
}
}
答案 3 :(得分:1)
与其使用md5
或crypt
而不是\Hash::make()
,它更安全
我重构了您的代码,它做了同样的事情
您只需要将c_password
重命名为password_confirmation
Source
下面的代码与您的代码具有相同的作用
public function register(Request $register)
{
$this->validate($register, [
'name' => 'required',
'email' => 'required|email',
'password' => 'required|confirmed',
]);
$user = User::create([
'name' => $register->input('name'),
'email' => $register->input('email'),
'password' => $register->input('password'),
]);
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user,
]);
}
public function login(Request $request)
{
$request->merge(['password' => \Hash::make($request->input('password'))]);
if (Auth::attempt($request->only(['email', 'password']))) {
$user = Auth::user();
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user,
]);
}
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
], 401);
}
当您使用crypt
对密码进行哈希处理时,它具有一个可以解锁的密钥,这就是为什么有一个decrypt
的原因,但是当您使用Hash::make()
时,它没有用于破解或解锁的密钥它将检查其算法,以查看给定的密码是否与数据库中已经存在的算法匹配,这就是crypt
不安全且Hash :: make更安全的原因
答案 4 :(得分:1)
当通过模型保存密码时,Laravel Auth使用bcrypt哈希,您可以使用2种方法中的任何一种
$account->password = bcrypt("YOUR_PASSWORD");
或$account->password = Hash::make("YOUR_PASSWORD");
然后,如果您要处理auth try函数,只需简单地调用这样的方法
if($account = Auth::attemp(['email' => "YOUR_EMAIL@DOMAIN.COM", 'password' => "YOUR_PASSWORD"])){
//success login, do your extra job here
}else{
//invalid credentials here
}