Laravel 如何将登录哈希bcrypt更改为哈希256
我正在尝试更改laravel中的哈希。 所以我在RegisterController中用盐定制了SHA256。 注册已完成,但如何更改登录Laravel 如何将登录哈希bcrypt更改为哈希256,laravel,Laravel,我正在尝试更改laravel中的哈希。 所以我在RegisterController中用盐定制了SHA256。 注册已完成,但如何更改登录 protected function create(array $data) { $salt = Str::random(8); return User::create([ 'name' => $data['name'], 'email' => $data['email'], 'pa
protected function create(array $data)
{
$salt = Str::random(8);
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => '$SHA$' . $salt . '$' . hash('sha256', hash('sha256', $data['password']) . $salt),
]);
}
这是LoginController的代码<代码>$this->guard()->trunt($this->credentials($request))这将转到某个地方并散列,然后获取令牌
<?php
namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Exceptions\VerifyEmailException;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Validation\ValidationException;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
use AuthenticatesUsers;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Attempt to log the user into the application.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function attemptLogin(Request $request)
{
$token = $this->guard()->attempt($this->credentials($request));
if (! $token) {
return false;
}
$user = $this->guard()->user();
if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
return false;
}
$this->guard()->setToken($token);
return true;
}
/**
* Send the response after the user was authenticated.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
protected function sendLoginResponse(Request $request)
{
$this->clearLoginAttempts($request);
$user = $this->guard()->user();
$token = (string) $this->guard()->getToken();
$expiration = $this->guard()->getPayload()->get('exp');
return response()->json([
'token' => $token,
'token_type' => 'bearer',
'expires_in' => $expiration - time(),
]);
}
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*
* @throws \Illuminate\Validation\ValidationException
*/
protected function sendFailedLoginResponse(Request $request)
{
$user = $this->guard()->user();
if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
throw VerifyEmailException::forUser($user);
}
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
/**
* Log the user out of the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function logout(Request $request)
{
$this->guard()->logout();
}
}
以下是(我认为是)添加哈希函数的正确方法:
步骤1:通过实现契约创建哈希程序:
namespace App;
use Illuminate\Contracts\Hashing\Hasher as HasherContract;
class Sha256Hasher implements HasherContract {
public function make($value, array $options = []) {
$salt = Str::random(8);
return '$SHA$' . $salt . '$' . hash('sha256', hash('sha256', $data['password']) . $salt),
}
public function info($value) {
// Implement something that works like https://www.php.net/manual/en/function.password-get-info.php
}
public function check($value, $hashedValue, array $options = [])) {
// Verify the hash here e.g.
return $this->make($value, $options) === $hashedValue;
// But more secure than this
}
public function needsRehash($hashedValue, array $options = []) {
return <a boolean whether the passwords needs rehashing>;
}
}
然后(最后)在config/hashing.php
中更改默认的哈希驱动程序:
'driver' => 'sha256',
这将切换哈希以使用新的驱动程序,并且不需要对视图或模型进行任何更改。首先,创建此函数,以便重用它:
protected function hash($string){
return hash('sha256', $string . config('app.encryption_key'));
}
在创建用户时,必须调用函数散列密码:
protected function create(array $data){
return User::create([
'name' => $data['name'],
'password' => $this->hash($data['password'])
]);
}
登录时,您必须再次调用密码上的哈希函数:
protected function login(Request $request){
$user = User::where([
'email' => $request->request('email'),
'password' => $this->hash($request->input('password'))
])->first();
Auth::login($user);
$token = $user->createToken('MyApp')->accessToken;
return response()->json(compact('token', 'user'));
}
我认为这是最好的考虑方法。你为什么不使用?这将生成与
password\u verify
兼容的密码散列(我认为)。这样,您就不需要手动预先编写算法和salt,因为该函数为you@apokryfos是的,我想,但我正在尝试与AuthMeReloaded整合。设置是用盐做的。所以我无法用salt将bcrypt更改为hash256。我正在阅读authmereload的文档,他们接受bcrypt:支持的密码加密算法:SHA256、bcrypt、PBKDF2,xAuth@SamuelAialaFerreira是的,它支持,但我已经用salt用SHA256编写了sql数据。
protected function login(Request $request){
$user = User::where([
'email' => $request->request('email'),
'password' => $this->hash($request->input('password'))
])->first();
Auth::login($user);
$token = $user->createToken('MyApp')->accessToken;
return response()->json(compact('token', 'user'));
}