Fatal编程技术网
  • laravel/
  • Laravel 如何将登录哈希bcrypt更改为哈希256

Laravel 如何将登录哈希bcrypt更改为哈希256

laravel

Laravel 如何将登录哈希bcrypt更改为哈希256,laravel,Laravel,我正在尝试更改laravel中的哈希。 所以我在RegisterController中用盐定制了SHA256。 注册已完成,但如何更改登录 protected function create(array $data) { $salt = Str::random(8); return User::create([ 'name' => $data['name'], 'email' => $data['email'], 'pa

我正在尝试更改laravel中的哈希。 所以我在RegisterController中用盐定制了SHA256。 注册已完成,但如何更改登录

protected function create(array $data)
{
    $salt = Str::random(8);
    return User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => '$SHA$' . $salt . '$' . hash('sha256', hash('sha256', $data['password']) . $salt),
    ]);
}
这是LoginController的代码<代码>$this->guard()->trunt($this->credentials($request))这将转到某个地方并散列,然后获取令牌

<?php

namespace App\Http\Controllers\Auth;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Exceptions\VerifyEmailException;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Validation\ValidationException;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

class LoginController extends Controller
{
    use AuthenticatesUsers;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    /**
     * Attempt to log the user into the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function attemptLogin(Request $request)
    {
        $token = $this->guard()->attempt($this->credentials($request));

        if (! $token) {
            return false;
        }

        $user = $this->guard()->user();
        if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
            return false;
        }

        $this->guard()->setToken($token);

        return true;
    }

    /**
     * Send the response after the user was authenticated.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\JsonResponse
     */
    protected function sendLoginResponse(Request $request)
    {
        $this->clearLoginAttempts($request);
        $user = $this->guard()->user();
        $token = (string) $this->guard()->getToken();
        $expiration = $this->guard()->getPayload()->get('exp');

        return response()->json([
            'token' => $token,
            'token_type' => 'bearer',
            'expires_in' => $expiration - time(),
        ]);
    }

    /**
     * Get the failed login response instance.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\JsonResponse
     *
     * @throws \Illuminate\Validation\ValidationException
     */
    protected function sendFailedLoginResponse(Request $request)
    {
        $user = $this->guard()->user();
        if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
            throw VerifyEmailException::forUser($user);
        }

        throw ValidationException::withMessages([
            $this->username() => [trans('auth.failed')],
        ]);
    }

    /**
     * Log the user out of the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function logout(Request $request)
    {
        $this->guard()->logout();
    }
}
以下是(我认为是)添加哈希函数的正确方法:

步骤1:通过实现契约创建哈希程序:

namespace App; 
use Illuminate\Contracts\Hashing\Hasher as HasherContract;

class Sha256Hasher implements HasherContract {
    public function make($value, array $options = []) {
           $salt = Str::random(8);
           return '$SHA$' . $salt . '$' . hash('sha256', hash('sha256', $data['password']) . $salt),
    }
    public function info($value) {
       // Implement something that works like https://www.php.net/manual/en/function.password-get-info.php
    } 

    public function check($value, $hashedValue, array $options = [])) {
        // Verify the hash here e.g.
        return $this->make($value, $options) === $hashedValue;
        // But more secure than this
    }

    public function needsRehash($hashedValue, array $options = []) {
          return <a boolean whether the passwords needs rehashing>;
    }

}
然后(最后)在
config/hashing.php
中更改默认的哈希驱动程序:

'driver' => 'sha256',
这将切换哈希以使用新的驱动程序,并且不需要对视图或模型进行任何更改。

首先,创建此函数,以便重用它:

protected function hash($string){
    return hash('sha256', $string . config('app.encryption_key'));
}
在创建用户时,必须调用函数散列密码:

protected function create(array $data){
    return User::create([
       'name' => $data['name'],
       'password' => $this->hash($data['password'])
    ]);
}
登录时,您必须再次调用密码上的哈希函数:

protected function login(Request $request){
    $user = User::where([
           'email' => $request->request('email'), 
           'password' => $this->hash($request->input('password')) 
    ])->first();
    Auth::login($user);
    $token = $user->createToken('MyApp')->accessToken;
    return response()->json(compact('token', 'user'));
}
我认为这是最好的考虑方法。

你为什么不使用?这将生成与
password\u verify
兼容的密码散列(我认为)。这样,您就不需要手动预先编写算法和salt,因为该函数为you@apokryfos是的,我想,但我正在尝试与AuthMeReloaded整合。设置是用盐做的。所以我无法用salt将bcrypt更改为hash256。我正在阅读authmereload的文档,他们接受bcrypt:支持的密码加密算法:SHA256、bcrypt、PBKDF2,xAuth@SamuelAialaFerreira是的,它支持,但我已经用salt用SHA256编写了sql数据。 
protected function login(Request $request){
    $user = User::where([
           'email' => $request->request('email'), 
           'password' => $this->hash($request->input('password')) 
    ])->first();
    Auth::login($user);
    $token = $user->createToken('MyApp')->accessToken;
    return response()->json(compact('token', 'user'));
}