diff --git a/src/Illuminate/Auth/DatabaseUserProvider.php b/src/Illuminate/Auth/DatabaseUserProvider.php index f8005b7d14cd..3f5f0ed55c27 100755 --- a/src/Illuminate/Auth/DatabaseUserProvider.php +++ b/src/Illuminate/Auth/DatabaseUserProvider.php @@ -152,8 +152,14 @@ protected function getGenericUser($user) */ public function validateCredentials(UserContract $user, array $credentials) { - return $this->hasher->check( - $credentials['password'], $user->getAuthPassword() + $hashed = $user->getAuthPassword(); + + if (strlen($hashed) === 0) { + return false; + } + + return password_verify( + $credentials['password'], $hashed ); } } diff --git a/src/Illuminate/Auth/EloquentUserProvider.php b/src/Illuminate/Auth/EloquentUserProvider.php index 23b5b792cf13..e9365a346292 100755 --- a/src/Illuminate/Auth/EloquentUserProvider.php +++ b/src/Illuminate/Auth/EloquentUserProvider.php @@ -138,8 +138,13 @@ public function retrieveByCredentials(array $credentials) public function validateCredentials(UserContract $user, array $credentials) { $plain = $credentials['password']; + $hashed = $user->getAuthPassword(); - return $this->hasher->check($plain, $user->getAuthPassword()); + if (strlen($hashed) === 0) { + return false; + } + + return password_verify($plain, $hashed); } /** diff --git a/tests/Auth/AuthDatabaseUserProviderTest.php b/tests/Auth/AuthDatabaseUserProviderTest.php index f5f4f75a1798..3ab5b5cbb975 100755 --- a/tests/Auth/AuthDatabaseUserProviderTest.php +++ b/tests/Auth/AuthDatabaseUserProviderTest.php @@ -115,11 +115,22 @@ public function testCredentialValidation() { $conn = m::mock('Illuminate\Database\Connection'); $hasher = m::mock('Illuminate\Contracts\Hashing\Hasher'); - $hasher->shouldReceive('check')->once()->with('plain', 'hash')->andReturn(true); $provider = new DatabaseUserProvider($conn, $hasher, 'foo'); $user = m::mock('Illuminate\Contracts\Auth\Authenticatable'); - $user->shouldReceive('getAuthPassword')->once()->andReturn('hash'); - $result = $provider->validateCredentials($user, ['password' => 'plain']); + $user->shouldReceive('getAuthPassword')->once()->andReturn('$2y$10$TKh8H1.PfQx37YgCzwiKb.KjNyWgaHb9cbcoQgdIVFlYg7B77UdFm'); + $result = $provider->validateCredentials($user, ['password' => 'secret']); + + $this->assertTrue($result); + } + + public function testCredentialValidationUsingUnknownAlgorithm() + { + $conn = m::mock('Illuminate\Database\Connection'); + $hasher = m::mock('Illuminate\Contracts\Hashing\Hasher'); + $provider = new DatabaseUserProvider($conn, $hasher, 'foo'); + $user = m::mock('Illuminate\Contracts\Auth\Authenticatable'); + $user->shouldReceive('getAuthPassword')->once()->andReturn('$1$0590adc6$WVAjBIam8sJCgDieJGLey0'); + $result = $provider->validateCredentials($user, ['password' => 's3cr3t']); $this->assertTrue($result); } diff --git a/tests/Auth/AuthEloquentUserProviderTest.php b/tests/Auth/AuthEloquentUserProviderTest.php index f5dab1acbab0..c58e4a9bb1ab 100755 --- a/tests/Auth/AuthEloquentUserProviderTest.php +++ b/tests/Auth/AuthEloquentUserProviderTest.php @@ -90,11 +90,22 @@ public function testCredentialValidation() { $conn = m::mock('Illuminate\Database\Connection'); $hasher = m::mock('Illuminate\Contracts\Hashing\Hasher'); - $hasher->shouldReceive('check')->once()->with('plain', 'hash')->andReturn(true); $provider = new EloquentUserProvider($hasher, 'foo'); $user = m::mock('Illuminate\Contracts\Auth\Authenticatable'); - $user->shouldReceive('getAuthPassword')->once()->andReturn('hash'); - $result = $provider->validateCredentials($user, ['password' => 'plain']); + $user->shouldReceive('getAuthPassword')->once()->andReturn('$2y$10$TKh8H1.PfQx37YgCzwiKb.KjNyWgaHb9cbcoQgdIVFlYg7B77UdFm'); + $result = $provider->validateCredentials($user, ['password' => 'secret']); + + $this->assertTrue($result); + } + + public function testCredentialValidationUsingUnknownAlgorithm() + { + $conn = m::mock('Illuminate\Database\Connection'); + $hasher = m::mock('Illuminate\Contracts\Hashing\Hasher'); + $provider = new EloquentUserProvider($hasher, 'foo'); + $user = m::mock('Illuminate\Contracts\Auth\Authenticatable'); + $user->shouldReceive('getAuthPassword')->once()->andReturn('$1$0590adc6$WVAjBIam8sJCgDieJGLey0'); + $result = $provider->validateCredentials($user, ['password' => 's3cr3t']); $this->assertTrue($result); }