Laravel Auth:这些凭据与我们的记录不符
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/48268978/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel Auth: These credentials do not match our records
提问by Nnamdi
I am really new to Laravel. And I am enjoying every bit of the framework. I have recently run into some problems with Authentication/Login.
我对 Laravel 真的很陌生。我很享受这个框架的每一点。我最近在身份验证/登录方面遇到了一些问题。
User registration works fine, but when I try to login using the same credentials created during registration, the app throws up this error:
用户注册工作正常,但是当我尝试使用注册期间创建的相同凭据登录时,该应用程序抛出此错误:
These credentials do not match our records
这些凭据与我们的记录不符
I have also looked in the users table within the database and all the fields from the registration form is captured. I am just wondering why the app fails to retrieve these from the database.
我还查看了数据库中的用户表,并捕获了注册表中的所有字段。我只是想知道为什么应用程序无法从数据库中检索这些。
See below my LoginController code:
请参阅下面我的 LoginController 代码:
namespace App\Http\Controllers\Auth;
use App\Models\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Firebase\JWT\JWT;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/dashboard';
// Get your service account's email address and private key from the JSON
key file
protected $service_account_email = "abc-123@a-b-c-
123.iam.gserviceaccount.com";
protected $private_key = "-----BEGIN PRIVATE KEY-----...";
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
$this->service_account_email = config('services.firebase.client_email');
$this->private_key = config('services.firebase.private_key');
}
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
$data = $request->only($this->username(), 'password');
$data['email_confirmed'] = 1;
return $data;
}
protected function authenticated(Request $request, $user)
{
$jwt = $this->create_custom_token($user,false);
session(['jwt' => $jwt]);
return redirect()->intended($this->redirectPath());
}
function create_custom_token(User $user, $is_premium_account) {
$now_seconds = time();
$payload = array(
"iss" => $this->service_account_email,
"sub" => $this->service_account_email,
"aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"iat" => $now_seconds,
"exp" => $now_seconds+(60*60), // Maximum expiration time is one hour
"uid" => $user->ref_code,
"email" => $user->email,
"name" => $user->name,
"phone_number" => $user->phone_number,
"claims" => array(
"premium_account" => $is_premium_account
)
);
return JWT::encode($payload, $this->private_key, "RS256");
}
}
How can I get this solved?
我怎样才能解决这个问题?
回答by Nnamdi
I found a solution to my problem above!
我在上面找到了解决我的问题的方法!
Okay, apparently, the issue was with the app double hashing the passwords. I read from http://laravel.com/docs/5.1/authentication
好的,显然,问题在于应用程序对密码进行了双重哈希处理。我从http://laravel.com/docs/5.1/authentication阅读
From where it talks about the attempt method: "If the user is found, the hashed password stored in the database will be compared with the hashed password value passed to the method via the array. If the two hashed passwords match an authenticated session will be started for the user."
从它谈到尝试方法的地方:“如果找到用户,则将存储在数据库中的散列密码与通过数组传递给该方法的散列密码值进行比较。如果两个散列密码匹配,则经过身份验证的会话将被为用户启动。”
So even if I pass the correct password in with the form the attempt method is calling bcrypt on my password sent in from the form. Once it is hashed it is not going to match the plan text password anymore.
因此,即使我在表单中传递了正确的密码,尝试方法也会对从表单发送的密码调用 bcrypt。一旦它被散列它就不再匹配计划文本密码。
So, instead of trying to remember to hash my passwords on save/update/db seeding, I just added an attribute mutator to the User class:
因此,我没有尝试记住在 save/update/db 播种时散列我的密码,而是向 User 类添加了一个属性修改器:
public function setPasswordAttribute($password)
{
$this->attributes['password'] = bcrypt($password);
}
And voila! Issue solved
瞧!问题已解决
回答by Roman Syed
I also face this problem.
我也面临这个问题。
Lavarel by default hash your password, just change 'hash' to 'bcrypt' in RegisterController.php
默认情况下,Lavarel 会散列您的密码,只需在RegisterController.php中将 'hash' 更改为 'bcrypt'
protected function create(array $data)
{
return User::create([
'password' =>bcrypt($data['password']),
]);
}
