laravel-database-encryption icon indicating copy to clipboard operation
laravel-database-encryption copied to clipboard
verified publisher icon elgiborsolution

When users login fields are encrypted, login fails

Open roarkmccolgan opened this issue 5 years ago • 7 comments

Hi

LOVE this package, thank you!

I have a problem where i would like to encrypt my registered users. They are no longer able to login as the built in Laravel Authentication doesn't use whereEncrypted

Please will let me know how to get around this?

Thanks!

roarkmccolgan avatar Feb 14 '21 15:02 roarkmccolgan

@roarkmccolgan

For laravel 5.x to 7.x, you can create postLogin function to override the logic.

For laravel 8.x, you need to create custom login controller to override the logic.

elgibor-solution avatar Feb 15 '21 01:02 elgibor-solution

Hi Elgibor,

I fully agree with Roarkmccolgan, I love your package too, just implemented it in Laravel 8.x. However, I am also struggling with achieving user authentications with encrypted email addresses.

Please be so kind to share the code for the custom LoginController function to make this work.

Many thanks in advance!

LaravelLover069 avatar Mar 20 '21 15:03 LaravelLover069

@elgibor-solution please can you share a solution for this?

constantinosergiou avatar Aug 14 '21 16:08 constantinosergiou

@LaravelLover069 @constantinosergiou can create a custom rule to retrieve the user's data with their email and check the password with hash::check

quevlu avatar Feb 23 '22 20:02 quevlu

Was this issue ever solved?

ignacio-dev avatar Jun 21 '22 08:06 ignacio-dev 

$user = User::whereEncrypted('email', $credentials['email'])->first();
if (!empty($user) && Hash::check($credentials['password'], $user->password)) {
       $this->guard()->login($user, $request->has('remember'));
       return $this->sendLoginResponse($request);
}

Or

$user = User::whereEncrypted('email', $credentials['email'])->first();
if (!empty($user) && Hash::check($credentials['password'], $user->password)) {
       Auth::login($user, $request->has('remember'));
      return $this->sendLoginResponse($request);
}

Would work for encrypted emails. Also i left the original non encrypted login for legacy support for none encrypted emails Happy coding!!!!!!!! 😎😎😎

jefferdo avatar Aug 02 '22 06:08 jefferdo

Was this issue ever solved?

Here you go

$user = User::whereEncrypted('email', $credentials['email'])->first();
if (!empty($user) && Hash::check($credentials['password'], $user->password)) {
       $this->guard()->login($user, $request->has('remember'));
       return $this->sendLoginResponse($request);
}

Or

$user = User::whereEncrypted('email', $credentials['email'])->first();
if (!empty($user) && Hash::check($credentials['password'], $user->password)) {
       Auth::login($user, $request->has('remember'));
      return $this->sendLoginResponse($request);
}

Would work for encrypted emails. Also i left the original non encrypted login for legacy support for none encrypted emails Happy coding!!!!!!!! 😎😎😎

jefferdo avatar Aug 02 '22 06:08 jefferdo