You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
☝🏼 In the Getting Started card guide include, (3.) prescribes this extra hashing of $entry->password inside of setupCreateOperation().
In trying and testing this, I found that a user created while this code was in place could not, in fact, log in using the provided password.
Upon further testing and inspection of both $entry->password and also request('password'), what seems to be the case is that $entry->password has already been hashed (by laravel?), and so invoking \Hash::make() on this value is hashing a hash, thus breaking this user's ability to log in with the originally provided password.
Proposed resolution:
Simply remove this recommendation or prescribed code block
or, annotate somehow if it is specific to the version of Laravel... is it needed in Laravel 9 and below, but not in Laravel 10??
Php, Laravel, and Backpack version(s) context / report =>
Hello there! Thanks for opening your first issue on this repo!
Just a heads-up: Here at Backpack we use Github Issues only for tracking bugs. Talk about new features is also acceptable. This helps a lot in keeping our focus on improving Backpack. If you issue is not a bug/feature, please help us out by closing the issue yourself and posting in the appropriate medium (see below). If you're not sure where it fits, it's ok, a community member will probably reply to help you with that.
Long questions (I have done X and Y and it won't do Z wtf) - Stackoverflow, using the backpack-for-laravel tag;
Showing off something you've made, asking for opinion on Backpack/Laravel matters - Reddit;
Please keep in mind Backpack offers no official / paid support. Whatever help you receive here, on Gitter, Slack or Stackoverflow is thanks to our awesome awesome community members, who give up some of their time to help their peers. If you want to join our community, just start pitching in. We take pride in being a welcoming bunch.
Bug discovered, here:
CRUD/src/resources/views/ui/inc/getting_started.blade.php
Lines 42 to 44 in de5668b
Summary and findings
☝🏼 In the Getting Started card guide include, (3.) prescribes this extra hashing of
$entry->password
inside ofsetupCreateOperation()
.In trying and testing this, I found that a user created while this code was in place could not, in fact, log in using the provided password.
Upon further testing and inspection of both
$entry->password
and alsorequest('password')
, what seems to be the case is that$entry->password
has already been hashed (by laravel?), and so invoking\Hash::make()
on this value is hashing a hash, thus breaking this user's ability to log in with the originally provided password.Proposed resolution:
Simply remove this recommendation or prescribed code block
Php, Laravel, and Backpack version(s) context / report =>
The text was updated successfully, but these errors were encountered: