search

Kyon147 / laravel-shopify

A full-featured Laravel package for aiding in Shopify App development
MIT License
353 stars 102 forks source link

Hashed Passwords - Improve documentation for Laravel 10 #163

Closed jeroendelau closed 1 year ago

jeroendelau commented 1 year ago

For bug reporting only! If you're posting a feature request or discussion, please ignore.

Expected Behavior

The documentation should mention that, as of Laravel 10, passwords are hashed using casts by default. You need to disable this in order for tokens to be saved and used. If you do not do this, the Shopify token is hashed and become unusable.

 /**
     * The attributes that should be cast.
     *
     * @var array<string, string>
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
        //'password' => 'hashed',
    ];

Current Behavior

If you try to use the API offline you will see: "{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}

Steps to Reproduce

  1. Fresh install of laravel (10) + kyon147/laravel-shopify
  2. Setup an app and Shopify App
  3. Install the app on a test store
  4. Observe that password in users table is hashed

Context

Kyon147 commented 1 year ago

@jeroendelau good catch, I'll add this to the wiki 👍