search

Laravel-Backpack / community-forum

A workspace to discuss improvement and feature ideas, before they're actually implemented.
28 stars 0 forks source link

[Bug] Method encoding cannot be changed (argon/argon2id) #895

Closed tringuyenduc2903 closed 3 months ago

tringuyenduc2903 commented 3 months ago

Bug report

What I did

Change to new encryption method (argon/argon2id)

    \\ File: config/hashing.php
    /*
    |--------------------------------------------------------------------------
    | Default Hash Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default hash driver that will be used to hash
    | passwords for your application. By default, the bcrypt algorithm is
    | used; however, you remain free to modify this option if you wish.
    |
    | Supported: "bcrypt", "argon", "argon2id"
    |
    */

    'driver' => env('HASH_DRIVER', 'argon2id'),

What I expected to happen

Register an account, change password, and verify stable operations

What happened

An exception occurred Could not verify the hashed value's configuration

What I've already tried to fix it

Backpack's core files are hard-coding, making it difficult to maintain, for example: vendor/backpack/crud/src/app/Http/Controllers/Auth/RegisterController.php

    protected function create(array $data)
    {
        $user_model_fqn = config('backpack.base.user_model_fqn');
        $user = new $user_model_fqn();

        return $user->create([
            'name' => $data['name'],
            backpack_authentication_column() => $data[backpack_authentication_column()],
            'password' => bcrypt($data['password']), // recommended: Hash::make($data['password'])
        ]);
    }

Is it a bug in the latest version of Backpack?

After I run backpack composer update backpack/crud the error it still persists

Backpack, Laravel, PHP, DB version

When I run php artisan backpack:version the output is: image

jcastroa87 commented 3 months ago

Hello @tringuyenduc2903

I will check about this, but meanwhile, you can try to override the RegisterController

  1. First, create a RegisterController by overriding the default one. Remember to add validation for your field and populate the value when saving to the User model.
  2. Override the RegisterController in AppServiceProvider: 
    
<?php

namespace App\Providers;

use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider { /**

Try this meanwhile, we test it.

Cheers.

pxpm commented 3 months ago

Thanks @tringuyenduc2903 for the report 🙏

It's fixed in https://github.com/Laravel-Backpack/CRUD/releases/tag/6.7.2

Cheers

ziming commented 3 months ago

a side note:

2 of the judges on the password hashing competition panel have changed their mind and now recommends bcrypt over argon2id @tringuyenduc2903

so u might want to reconsider the decision to change to argon2id

https://twitter.com/TerahashCorp/status/1155129705034653698