search

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.
https://laravel.com/docs/fortify
MIT License
1.62k stars 294 forks source link

Using any delete on a model or DB::statement, DB::delete makes using Fortify::authenticateUsing fails. #161

Closed EngHell closed 3 years ago

EngHell commented 3 years ago

So i have created a custom controller to hangle the "/login" post route, which is exactly as the one provided in the src but with a modified Request injection for renaming password to token.

The issue arises in this code(JetstreamServiceProvider.php):

Fortify::authenticateUsing(function(Request $request){
            $token = LoginToken::
                with("user")
                ->where("user_email",$request->email)
                ->where("token",$request->token)
                ->first();

            if($token){
                $user = $token->user;
                /*
                LoginToken::where("user_email",$request->email)
                    ->delete();
                */

                DB::statement("DELETE FROM login_tokens where user_email=:email ",["email"=>$token->user_email]);

                //DB::raw("DELETE FROM login_tokens where user_email='".$token->user_email."';");
                //dd($user);
                return $user;
            }

        });

As you can see i have commented some code sections as i have been experimenting, even retrieving the user after the token delete with User::where("email",$request->email) and even checking with dd says $user is not null in all cases but even then the response in the default jetstream view is

These credentials do not match our records.

But removing any delete query makes it work as intended.

Whats supposed to happen:

  1. Token is searched in database
  2. If token is found the user is saved to an $user variable
  3. Then the token is deleted
  4. Return the user and allow log in.

What happens: At step 4 the log in fails even with the return not being null or false.

EngHell commented 3 years ago

I've digging more inside of AttempToAuthenticate.php

protected function handleUsingCustomCallback($request, $next)
    {
        $user = call_user_func(Fortify::$authenticateUsingCallback, $request);

        dd($user);

        if (! $user) {
            $this->fireFailedEvent($request);

            return $this->throwFailedAuthenticationException($request);
        }

        $this->guard->login($user, $request->filled('remember'));

        return $next($request);
    }

$user is null only after running any delete statement.

driesvints commented 3 years ago

Hi there,

Thanks for reporting but it looks like this is a question which can be asked on a support channel. Please only use this issue tracker for reporting bugs with the library itself. If you have a question on how to use functionality provided by this repo you can try one of the following channels:

However, this issue will not be locked and everyone is still free to discuss solutions to your problem!

Thanks.