search

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.
https://laravel.com/docs/fortify
MIT License
1.61k stars 294 forks source link

Referencing issue #546 #549

Closed joaoribeiro-controlink closed 2 months ago

joaoribeiro-controlink commented 3 months ago

Fortify Version

1.21.3

Laravel Version

11.11.0

PHP Version

8.2.5

Database Driver & Version

MySQL 8

Description

Fortify does not make a successful authentication if the "remember" field is not passed as true.

I found that the problem is because the User model hasUuids trait on it.

Steps To Reproduce

Adding this to the FortifyServiceProvider on the boot method:

Fortify::authenticateUsing(function (Request $request) {
  if(Auth::attempt($request->only('username', 'password'), $request->filled('remember'))){
      // Regenerate the session to avoid session fixation
      $request->session()->regenerate();

      // Return the authenticated user instance
      return Auth::user();
  }

  return null;
});
driesvints commented 3 months ago

Heya, thanks for reporting.

We'll need more info and/or code to debug this further. Can you please create a repository with the command below, commit the code that reproduces the issue as one separate commit on the main/master branch and share the repository here? Please make sure that you have the latest version of the Laravel installer in order to run this command. Please also make sure you have both Git & the GitHub CLI tool properly set up.

laravel new bug-report --github="--public"

Please do not amend and create a separate commit with your custom changes. After you've posted the repository, we'll try to reproduce the issue.

Thanks!

joaoribeiro-controlink commented 3 months ago

Hey, I follow your request

Repo link: https://github.com/joaoribeiro-controlink/laravel-bugreport-hasuuid

joaoribeiro-controlink commented 3 months ago

I only installed laravel/fortify and laravel/breeze, at the moment authentication is only possible if the remember checkbox is checked

driesvints commented 3 months ago

I'm sorry @joaoribeiro-controlink but that's way too much changes in a single commit. I can't possible tell what your custom changes are. Please re-create the repo and commit anything installer/jetstream setup separately and all of your custom changes like the UUID changes you mention in a separate commit for me to review.

joaoribeiro-controlink commented 2 months ago

@driesvints The only thing I did is this: image

The rest has been made by fortify and breeze

crynobone commented 2 months ago

@joaoribeiro-controlink Laravel Breeze doesn't use Laravel Fortify. So Fortify::authenticateUsing() is not going to be used when authenticating using Breeze.

driesvints commented 2 months ago

Yeah I think there's still some things missing here. It might be best if you first try a support channel:

joaoribeiro-controlink commented 2 months ago

That's a way to close the ticket...

Just try it on a new project, add the trait HasUuids to the user model and the login will not work...

The breeze is just a UI start package...

crynobone commented 2 months ago

Breeze doesn't use Fortify and therefore this report is invalid.

And no, Breeze not just a UI package as install it's own set of Controllers https://github.com/laravel/breeze/blob/2.x/stubs/default/app/Http/Controllers/Auth/AuthenticatedSessionController.php

joaoribeiro-controlink commented 2 months ago

@crynobone Right, so try to use this Trait on a clean Laravel installation and check if it work as suppose.. Basically, fortify will only authenticate if the remember is passed as true if not, it happears that the auth session expire in the next second after the login

crynobone commented 2 months ago

I been developing a project on Fortify this week and doesn't have this issue.