It is always painful to remember and type in the correct password in the login form while you are in development...
It would be nice to be able to login with any password in local environment and only by changing the .env variables(not the application code), switch to: "real password checking".
(This means you do not need to change your application code, when you deploy your app to production while you enjoy the ease in local environments.)
Actually the behaviour of the auth()->attempt($credentials);
simply changes based on the config variable in the auth.php and .env file!
This package is only a few lines (about 20 lines) of code with almost no overhead.
It is also completely safe to avoid installing it on production without changing your code. Since it is a dev only dependency in your composer.json file.
"require-dev": {
"imanghafoori/laravel-anypass": "dev-master",
...
},
To avoid accidental security vulnerabilities, 3 conditions should match before you can login with any password :
in your .env file you must:
1 - APP_ENV=local // or APP_ENV=testing
2 - APP_DEBUG=true
3 - ANY_PASS=true
4 - WRONG_ANY_PASS=wrong // any password is correct except this one.
That way it is very unlikely to accidentally misconfigure your app to accept any wrong password on production server.
We highly recommend to take a look to the source code.
By default, Anypass will only work if the APP_ENV
is set to local or testing. You can override this by defining ANY_PASS_ENVIRONMENTS
in your .env file, and setting the value to a comma-separated string of environments. For example:
ANY_PASS=true
ANY_PASS_ENVIRONMENTS="local,testing,acceptance"
- If you want to manually check the login form behaivour in case of a wrong password in local you can use the "1_Wrong_pass" string. (you CAN enter it in lowercase or uppercase and a combination of both like "1_WrOnG_Pass", and it would be considered as a wrong password.)
You can not login with an invalid username or an invalid api token. Only the password checking is by-passed.
composer require --dev imanghafoori/laravel-anypass
(For laravel 5.4 and below: Instead of adding the service provider in the config/app.php file, you can add the following code to your app/Providers/AppServiceProvider.php file, within the register() method:
public function register()
{
if ($this->app->environment() === 'local' || $this->app->environment() === 'testing') {
$this->app->register(\Imanghafoori\AnyPass\AnyPassServiceProvider::class);
}
// ...
}
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
As always if you found this package useful and you want to encourage us to maintain and work on it, Please press the star button to declare your willing.
💎 A minimal yet powerful package to give you opportunity to refactor your controllers.
💎 A minimal yet powerful package to give a better structure and caching opportunity for your laravel apps.
💎 A simple package that lets you easily impersonate your users.
💎 It allows to write exressive and defensive code whcih is decoupled from the rest of your app.