[11.x] Rehash user passwords when logging in once (#50843)

* Rehash user passwords when validating credentials * Update SessionGuard.php --------- Co-authored-by: Taylor Otwell <[email protected]>
laravel · Mar 29, 2024 · a6de7c6 · a6de7c6
1 parent c8dfb41
commit a6de7c6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php
@@ -253,6 +253,8 @@ public function once(array $credentials = [])
         $this->fireAttemptEvent($credentials);
 
         if ($this->validate($credentials)) {
+            $this->rehashPasswordIfRequired($this->lastAttempted, $credentials);
+
             $this->setUser($this->lastAttempted);
 
             return true;

diff --git a/tests/Auth/AuthGuardTest.php b/tests/Auth/AuthGuardTest.php
@@ -623,6 +623,7 @@ public function testLoginOnceSetsUser()
         });
         $guard->getProvider()->shouldReceive('retrieveByCredentials')->once()->with(['foo'])->andReturn($user);
         $guard->getProvider()->shouldReceive('validateCredentials')->once()->with($user, ['foo'])->andReturn(true);
+        $guard->getProvider()->shouldReceive('rehashPasswordIfRequired')->with($user, ['foo'])->once();
         $guard->shouldReceive('setUser')->once()->with($user);
         $this->assertTrue($guard->once(['foo']));
     }
@@ -637,6 +638,7 @@ public function testLoginOnceFailure()
         });
         $guard->getProvider()->shouldReceive('retrieveByCredentials')->once()->with(['foo'])->andReturn($user);
         $guard->getProvider()->shouldReceive('validateCredentials')->once()->with($user, ['foo'])->andReturn(false);
+        $guard->getProvider()->shouldNotReceive('rehashPasswordIfRequired');
         $this->assertFalse($guard->once(['foo']));
     }