Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.x] Retrieve user through provider #189

Merged
merged 1 commit into from
Jan 4, 2021
Merged

[1.x] Retrieve user through provider #189

merged 1 commit into from
Jan 4, 2021

Conversation

driesvints
Copy link
Member

Re-send for #180

@driesvints driesvints mentioned this pull request Jan 4, 2021
Closed
@taylorotwell taylorotwell merged commit f0f8080 into 1.x Jan 4, 2021
@taylorotwell taylorotwell deleted the update-user-provider branch January 4, 2021 14:48
taylorotwell added a commit that referenced this pull request Jan 7, 2021
@taylorotwell
Revert "Retrieve user through provider (#189)"
cb22126 
This reverts commit f0f8080.
@taylorotwell taylorotwell mentioned this pull request Jan 7, 2021
Merged
taylorotwell added a commit that referenced this pull request Jan 7, 2021
@taylorotwell
Revert "Retrieve user through provider (#189)" (#195)
2ca0c06 
This reverts commit f0f8080.
@driesvints driesvints mentioned this pull request Oct 11, 2021
Closed
mpyw
mpyw reviewed Jun 25, 2022
View reviewed changes
src/Actions/RedirectIfTwoFactorAuthenticatable.php
Comment on lines +78 to +88
$user = $this->guard->getProvider()->retrieveByCredentials(
$request->only(Fortify::username(), 'password')
);

return tap($model::where(Fortify::username(), $request->{Fortify::username()})->first(), function ($user) use ($request) {
if (! $user || ! Hash::check($request->password, $user->password)) {
$this->fireFailedEvent($request, $user);
if (! $user) {
$this->fireFailedEvent($request, $user);

$this->throwFailedAuthenticationException($request);
}
});
$this->throwFailedAuthenticationException($request);
}

return $user;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The verification might be not enough. retrieveByCredentials() does not expect password matches, only an email address does. Password hash validation is done by validateCredentials(), but its call was not included in the PR.

I think it is the cause of the PR reverted.

@taylorotwell Is it right?

This was referenced Jun 25, 2022
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpyw mpyw mpyw left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@driesvints @mpyw @taylorotwell