[11.x] Rehash user passwords when validating credentials

src/Illuminate/Auth/AuthManager.php

@@ -128,7 +128,7 @@ public function createSessionDriver($name, $config)
             $name,
             $provider,
             $this->app['session.store'],
-            rehashOnLogin: $this->app['hash']->rehashOnLogin(),
+            rehashOnLogin: $this->app['config']->get('hashing.rehash_on_login', true),
         );
 
         // When using the remember me functionality of the authentication services we

src/Illuminate/Auth/Authenticatable.php

@@ -5,18 +5,18 @@
 trait Authenticatable
 {
     /**
-     * The column name of the "remember me" token.
+     * The column name of the password field using during authentication.
      *
      * @var string
      */
-    protected $rememberTokenName = 'remember_token';
+    protected $authPasswordName = 'password';
 
     /**
-     * The column name of the auth password field.
+     * The column name of the "remember me" token.
      *
      * @var string
      */
-    protected $authPasswordName = 'password';
+    protected $rememberTokenName = 'remember_token';
 
     /**
      * Get the name of the unique identifier for the user.

src/Illuminate/Auth/SessionGuard.php

@@ -97,7 +97,7 @@ class SessionGuard implements StatefulGuard, SupportsBasicAuth
     protected $timebox;
 
     /**
-     * Rehash passwords during login.
+     * Indicates if paswords should be rehashed on login if needed.
      *
      * @var bool
      */
@@ -125,6 +125,7 @@ class SessionGuard implements StatefulGuard, SupportsBasicAuth
      * @param  \Illuminate\Contracts\Session\Session  $session
      * @param  \Symfony\Component\HttpFoundation\Request|null  $request
      * @param  \Illuminate\Support\Timebox|null  $timebox
+     * @param  bool  $rehashOnLogin
      * @return void
      */
     public function __construct($name,
@@ -394,6 +395,7 @@ public function attempt(array $credentials = [], $remember = false)
         // fact valid we'll log the users into the application and return true.
         if ($this->hasValidCredentials($user, $credentials)) {
             $this->rehashPasswordIfRequired($user, $credentials);
+
             $this->login($user, $remember);
 
             return true;
@@ -426,6 +428,7 @@ public function attemptWhen(array $credentials = [], $callbacks = null, $remembe
         // not login the user. Instead, we will fail the specific authentication attempt.
         if ($this->hasValidCredentials($user, $credentials) && $this->shouldLogin($callbacks, $user)) {
             $this->rehashPasswordIfRequired($user, $credentials);
+
             $this->login($user, $remember);
 
             return true;

src/Illuminate/Hashing/HashManager.php

@@ -99,16 +99,6 @@ public function isHashed($value)
         return password_get_info($value)['algo'] !== null;
     }
 
-    /**
-     * Determine if rehashing should be performed during login.
-     *
-     * @return bool
-     */
-    public function rehashOnLogin()
-    {
-        return $this->config->get('hashing.rehash_on_login', true);
-    }
-
     /**
      * Get the default driver name.
      *