Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4bfb164
commit f693a20
Showing
1 changed file
with
1 addition
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🙌
f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not
$password ?? 'hashed-string'
f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@m1guelpf because there are no longer
$password
😃f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This still uses the default
10
rounding. Would there be any different if we hard-code4
rounding such as$2y$04$Ri4Tj1yi9EnO6EI3lS11suHnymOKbC63D85NeHHo74uk4dHe9eah2
?f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@crynobone I don't think that it matters how manny rounding is used, 'cause it's just a hard-coded string...
We could just use
'secret'
as well I think...f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can't use
'secret'
since subsequent login attempts will fail. Also, the number of rounds affects run-time, albeit by a fairly small amount. It may make a difference if you're running hundreds of tests running the hashing function, but just a few tests (i.e. "create user" and "change password") shouldn't show a noticeable difference.f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so what if we change it from
secret
to something else? And if so, how did you encrypt it? (so I can generate the new cipher)f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can I ask if there is a reason for the hard-coded hash and not
Hash::make('secret')
?f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@warrickbayman - yes, because this gets run everytime on most tests (that use seeders). Having a hard-coded hash drastically improves your test speeds.
f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Rah1x - you can do
'password' => $password ?: $password = bcrypt('your-password-here'),
If you want to generate it yourself to be hardcoded (recommended for speed) - just run
dd(bcrypt('your-password-here'));
somewhere and save the string output to here.f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the user model has something like
f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ludo237 then you should make changes in your
UserFactory
.f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perfect / thanks
Also, can you tell me why are we even using it to begin with? I mean its the same password for everyone whats the point?
f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Won't the hash change when the
APP_KEY
changes?f693a20
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gpressutto5
APP_KEY
isn't used for hashing, only for encrypting.