0

This might a recurring question on why auth:attempt is returning always false, but despite looking for answers I am not able to solve my issue any further.

I have a students table with id as std_id, email as std_email and password as std_password. to overcome the default password field, I went through some answers and recommend to use this function to override the field name

public function getAuthPassword() {
        return $this->std_password;
    }

and the attempt function is 

public function authenticate(Request $request)
    {
        if (Auth::attempt(['std_email' => $request['std_email'], 'password' => $request['std_password']])){
            return response()->json([
                'validated' => true
            ]);
        }else{
            return response()->json([
                'validated' => false
            ]);
        }
    }

So, I've updated two files, auth/LoginController.php 

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use \Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    public function authenticate(Request $request)
    {
        if (Auth::attempt(['std_email' => $request['std_email'], 'password' => $request['std_password']])){
            return response()->json([
                'validated' => true
            ]);
        }else{
            return response()->json([
                'validated' => false
            ]);
        }
    }

}

and the User model as 

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Notifiable;

    protected $primaryKey = "std_id";
    protected $table = "students";

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'std_email', 'std_password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        //'std_password', 'remember_token',
    ];

    public function getAuthPassword() {
        return $this->std_password;
    }

}

I made sure that in User mode, I've set the primary key as std_id and table as students.

Also, when I register a student, I use bcrypt to hash the password and save it in the DB.

public function create(Request $request){

        $account_exists = $this->check_account_exists($request['email']);

        if($account_exists){

            return response()->json(['account'=>true]);

        }else{

            DB::table('students')->insert([
                'std_fname'     => $request['first_name'],
                'std_lname'     => $request['last_name'],
                'std_email'     => $request['email'],
                'std_password'  => bcrypt($request['std_password']),
                'group_id'      => $request['group'],
                'std_isActive'  => 1
            ]);

            return response()->json(['created'=>true]);

        }

    }

At this point i am not getting any answers why the attempt method fails as I've made sure the login information is correct? Can you see if i have missed anything else?

Thanks!

user2094178
  • 9,204
  • 10
  • 41
  • 70
Wang'l Pakhrin
  • 858
  • 3
  • 15
  • 29

3 Answers3

0

Hash::make($request['std_password']) to encrypt password also please share your code from auth.php

Pranav Mandlik
  • 644
  • 6
  • 19
  • 45
0

I tried different methods and none worked. However, I found a very interesting discovery. Maybe I didn't know about this before or not. When storing a password, I had set the first password (which auth::attempt method was always returning false) was including atleast 1 uppercase and 1 special character and PW was "Abcde12!". This failed every time. Next, I added a simple password without those rules and saved in DB as "secret". When I tested the login, it returned true. So now the real question is, why hashing a password with a special character did not work?

Wang'l Pakhrin
  • 858
  • 3
  • 15
  • 29
-1

It appears as if you are passing in

    'password' => $request['std_password']

to the 

    Auth::attempt()

method when your db table does not contain a 'password' column. You probably want to pass in

    'std_password' => $request['std_password']

but even then, I'm not certain that

    Auth::attempt()

will know to hash your password input before comparing it to the 'std_password' hash in your database. You can probably find a way to modify

    Auth::attempt()

or create a new attempt method that will hash the input before comparison... or you could possibly use

    bcrypt()

to hash your 'std_password' input before you pass it to attempt.

SkrapsDX
  • 1
  • 3
  • `Auth::attempt()` does not accept a custom name for the `password` field. The `getAuthPassword()` accessor in the User model is the place to map the password field to a different name. – user2094178 Aug 30 '18 at 07:46