使用Laravel 5.2的内置身份验证将旧的md5密码迁移到bcrypt [英] Migrating old md5 passwords to bcrypt with Laravel 5.2's built in auth

问题描述

我正在将一个旧的PHP应用程序迁移到Laravel 5.2.该应用程序具有巨大的用户表(约5万用户)，密码均为MD5哈希值.

I'm migrating an old PHP app over to Laravel 5.2. The app has a huge users table (about 50K users) and the passwords are all MD5 hashes.

显然，这是不可接受的，但我不想将电子邮件发送给所有50,000个要求他们重置密码的用户，而是希望将密码更改为在后台隐藏哈希值.

Obviously this is unacceptable but rather than sending out an email to all 50,000 users asking them to reset their passwords, I want to change the passwords to bcrypt hashes behind the scenes.

为此，我想创建一个其中包含MD5哈希值的old_password列，然后每当用户登录时，我都会针对MD5哈希值(如果存在)检查密码，然后创建一个新的bcrypt哈希值下次删除MD5哈希值.

To do this, I want to create an old_password column with the MD5 hash in it and then whenever a user logs in, I check the password against the MD5 hash (if it exists) and then make a new bcrypt hash for next time, deleting the MD5 hash.

我已经看到了一些有关如何执行此操作的示例(例如此和此)，但没有一个专门用于Laravel 5，也没有一个专门用于Laravel 5.2的内置auth.

I've seen a few examples about how to do this (such as this and this), but none specifically for Laravel 5 and none specifically for use with Laravel 5.2's built in auth.

是否有一种干净的方法可以使内置auth适应此问题，还是在这种情况下最好编写自己的手动auth系统?

Is there a clean way to adapt the built-in auth to do this, or am I better off writing my own manual auth system in this case?

推荐答案

从Drupal迁移时，我遇到了类似的问题.我没有为旧密码创建新列，但是更新了哈希器以检查密码Drupal-way，然后如果失败，请使用bcrypt进行检查.这样，旧用户可以使用与新用户相同的方式登录.

I had a similar problem when migrated from Drupal. I did not make a new column for old passwords, but updated hasher to check the password Drupal-way and then if that fails, check it with bcrypt. This way old users could log in the same ways as new ones.

您将需要在应用程序中的任何位置(例如，在app/packages/hashing中)创建一个包.将这两个文件放在那里.

You will need to create a package anywhere in you app, say in app/packages/hashing. Put these two files there.

YourHashingServiceProvider.php

<?php namespace App\Packages\Hashing;

use Illuminate\Support\ServiceProvider;

class YourHashingServiceProvider extends ServiceProvider {

    /**
     * Indicates if loading of the provider is deferred.
     *
     * @var bool
     */
    protected $defer = true;

    /**
     * Register the service provider.
     *
     * @return void
     */
    public function register()
    {
        $this->app->singleton('hash', function() { return new YourHasher; });
    }

    /**
     * Get the services provided by the provider.
     *
     * @return array
     */
    public function provides()
    {
        return ['hash'];
    }

}

YourHasher.php

<?php namespace App\Packages\Hashing;

use Illuminate\Contracts\Hashing\Hasher as HasherContract;
use Illuminate\Hashing\BcryptHasher;
use Auth;

class YourHasher implements HasherContract
{

    protected $hasher;

    /**
     * Create a new Sha512 hasher instance.
     */
    public function __construct()
    {
        $this->hasher = new BcryptHasher;
    }

    /**
     * Hash the given value.
     *
     * @param string $value
     * @param array  $options
     *
     * @return string
     */
    public function make($value, array $options = [])
    {
        return $this->hasher->make($value, $options);
    }

    /**
     * Check the given plain value against a hash.
     *
     * @param  string $value
     * @param  string $hashedValue
     * @param  array  $options
     *
     * @return bool
     */
    public function check($value, $hashedValue, array $options = [])
    {
        return md5($value) == $hashedValue || $this->hasher->check($value, $hashedValue, $options);
    }

    /**
     * Check if the given hash has been hashed using the given options.
     *
     * @param  string $hashedValue
     * @param  array  $options
     *
     * @return bool
     */
    public function needsRehash($hashedValue, array $options = [])
    {
        return substr($hashedValue, 0, 4) != '$2y$';
    }
}

然后将App\Packages\Hashing\YourHashingServiceProvider::class放入config/app.class中的providers内.此时，您的旧用户应该可以登录到您的laravel应用.

Then put App\Packages\Hashing\YourHashingServiceProvider::class inside providers in your config/app.class. At this point, your old users should be able to log in to your laravel app.

现在，要更新其密码，可以在用户控制器中的某个位置(登录/注册表单)使用Hash::needsRehash($hashed)和Hash::make($password_value)为用户生成新的bcrypt密码，然后保存.

Now, to update their passwords, somewhere in your User controller (login/registration forms) you can use Hash::needsRehash($hashed) and Hash::make($password_value) to generate a fresh bcrypt password for a user and then save it.

这篇关于使用Laravel 5.2的内置身份验证将旧的md5密码迁移到bcrypt的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！