使用Laravel 5.2的内置身份验证将旧的md5密码迁移到bcrypt [英] Migrating old md5 passwords to bcrypt with Laravel 5.2's built in auth
问题描述
我正在将一个旧的PHP应用程序迁移到Laravel 5.2.该应用程序具有巨大的用户表(约5万用户),密码均为MD5哈希值.
I'm migrating an old PHP app over to Laravel 5.2. The app has a huge users table (about 50K users) and the passwords are all MD5 hashes.
显然,这是不可接受的,但我不想将电子邮件发送给所有50,000个要求他们重置密码的用户,而是希望将密码更改为在后台隐藏哈希值.
Obviously this is unacceptable but rather than sending out an email to all 50,000 users asking them to reset their passwords, I want to change the passwords to bcrypt hashes behind the scenes.
为此,我想创建一个其中包含MD5哈希值的old_password
列,然后每当用户登录时,我都会针对MD5哈希值(如果存在)检查密码,然后创建一个新的bcrypt哈希值下次删除MD5哈希值.
To do this, I want to create an old_password
column with the MD5 hash in it and then whenever a user logs in, I check the password against the MD5 hash (if it exists) and then make a new bcrypt hash for next time, deleting the MD5 hash.
我已经看到了一些有关如何执行此操作的示例(例如此和此),但没有一个专门用于Laravel 5,也没有一个专门用于Laravel 5.2的内置auth.
I've seen a few examples about how to do this (such as this and this), but none specifically for Laravel 5 and none specifically for use with Laravel 5.2's built in auth.
是否有一种干净的方法可以使内置auth适应此问题,还是在这种情况下最好编写自己的手动auth系统?
Is there a clean way to adapt the built-in auth to do this, or am I better off writing my own manual auth system in this case?
推荐答案
从Drupal迁移时,我遇到了类似的问题.我没有为旧密码创建新列,但是更新了哈希器以检查密码Drupal-way,然后如果失败,请使用bcrypt进行检查.这样,旧用户可以使用与新用户相同的方式登录.
I had a similar problem when migrated from Drupal. I did not make a new column for old passwords, but updated hasher to check the password Drupal-way and then if that fails, check it with bcrypt. This way old users could log in the same ways as new ones.
您将需要在应用程序中的任何位置(例如,在app/packages/hashing中)创建一个包.将这两个文件放在那里.
You will need to create a package anywhere in you app, say in app/packages/hashing. Put these two files there.
YourHashingServiceProvider.php
<?php namespace App\Packages\Hashing;
use Illuminate\Support\ServiceProvider;
class YourHashingServiceProvider extends ServiceProvider {
/**
* Indicates if loading of the provider is deferred.
*
* @var bool
*/
protected $defer = true;
/**
* Register the service provider.
*
* @return void
*/
public function register()
{
$this->app->singleton('hash', function() { return new YourHasher; });
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides()
{
return ['hash'];
}
}
YourHasher.php
<?php namespace App\Packages\Hashing;
use Illuminate\Contracts\Hashing\Hasher as HasherContract;
use Illuminate\Hashing\BcryptHasher;
use Auth;
class YourHasher implements HasherContract
{
protected $hasher;
/**
* Create a new Sha512 hasher instance.
*/
public function __construct()
{
$this->hasher = new BcryptHasher;
}
/**
* Hash the given value.
*
* @param string $value
* @param array $options
*
* @return string
*/
public function make($value, array $options = [])
{
return $this->hasher->make($value, $options);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
*
* @return bool
*/
public function check($value, $hashedValue, array $options = [])
{
return md5($value) == $hashedValue || $this->hasher->check($value, $hashedValue, $options);
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
*
* @return bool
*/
public function needsRehash($hashedValue, array $options = [])
{
return substr($hashedValue, 0, 4) != '$2y$';
}
}
然后将App\Packages\Hashing\YourHashingServiceProvider::class
放入config/app.class中的providers
内.此时,您的旧用户应该可以登录到您的laravel应用.
Then put App\Packages\Hashing\YourHashingServiceProvider::class
inside providers
in your config/app.class. At this point, your old users should be able to log in to your laravel app.
现在,要更新其密码,可以在用户控制器中的某个位置(登录/注册表单)使用Hash::needsRehash($hashed)
和Hash::make($password_value)
为用户生成新的bcrypt密码,然后保存.
Now, to update their passwords, somewhere in your User controller (login/registration forms) you can use Hash::needsRehash($hashed)
and Hash::make($password_value)
to generate a fresh bcrypt password for a user and then save it.
这篇关于使用Laravel 5.2的内置身份验证将旧的md5密码迁移到bcrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!