Laravel 5: Using SHA1 instead of Bcrypt

6
votes

I'm trying to extend the default Bcrypt HashServiceProvider in laravel 5, to make use of the SHA1 encryption instead.

Using the answer from this question: How to use SHA1 encryption instead of BCrypt in Laravel 4? and the official documentation at http://laravel.com/docs/5.0/extending#container-based-extension, I'v managed to cook up the following code:

In app/Providers/ShaHashServiceProvider.php


    use App\ShaHasher;
    use Illuminate\Hashing\HashServiceProvider;

    class ShaHashServiceProvider extends HashServiceProvider {

        public function boot()
        {
            parent::boot();

            $this->app->bindShared('hash', function()
            {
                return new ShaHasher();
            });
        }

    }

In app/ShaHasher.php


    use Illuminate\Contracts\Hashing\Hasher as HasherContract;

    class ShaHasher implements HasherContract {

        public function make($value, array $options = array()) {
            $value = env('SALT', '').$value;
            return sha1($value);
        }

        public function check($value, $hashedValue, array $options = array()) {
            return $this->make($value) === $hashedValue;
        }

        public function needsRehash($hashedValue, array $options = array()) {
            return false;
        }

    }

In app/config/app.php


    'providers' => [
            ...
            //'Illuminate\Hashing\HashServiceProvider',
            'App\Providers\ShaHashServiceProvider',
            ...
    ],

I'm also using Laravels out-of-the-box AuthController to handle logins.

But it seems that it does not work as I intended. The very first time I tried to login, everything worked perfectly fine. Then I logged out, and since then, every attempt to login has failed.

I'm not getting any errors, just the "Whoops! There were some problems with your input. These credentials do not match our records." message.

I'm wondering what exactly what went wrong, and where? I hope some of you geniuses can help me out!

1
phplaravelsha1laravel-5extending
Why? SHA1 is not very secure.lukasgeiter
@lukasgeiter - I'm migrating an old CakePHP App (Which uses SHA1) to Laravel 5.TheNish
Then I would try to actually migrate the passwords to bcrypt. This answer describes how such migration process could worklukasgeiter
@lukasgeiter I'v considered that possibility as well, but I did not like the idea of changing the users schema and adding extra logic to the login process, for something that doesn't need to be that secure (in this case). I even found this guide on how to migrate the password: laravel-tricks.com/tricks/…TheNish
In any case, I'm still curious why this code is not working :-)TheNish

1 Answers

7
votes

I'v solved the problem myself :-)

In app/Providers/ShaHashServiceProvider.php I overrided the wrong method boot(), when it was in fact the method register() I should have overridden.


    use App\ShaHasher;
    use Illuminate\Hashing\HashServiceProvider;

    class ShaHashServiceProvider extends HashServiceProvider {

        public function register()
        {
            $this->app->singleton('hash', function() { return new ShaHasher; });
        }

    }