1

I am having the following problem. I create a user and password with a seeder. The user is created fine and the password is stored in the db encrypted. And I can login. When I try to change this password, I notice that the string for the password in the db changes (something else is encrypted), but I can't login with the new password nor with the old one.

I have this in the model:

public function setPasswordAttribute($password)
{
    $this->attributes['password'] = Hash::make($password);
}

and in the controller to set the new password I have this

$user = AuthAction::$user;
$user->password = $subscriberData['password'];
$user->save();

Just one final note, the model that I am using for the user is called Subscriber, and when I do a var_dump of the $user variable I can see that it's an instance of the model subscriber.

Jeremy Harris
  • 24,318
  • 13
  • 79
  • 133
Paulo Borralho Martins
  • 333
  • 2
  • 11

2 Answers2

2

This is because your updated password was hashed twice. One via your eloquent mutator

and the other through ResetPasswordController.

protected function resetPassword($user, $password)
{
    $user->forceFill([
        'password' => bcrypt($password),//problem is here, $password was already hashed by eloquent mutator
        'remember_token' => str_random(60),
    ])->save();

    $this->guard()->login($user);
}

You can solve this by overriding the resetPassword function in your ResetPasswordController like so :

protected function resetPassword($user, $password)
{
    $user->forceFill([
        'password' => $password,
        'remember_token' => str_random(60),
    ])->save();

    $this->guard()->login($user);
}
Owen.Oj
  • 21
  • 2
0
$user = AuthAction::$user;
$user->password = Hash::make($subscriberData['password']);
$user->save();