atasistro
/
pingcrm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Hash password only once 

When a user resets their password, the password would be double hashed and the user locked out of their account.

Ensure we only hash the password if it needs to be hashed. If it has already been hashed, just return the password as-is.
This commit is contained in:
Burton 2020-03-20 21:58:34 -07:00 committed by GitHub
parent a8e0d42aec
commit 9f93e151a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/User.php
View File

@ -32,7 +32,7 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
public function setPasswordAttribute($password)
{
$this->attributes['password'] = Hash::make($password);
$this->attributes['password'] = Hash::needsRehash($password) ? Hash::make($password) : $password;
}
public function photoUrl(array $attributes)