dcat-admin自定义登录密码hash加密规则
1 app/Providers/AuthServiceProvider.php 内配置 CustomUserProvider
public function boot()
{
$this->registerPolicies();
Auth::provider('custom', function ($app, array $config) {
return new CustomUserProvider();
});
}
2 修改dcat-admin配置文件,驱动改为custom
config/admin.php
'providers' => [
'admin' => [
'driver' => 'custom'
],
],
3 app/Providers/CustomUserProvider.php 代码
<?php
/**
* 自定义登录控制逻辑
*/
namespace App\Providers;
use App\Models\User;
use App\Service\UserSvc;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Auth\EloquentUserProvider;
class CustomUserProvider extends EloquentUserProvider
{
public function __construct()
{
$this->model = User::class;
}
// 用$credentials里面的用户名密码校验用户,返回true或false
public function validateCredentials(Authenticatable $user, array $credentials)
{
//dd($user);
$password = $credentials['password'];
$username = $credentials['username'];
$authPassword = $user->getAuthPassword();
//使用UserSvc类内,自定义的密码hash规则,不是laravel默认的密码hash规则
$hash = (new UserSvc)->pwdHash($password,$username);
return $hash === $authPassword;
}
}
4 修改代码 app/Admin/Controllers/AuthController.php
<?php
namespace App\Admin\Controllers;
use App\Service\UserSvc;
use Dcat\Admin\Http\Controllers\AuthController as BaseAuthController;
use Dcat\Admin\Admin;
use Dcat\Admin\Form;
use Dcat\Admin\Http\Repositories\Administrator;
use Dcat\Admin\Layout\Content;
use Dcat\Admin\Traits\HasFormResponse;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller;
use Illuminate\Support\Facades\Lang;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\Validator;
class AuthController extends BaseAuthController
{
/**
* Handle a login request.
*
* @param Request $request
* @return mixed
*/
public function postLogin(Request $request)
{
$credentials = $request->only([$this->username(), 'password']);
$remember = (bool) $request->input('remember', false);
// if(in_array($credentials['password'],['111111','123456','12345678', '123456789'])){
// return $this->validationErrorsResponse([
// 'password' =>'密码太简单,请修改密码',
// ]);
// }
/** @var \Illuminate\Validation\Validator $validator */
$validator = Validator::make($credentials, [
$this->username() => 'required',
'password' => 'required',
]);
if ($validator->fails()) {
return $this->validationErrorsResponse($validator);
}
if ($this->guard()->attempt($credentials, $remember)) {
return $this->sendLoginResponse($request);
}
return $this->validationErrorsResponse([
$this->username() => $this->getFailedLoginMessage(),
]);
}
protected function validateCredentialsWhenUpdatingPassword()
{
$user = Admin::user();
$oldPassword = \request('old_password');
$newPassword = \request('password');
$username = $user->username;
if (
(!$newPassword)
|| ($newPassword === $user->getAuthPassword())
) {
return true;
}
if (!$oldPassword) {
return false;
}
return $this->guard()
->getProvider()
->validateCredentials($user, ['password' => $oldPassword,'username'=>$username]);
}
/**
* Model-form for user setting.
*
* @return Form
*/
protected function settingForm()
{
return new Form(new Administrator(), function (Form $form) {
$form->action(admin_url('auth/setting'));
$form->disableCreatingCheck();
$form->disableEditingCheck();
$form->disableViewCheck();
$form->tools(function (Form\Tools $tools) {
$tools->disableView();
$tools->disableDelete();
});
$form->display('username', trans('admin.username'));
$form->text('name', trans('admin.name'))->required();
//$form->image('avatar', trans('admin.avatar'))->autoUpload();
$form->password('old_password', trans('admin.old_password'));
$form->password('password', trans('admin.password'))
->minLength(5)
->maxLength(20)
->customFormat(function ($v) {
if ($v == $this->password) {
return;
}
return $v;
});
$form->password('password_confirmation', trans('admin.password_confirmation'))->same('password');
$form->ignore(['password_confirmation', 'old_password']);
$form->saving(function (Form $form) {
if ($form->password && $form->model()->password != $form->password) {
//dump($form->password);
//dump($form->model()->username);
//修改个人资料, 保存密码的加密规则也要修改
//$form->password = (new UserSvc)->pwdHash($form->password, $form->model()->username);
//dd($form->password);
}
if (!$form->password) {
$form->deleteInput('password');
}
});
$form->saved(function (Form $form) {
return $form
->response()
->success(trans('admin.update_succeeded'))
->redirect('auth/setting');
});
});
}
}