Reverted back to the same SHA256 standards YB used, plus good security. #8
|
|
@ -11,6 +11,7 @@ use DB, Hash, Mail, Illuminate\Support\Facades\Password;
|
|||
|
||||
use App\Http\Controllers\UserController;
|
||||
use App\Http\Controllers\PermissionController;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class AuthController extends Controller {
|
||||
/**
|
||||
|
|
@ -230,31 +231,41 @@ class AuthController extends Controller {
|
|||
* @return \Illuminate\Http\JsonResponse
|
||||
*/
|
||||
public function login(Request $request) {
|
||||
$credentials = $request->only('username', 'password');
|
||||
if (!empty($request)) {
|
||||
$checkName = DB::table('users')
|
||||
->select('*')
|
||||
->where('username', $request['username'])
|
||||
->first(
|
||||
'id',
|
||||
'username',
|
||||
'password',
|
||||
'salt'
|
||||
);
|
||||
|
||||
$rules = [
|
||||
'username' => 'required',
|
||||
'password' => 'required',
|
||||
];
|
||||
$checkName = json_decode(json_encode($checkName), true);
|
||||
$login_ok = false;
|
||||
|
||||
$validator = Validator::make($credentials, $rules);
|
||||
$checkPass = hash('sha256', $request->password . $checkName['salt']);
|
||||
|
||||
if($validator->fails()) {
|
||||
return response()->json(['success'=> false, 'error'=> $validator->messages()]);
|
||||
}
|
||||
for ($round = 0; $round < 65536; $round++) {
|
||||
$checkPass = hash('sha256', $checkPass . $checkName['salt']);
|
||||
}
|
||||
|
||||
try {
|
||||
// attempt to verify the credentials and create a token for the user
|
||||
if (!$token = JWTAuth::attempt($credentials)) {
|
||||
return response()->json(['success' => false, 'error' => 'We cant find an account with this credentials.'], 401);
|
||||
if ($checkPass === $checkName['password']) {
|
||||
$login_ok = true;
|
||||
}
|
||||
}
|
||||
catch (JWTException $e) {
|
||||
// something went wrong whilst attempting to encode the token
|
||||
return response()->json(['success' => false, 'error' => 'Failed to login, please try again.'], 500);
|
||||
|
||||
if ($login_ok) {
|
||||
return array(
|
||||
'uid' => $checkName['id'],
|
||||
'username' => $checkName['username'],
|
||||
'rawPassword' => $request->password,
|
||||
'password' => $checkPass
|
||||
);
|
||||
}
|
||||
// all good so return the token
|
||||
return response()->json(['success' => true, 'data'=> [ 'token' => $token ]]);
|
||||
|
||||
return array();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -304,14 +315,17 @@ class AuthController extends Controller {
|
|||
}
|
||||
|
||||
public function checkAuth(Request $request) {
|
||||
$this->validate($request, ['token' => 'required']);
|
||||
$get = DB::table('users')
|
||||
->select('id', 'username', 'password')
|
||||
->where('username', $request->username)
|
||||
->where('password', $request->password)
|
||||
->first(
|
||||
'id'
|
||||
);
|
||||
|
||||
try {
|
||||
$res = JWTAuth::parseToken()->authenticate();
|
||||
return response()->json(['success' => true, 'user_id' => $res->id]);
|
||||
} catch (JWTException $e) {
|
||||
return response()->json(['success' => false, 'error' => 'Failed to check, please try again.'], 500);
|
||||
}
|
||||
$get = json_decode(json_encode($get), true);
|
||||
|
||||
return $get;
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
@ -24,7 +24,7 @@ class User extends Authenticatable implements JWTSubject {
|
|||
* @var array
|
||||
*/
|
||||
protected $hidden = [
|
||||
'password', 'remember_token',
|
||||
'password', 'salt', 'remember_token',
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ class CreateUsersTable extends Migration
|
|||
$table->string('username');
|
||||
$table->string('email')->unique();
|
||||
$table->string('password');
|
||||
$table->string('salt');
|
||||
$table->rememberToken();
|
||||
$table->timestamps();
|
||||
});
|
||||
|
|
|
|||
|
|
@ -15,18 +15,11 @@ use Illuminate\Http\Request;
|
|||
|
||||
$api = app('Dingo\Api\Routing\Router');
|
||||
|
||||
// JWT API
|
||||
|
||||
$api->version('v1', function ($api) {
|
||||
$api->group(['namespace' => 'App\Http\Controllers'], function ($api) {
|
||||
$api->post('/auth/login', 'AuthController@login');
|
||||
$api->post('/auth/register', 'AuthController@register');
|
||||
$api->post('/auth/recover', 'AuthController@recover');
|
||||
$api->get('/auth/checklegit/{id}', 'AuthController@checkLegit');
|
||||
|
||||
$api->group(['middleware' => ['jwt.auth']], function ($api) {
|
||||
$api->get('/auth/logout', 'AuthController@logout');
|
||||
$api->get('/auth/getuser', 'AuthController@checkAuth');
|
||||
});
|
||||
$api->post('/auth/checkauth', 'AuthController@checkAuth');
|
||||
});
|
||||
});
|
||||
|
|
|
|||
新しいイシューから参照