Laravel 5.5 Basic Auth Problem - Laravel authenticates users without a password

Posted 1 year ago by peterworks91

I have applied the default Basic Auth middleware to one of my routes. Everything seems to be working perfectly (I also changed the default field from email to login because that's what I am using as the username) except for the fact that I am able to authenticate any user just by his login. I do not need to specify the password. Whenever I try to type in the correct password Laravel doesn't let me through. It correctly recognizes that a user does not exist if I input a non-existing username but it also allows me to authenticate if I specify a correct login only (without a password).

This is my api.php route:

Route::get('order/{order_id}/{item_id}', '[email protected]')->middleware('auth.basic');

The only change I made in the AuthenticateWithBasicAuth class is specifying the login field instead of the default email field:

public function handle($request, Closure $next, $guard = null)
{
    return $this->auth->guard($guard)->basic('login') ?: $next($request);
}

I'd be really grateful for any help with this issue.

Please sign in or create an account to participate in this conversation.