Level 104
Maybe Session is not started; is the Route defined in the web middleware group?
Jan 19, 2025
20
Level 2
Where am i wronging?
I have the login method:
public function logon(Request $request) {
$user = User::where("email", $request->email)->first();
if (!$user)
return redirect()->route("login")->withErrors(['fail' => 'Login Falhou']);
if (!Hash::check($request->password, $user->password))
return redirect()->route("login")->withErrors(['fail' => 'Login Falhou']);
// $credentials = $request->only('email', 'password');
$credentials = [
"email" => $request->email,
"password" => $request->password
];
Auth::attempt($credentials);
dd($credentials,Auth::user());
return redirect()->route("permissions");
}
The database verification works fine,
if (!Hash::check($request->password, $user->password))
returns false, but
Auth::attempt($credentials);
not works noway
the User sessions is not created.
Where am i wronging?
Level 2
it is in the logon method, without middleware yet.
where i check if session was started?
...
use App\Http\Controllers\AdminController;
Route::get('/', [HomeController::class, 'login'])->name("login");
Route::post('/logon', [HomeController::class, 'logon'])->name("logon");
Route::group(['middleware' => ['auth']], function () {
Route::get('/erro/de/permissao', [HomeController::class, 'permissionError'])->name("permissions.error");
Route::get('/permissoes', [HomeController::class, 'permissions'])->name("permissions");
...
in my seeder, i did
$users = [
[
"name" => "Carlos",
"email" => "[email protected]",
"password" => "1234"
],[
"name" => "Celopatra",
"email" => "[email protected]",
"password" => "1234"
],[
"name" => "Hnna",
"email" => "[email protected]",
"password" => "1234"
],[
"name" => "Hiandre",
"email" => "[email protected]",
"password" => "1234"
]
];
foreach ($users as $user) {
User::firstOrCreate($user);
}
all passwords, equals, therefore, in he databse each one has your pasword no equal
I used
User::firstOrCreate($user);
to the records
Level 104
@carcleo is that the routes/web.php file?
in he databse each one has your pasword no equal
The same input will produce different hashes each time you are creating a User instance.
Level 2
@tykus Ok, then how guarantee that the password be 1234 to all?
Level 104
@carcleo it is 1234, just the hash is different
Level 2
it is in the logon method, without middleware yet.
where i check if session was started?
...
use App\Http\Controllers\AdminController;
Route::get('/', [HomeController::class, 'login'])->name("login");
Route::post('/logon', [HomeController::class, 'logon'])->name("logon");
Route::group(['middleware' => ['auth']], function () {
Route::get('/erro/de/permissao', [HomeController::class, 'permissionError'])->name("permissions.error");
Route::get('/permissoes', [HomeController::class, 'permissions'])->name("permissions");
...
in my seeder, i did
$users = [
[
"name" => "Carlos",
"email" => "[email protected]",
"password" => "1234"
],[
"name" => "Celopatra",
"email" => "[email protected]",
"password" => "1234"
],[
"name" => "Hnna",
"email" => "[email protected]",
"password" => "1234"
],[
"name" => "Hiandre",
"email" => "[email protected]",
"password" => "1234"
]
];
foreach ($users as $user) {
User::firstOrCreate($user);
}
all passwords, equals, therefore, in he databse each one has your pasword no equal
I used
User::firstOrCreate($user);
to the records b
but as to do compare if the hasche changes always?
Level 104
@carcleo you already have proven that the hashed password matches the plain password in the Request
if (!Hash::check($request->password, $user->password))returns false
So the problem is not the password.
If the routes above are defined in routes/web.php then we would expect the Session to be started, however, you can confirm this using:
php artisan route:list --vv
And checking if the route login route includes the Illuminate\Session\Middleware\StartSession middleware in the output.
Level 122
maybe you hashed the password twice when you registered the user
... or didn't hash at all. !
What does the password look like in the database?
Level 2
Then, i do another test:
public function logon(Request $request) {
$credentials = $request->validate([
'email' => ['required', 'email'],
'password' => ['required'],
]);
$user = User::where("email", $request->email)->first();
dd(
$credentials,
$user->toArray(),
Hash::check('1234', $user->password),
Hash::check('1234', Hash::make($credentials['password'])),
Auth::attempt($credentials)
);
return redirect()->route("permissions");
}
Reply?
array:2 [▼ // app\Http\Controllers\HomeController.php:27
"email" => "[email protected]"
"password" => "1234"
]
array:7 [▼ // app\Http\Controllers\HomeController.php:27
"id" => 1
"name" => "Carlos"
"email" => "[email protected]"
"email_verified_at" => null
"password" => "$2y$12$GkmGbdGGSFAEVH1oHXmM5e4qiShkWKeojZWk1x0TcxnLKELYMmXC6"
"created_at" => "2025-01-20T12:00:55.000000Z"
"updated_at" => "2025-01-20T12:00:55.000000Z"
]
true // app\Http\Controllers\HomeController.php:27
true // app\Http\Controllers\HomeController.php:27
false // app\Http\Controllers\HomeController.php:27
But as Auth::attempt($credentials) not works fine?
Level 104
@carcleo have you modified the auth config to use a Model / database table other than App\Models\User / users?
What is the result of
config('auth')
Level 2
@tykus where? No
array:5 [▼ // app\Http\Controllers\HomeController.php:18
"defaults" => array:2 [▼
"guard" => "web"
"passwords" => "users"
]
"guards" => array:1 [▼
"web" => array:2 [▼
"driver" => "session"
"provider" => "users"
]
]
"providers" => array:1 [▼
"users" => array:2 [▶]
]
"passwords" => array:1 [▼
"users" => array:4 [▼
"provider" => "users"
"table" => "password_reset_tokens"
"expire" => 60
"throttle" => 60
]
]
"password_timeout" => 10800
]
Level 104
@carcleo expand the providers.users key please
Level 2
"providers" => array:1 [▼
"users" => array:2 [▼
"driver" => "eloquent"
"model" => "App\Models\User"
]
]
Level 104
@carcleo I am beginning to wonder if you have a global scope on the User model that prevents the authentication attempt? Can you show us the content of the User class?
Level 2
<?php
namespace App\Models;
// use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
class User extends Authenticatable
{
/** @use HasFactory<\Database\Factories\UserFactory> */
use HasFactory, Notifiable;
/**
* The attributes that are mass assignable.
*
* @var list<string>
*/
protected $fillable = [
'name',
'email',
'password',
];
protected $name;
protected $email;
protected $password;
public function fields(
string $name,
string $email,
string $password
) {
$this->name = $name;
$this->email = $email;
$this->password = $password;
}
/**
* The attributes that should be hidden for serialization.
*
* @var list<string>
*/
protected $hidden = [
'remember_token',
];
/**
* Get the attributes that should be cast.
*
* @return array<string, string>
*/
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
];
}
public function roles() : BelongsToMany {
return $this->belongsToMany(Role::class);
}
public function hasHole(Array $roleName): bool
{
foreach ($this->roles as $role) {
if ($role->name === $roleName) {
return true;
}
}
return false;
}
public function hasHoles(Array $rolesName): bool
{
foreach ($this->roles as $role) {
foreach ($rolesName as $rolee) {
if ($role->name === $rolee) {
return true;
}
}
}
return false;
}
public function hasAbility(string $ability): bool
{
foreach ($this->roles as $role) {
if ($role->abilities->contains('name', $ability)) {
return true;
}
}
return false;
}
}
Level 104
@carcleo this is an issue... remove them:
protected $name;
protected $email;
protected $password;
Why did you do this?
And, why the following as well?
public function fields(
string $name,
string $email,
string $password
) {
$this->name = $name;
$this->email = $email;
$this->password = $password;
}
Level 2
Level 104
@carcleo I have been working with Laravel since v3; it has never been like this in the Model classes. Did you clone a project from github, or make a fresh installation yourself?
Just remove the protected properties like I mentioned above, and the authentication attempt should work.
Level 2
Level 104
@carcleo good. Please mark the thread solved
Please or to participate in this conversation.