Since I'm porting an app to Laravel and it's using the Auth Class, I need to change all the passwords in my users table to bycrypt (using Hash::make()).
The thing is that I want to use the usernames as default password (so when the migration is done, my user "Mario" will have a Password of "Mario") — I wanna do this with all the entries of the database via a Migration, but I can't seem to make it, since I don't know how to get the value of the select, hash it, then use it in the update.
Is there any way to do this without using loops? (i.e without making one query per user)
EDIT: Yes, this is impossible to do without loops. I realized that. And #Adrenaxus has the right answer.
Why don't you do something like this:
foreach(User::all() as $user){
$user->password = Hash::make($user->username);
$user->save();
}
Related
I am currently in the process of migrating all user accounts of my parse-server backend to a 3rd-party SSO provider. The provider allows me to import users with pre-hashed passwords, allowing me to do the transition without needing the users to sign-in to finish the migration process.
I have been having issues trying to obtain the hashed password from the ParseUser object. I can see it in the MongoDB (the _hashed_password field), however I have been unable to extract the password field from the queried object.
I obtain the ParseUser object via the following query (simplified, removed async/await)
const query = new Parse.Query(Parse.User)
query.find({useMasterKey: true}).then(users => {
users.forEach(user => {
// obtain password here + do migration
})
});
I have attempted to get the password via
user.getPassword()
user.get("password")
user.get("_hashed_password")
query.select(["_hashed_password", "password"]).find({useMasterKey: true}).then(...)
The getPassword() function does not exist, but I wanted to try it anyway. the get("password") and get("_hashed_password) returns undefined.
The query.select(...) returns the entire user (except the password), even though I thought it would return either the password or an empty object.
My question is: How can I programatically get the hashed password of a user on the parse platform?
Currently for debugging purposes I am developing this migration as a cloud function. Once I have it working I was planning to move it as a job. I believe this should have no effect on the way the code works, but am leaving this note here just in case anyway.
Thanks in advance for your help.
Thanks to Davi Macêdo, I figured it out.
One has to use aggregate query, however the field _hashed_password gets filtered out by Parse even in aggregate queries, so we need to compute additional field based on the _hashed_password. The following code works:
new Parse.Query(Parse.User).aggregate({
"project": {
"myPassword": "$_hashed_password"
}
})
Is there any way to force the username column to change all entries to lowercase?
Thanks
You can achieve this in two ways.
SaveTrigger : In the beforeSave() trigger of your user class, check if it is a new object, and if it is change the given username to lower case using the .toLowerCase() method like this.
if(!request.original)
request.object.set("username",request.object.get("username").toLowerCase())
Client-side: before signing up your users just use the corresponding .toLowerCase() method for the language you are coding in and then sign the user up.
i make one table for with some column with nullable.
i already tried with two different query. one using
Register_member::where('passport',$passport)->orWhere('adharcardnumber',$adharcardnumber)->get();
and second DB::table type query.
$row = Register_member::where('passport',$passport)->orWhere('adharcardnumber',$adharcardnumber)->get();
if (!empty($row))
{
return response()->json(["status"=>0, "message"=>"Adharcard or Paasport number already exit."]);
}
if (empty($row))
{
Register_member::insert(['first_name'=>request('first_name'), 'middle_name'=>request('middle_name'), 'last_name'=>request('last_name'), 'adharcardnumber'=>request('adharcardnumber'), 'ocipcinumber'=>request('ocipcinumber'), 'passport'=>request('passport'), 'birthday'=>request('birthday'),
'mobilecode'=>request('mobilecode'), 'mobilenumber'=>request('mobilenumber'), 'email'=>request('email'), 'address'=>request('address'), 'landmark'=>request('landmark'), 'area'=>request('area'),
'gender'=>request('gender'), 'pincode'=>request('pincode'), 'city_name'=>request('city_name'), 'state_id'=>request('state_id'), 'country_id'=>request('country_id'), 'sampraday'=>request('sampraday'), 'other'=>request('other'), 'sms'=>request('sms')]);
return response()->json(["status"=>1, "message"=>"Member register successful."]);
}
if adharcardnumber or passport number are exists in table, then nagetive response. if in both any one in unique then, insert data in table
Let me suggest you something which I think serve you as a good solution. You can use the unique with required and regex. In this way it will use the already recommended ways of Laravel which are the best.
As an example for your adhaar card,
the validation should look like this
$request->validate([
'adhaar ' =>['required','unique:users','regex:/\d{12}/'],
]);
where adhar is the filed name where adhaar number is entered. Be sure to use validator like this use Illuminate\Support\Facades\Validator;. Also $request is the instance of the Request.
Using the required prevent empty field submission and the regex will throw an error if the pattern is not matched completely. so I think it would be a better a way to handle the scenario.
the above solution will work in both adhaar and passport. But for the passport the regex will be different though.
Please note these are all demo examples, you might need to modify it according to your needs. I use https://www.phpliveregex.com/ for regex making and checking and it is good enough.
I hope you get an idea of how to begin but if you need more information then let me know in the comments.
I am developing an application in PHP Laravel. It uses bcrypt encryption to store passwords. I want to keep the history of hashes whenever the user changes the password. By doing this I want to stop user entering the previous passwords in some scenarios. Is it safe to keep the history of hashes?
I am using built in functions. I do not know much about this encryption. According to my observation, if a user changes his password and keep the same as a previous one, the hash values come different. How can I stop him to keep the same password from the previous history? Is it possible while using bcrypt encryption?
Yes that's totally safe. You can compare the new password with your older hashes using Hash::check(). For example like this ($hashes being an array of old hashes)
$newPassword = 'secret';
foreach($hashes as $hash){
if(Hash::check($newPassword, $hash)){
exit('Sorry can\'t use the same password twice');
}
}
there is a laravel package for it called laravel-password-history
which you can install and enjoy.
it provides you with event listeners, migrations, validation rules, etc. it is also configurable to check for a certain depth in the history.
I'm trying to find all users w/ a specific permissions list in Sentry with laravel. The problem is that Sentry::findAllUsersWithAccess() returns an array().
as stated in their github repository i pinpointed their code to be
public function findAllWithAccess($permissions)
{
return array_filter($this->findAll(), function($user) use ($permissions)
{
return $user->hasAccess($permissions);
});
}
right now, it gets all users and filter it out with users with permission list. the big problem would be when I as a developer would get the set of users, it'll show ALL users, i'm developing an app which may hold thousands of users and i only need to get users with sepcific permission lists.
With regards to that would love to use one with a ->paginate() capability.
Any thoughts how to get it without getting all the users.
Why dont you override the findAllWithAccess() method and write your own implementation, which uses mysql where instead of array_filter().
I dont know your project structure and the underlying db schema, so all i can give you atm is the link to the eloquent documentation Querying Relations (whereHas).
In case you dont know where to start: its always a good idea to look at the ServiceProvider (SentryServiceProvider, where the UserProvider, which holds the findAllWidthAccess() method, is registered). Override the registerUserProvider method and return your own implementation of the UserProvider (with the edited findAllWithAccess() method).
Hope that will point you in the right direction.
In Laravel you can do pagination manually on arrays:
$paginator = Paginator::make($items, $totalItems, $perPage);
Check the docs: http://laravel.com/docs/pagination