Surely this has been done before. Aha! Here's a way to do it with... 'binding' on Laravel version... 4. Wait, what's binding?
Ok, well here's some sketchy instructions on how to replace the Hasher singleton with one that will do other kinds of hashes, and alludes to adding an event listener. Hmm, also old. Here's an even older one!
This Blog post I think has the right flowchart:
Here's what I ended up with:
// Fresh Install of Laravel 6 with Auth components.
$ composer global require laravel/installer
$ laravel new d7-migrator --auth
In app\Services\LegacyPassword.php
I put a distilled version of the default D7 code for matching a password to a hash, which is a bit non-standard and doesn't use password_verify()
. Full code can be viewed here but is not a robust enough implementation of the full Drupal 7 password algorithm to advertise it as a full solution at this point.
Then edit app/Http/Controllers/Auth/LoginController.php
to use the LegacyPassword
class and modify the use of the Illuminate\Auth\UserInterface
trait.
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -4,7 +4,13 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
+use App\Services\LegacyPassword;
+use App\User;
+use Illuminate\Auth\UserInterface;
+use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
class LoginController extends Controller
{
@@ -19,7 +25,7 @@ class LoginController extends Controller
|
*/
- use AuthenticatesUsers;
+ use AuthenticatesUsers { attemptLogin as private attemptLaravelLogin; }
/**
* Where to redirect users after login.
@@ -37,4 +43,26 @@ class LoginController extends Controller
{
$this->middleware('guest')->except('logout');
}
+
+ /**
+ * Attempt to log the user into the application.
+ * Thin wrapper around original `attemptLogin()`.
+ *
+ * @param \Illuminate\Http\Request $request
+ * @return bool
+ */
+ protected function attemptLogin(Request $request)
+ {
+ if ($this->attemptLaravelLogin($request)) {
+ return true;
+ }
+ $user = User::where('email', $request->request->get('email'))->first();
+ $password = $request->request->get('password');
+ if (!is_null($user) && LegacyPassword::match($password, $user->password)) {
+ Auth::login($user);
+ $user->update(['password' => Hash::make($password)]);
+ return true;
+ }
+ return false;
+ }
+
}