Laravel 11 rehash pw, the rehashed pw can't checked by (Hash::check('pw', $rehashedPw)).

[tigertest911]

Laravel Version

11.11.1

PHP Version

8.3.7

Database Driver & Version

MySQL 8.0.35

Description

In Laravel 10, the default value of the rehash_on_login is [false].
In Laravel 11, the default value of the rehash_on_login is [true].

In Laravel 11, when I login, and laravel auto rehash. My password is rehashed.
But the rehashed password can't checked by (Hash::check('pw', $rehashedPw)).
When I change config [rehash_on_login] to false. The bug is closed.

Steps To Reproduce

After upgrade from Laravel 10 to Laravel 11
ASIS:

1. In Laravel 10, change your password.
2. Upgrade my environment to Laravel 11.
3. I goto the top page and I logout.
4. I login successfully （At this time, the password in the DB has been rehashed）
5. I logout
6. I login failed

TOBE: change config [rehash_on_login] to false

1. In Laravel 10, change your password.
2. Upgrade my environment to Laravel 11.
3. I goto the top page and I logout.
4. I login successfully
5. I logout
6. I login successfully again.

[crynobone]

Hey there, thanks for reporting this issue.

We'll need more info and/or code to debug this further. Can you please create a repository with the command below, commit the code that reproduces the issue as one separate commit on the main/master branch and share the repository here?

Please make sure that you have the latest version of the Laravel installer in order to run this command. Please also make sure you have both Git & the GitHub CLI tool properly set up.

laravel new bug-report --github="--public"

Do not amend and create a separate commit with your custom changes. After you've posted the repository, we'll try to reproduce the issue.

Thanks!

[tigertest911]

Hey there, thanks for reporting this issue.

We'll need more info and/or code to debug this further. Can you please create a repository with the command below, commit the code that reproduces the issue as one separate commit on the main/master branch and share the repository here?

Please make sure that you have the latest version of the Laravel installer in order to run this command. Please also make sure you have both Git & the GitHub CLI tool properly set up.

laravel new bug-report --github="--public"

Do not amend and create a separate commit with your custom changes. After you've posted the repository, we'll try to reproduce the issue.

Thanks!

Thank you for your comment.

Our project is security, can’t use the GitHub.

I can share my User Model

public function setPasswordAttribute($password)
{
$this->attributes['password'] = bcrypt($password);
}

Above code is same all the time, but I upgraded from Laravel 5.7 to 10. The login of my project is OK.
But I upgraded from Laravel 10 to 11, the login of my project is happened error.
Reason:
When I login first in Laravel 10, my password had been rehashed and above bcrypt($password) also run.
I think in laravel 11, after pw has been rehashed, don't call the setPasswordAttribute function.

[crynobone]

Our project is security, can’t use the GitHub.

We asked for minimal reproducing repository that would allows us to replicate what you are experiencing. Without this information, we are not able to debug the issue.

[crynobone]

Hey there,

While this may be a legitimate issue, can you first try posting your problem or question on one of the support channels below? If this issue can be definitively identified as a bug, feel free to open up a new issue with a link to the original one and we'll gladly help you out.

• Laracasts Forums
• Laravel.io Forums
• StackOverflow
• Discord
• Larachat
• IRC

Thanks!

[jedney0901]

While I appreciate this needing to be closed, there is an issue where this information is lost to any of those channels and there isn't an easy way to track whether it gets resolved or not.

I'm experiencing this issue too and would have loved a referential link to something like this to dig further.