Unable to log in with any password - hashing problem?

[pekka]

Currently learning Laravel. I have a project with Backpack running locally that I'm trying to deploy to a web server. The deployment target is marked "production" so the Backpack admin interface is password protected.

Problem is, no password is ever accepted. If I go the "forgot password" route I can set a new password, and go to the admin panel because I seem to be automatically signed in when I do this. However, the next time I try to log in using the new password, it gets rejected.

I assume this is a hashing problem when storing the password.

The users table looks fine:

Can anyone point me where to start debugging this?

[pxpm]

Hey @pekka can you do php artisan backpack:version and give me the output ?

Also, how are you creating the users ? Via Register page or some seeder or something ?

Cheers

[pxpm]

I am just wondering why are you getting those exceptions instead of a nice error page:

I am not sure, but it does not seem that you are using Backpack for the authentication. Did you properly follow Backpack setup ? ran all the commands etc ? It seems something is missing there, not the hashing algorithm tho.

[pekka]

I'm getting the nice error page when trying to log in!
The exception happens when I enter a new password here:

I think I followed all the installation instructions correctly, but will probably have to repeat the process to exclude any problems on that end...

[pxpm]

Can you click on "Share" in the top of error page and share with me the full error stack ?

Thanks

[pekka]

Certainly. Here!

[pekka]

#357 (reply in thread)

[o15a3d4l11s2]

If you are using the default settings for hashing (Bcrypt), you could try changing one password directly in the database to $2a$10$LLHgjgY2SNlrIELWFG1Q6O4hlHG42WllWNjISZXUNfKGlLeSKAeOy, which is equivalent to 12345678 and then try to login with it. If it succeeds, it means the problem is related to the hash generation. If it fails, it means it is related to the login part that checks for the correct password.

[pekka]

The result is true.

This is the JS error. There are no other errors on the page, everything is on https:

You say that you are running it locally and you wanted to deploy it. Does this mean that everything works properly locally, but fails when deployed?

I thought it was working properly locally, but now I appear to have the same problem there as well regarding passwords. The Javascript error happens only when deployed.

How are you running Laravel locally - Homestead, Docker, Valet, etc.?

Valet.

How are the users created/registered? If you have implemented the registration yourself maybe there is an issue with that code? Could you share some code regarding the registration/user-creation?

Nope, so far I've only used the Backpack admin panel to create users.

To prevent wasting your or my time, given that the problem appears locally as well, I will first recreate a Backpack project from scratch to make sure I didn't make some kind of mistake along the way.

If it happens again I will report with details.

Thank you for your help so far!

[pekka]

OK, so the JavaScript error appears to be totally separate from the password issue, specific to Safari 15 and seems to happen in the Backpack demo as well. Whenever clicking "save and..." in any CRUD:

Is it worth filing this as a bug? According to MDN this may be fixed in Safari 16, I just haven't gotten around to updating (which I will now do).

[pekka]

OK, so I did a complete reinstall/recreate of the project and am NOT seeing the hashing problem any more. I can reset the password using the password link and everything works as expected.

I must have done something wrong while first setting up the project, Backpack, or the permissions add-on.

The JavaScript problem remains in Safari 15, happy to file that as a bug if you want me to.

Thank you all for your help and questions, and sorry for wasting time!

[o15a3d4l11s2]

There must have been a missing step during installation. Glad to hear that you resolved your problem.

[o15a3d4l11s2]

@pekka, since your problem is resolved, could you please mark this thread as answered

[blondie63]

I have a similar problem in the new backpack 5 project, I register and log in without problems, but if I go to edit the user and save a new password, he saves it in clear text, what's wrong?
@o15a3d4l11s2 What you think ?

[o15a3d4l11s2]

I was just re-checking this old thread and noticed I have missed your questions. Not sure if you already resolved it, but for completeness - if the password is not hashes, this means that once the user enters the password in the form, you should hash the user input like Hash::make($request->new_password) and then store it into the DB.

[blondie63]

Yes thanks, just fixed :)

[jcastroa87]

Due to no activity, I will close this issue, but please feel free to re-open or create a new one if needed.

Cheers.