Django PASSWORD_HASHERS setting to support older and newer password hashing mechanisms

[ziming]

Sometimes we inherit an older database that does not use bcrypt or argon for password hashing, we want to support the older passwords while hashing future account passwords with bcrypt or argon

django deals with this by having a PASSWORD_HASHERS setting. It will be great if Laravel has it too

https://docs.djangoproject.com/en/4.1/topics/auth/passwords/

[Treggats]

Did you see the 'hashing' config? https://github.com/laravel/laravel/blob/9.x/config/hashing.php#L18

// Supported: "bcrypt", "argon", "argon2id"

config('hashing.driver'); // default is bcrypt

If you need other hashing methods, I think that you need to either write a driver yourself or find a package that has this.

If you have a way to discern which user uses the old hashing. Then you could override the authenticated() method from the AuthenticatedUsers trait. In which you can update the password using the new hashing driver.

Something like this

// LoginController

protected function authenticated(Request $request, User $user)
{
    if ($user->created_at->isAfter(Carbon::create(2020, 2, 20))) {
        return;
    }

    config()->set('hashing.driver', 'bcrypt');
    $password = $request->input('password');
    $user->password = $password;
    $user->save();
}

Hope this helps