Improving autohasher

! autohasher wouldn't work when outside of Laravel + autohashes by default any 'password' field, when autohash is enabled
laravel-ardent · Jan 30, 2016 · ac5eae4 · ac5eae4
1 parent 2b2989c
commit ac5eae4
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 11 deletions.
diff --git a/composer.json b/composer.json
@@ -23,7 +23,8 @@
         "illuminate/support": "~5.1",
         "illuminate/database": "~5.1",
         "illuminate/validation": "~5.1",
-        "illuminate/events": "~5.1"
+        "illuminate/events": "~5.1",
+        "illuminate/hashing": "~5.1"
     },
     "autoload": {
         "psr-4": {

diff --git a/src/Ardent/Ardent.php b/src/Ardent/Ardent.php
@@ -5,6 +5,7 @@
 use Illuminate\Database\Capsule\Manager as DatabaseCapsule;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Events\Dispatcher;
+use Illuminate\Hashing\BcryptHasher;
 use Illuminate\Support\MessageBag;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Hash;
@@ -114,7 +115,7 @@ abstract class Ardent extends Model {
      *
      * @var array
      */
-    public static $passwordAttributes = array();
+    public static $passwordAttributes = array('password');
 
     /**
      * If set to true, the model will automatically replace all plain-text passwords
@@ -125,11 +126,11 @@ abstract class Ardent extends Model {
     public $autoHashPasswordAttributes = false;
 
     /**
-     * If set to true will try to instantiate the validator as if it was outside Laravel.
+     * If set to true will try to instantiate other components as if it was outside Laravel.
      *
      * @var bool
      */
-    protected static $externalValidator = false;
+    protected static $external = false;
 
     /**
      * A Validation Factory instance, to be used by standalone Ardent instances with the Translator.
@@ -138,6 +139,14 @@ abstract class Ardent extends Model {
      */
     protected static $validationFactory;
 
+    /**
+     * An instance of a Hasher object, to be used by standalone Ardent instances. Will be null if not external.
+     *
+     * @var \Illuminate\Contracts\Hashing\Hasher
+     * @see LaravelArdent\Ardent\Ardent::configureAsExternal()
+     */
+    public static $hasher;
+
     /**
      * Can be used to ease declaration of relationships in Ardent models.
      * Follows closely the behavior of the relation methods used by Eloquent, but packing them into an indexed array
@@ -505,9 +514,11 @@ public static function configureAsExternal(array $connection, $lang = 'en') {
             dirname(__FILE__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.$lang.
             DIRECTORY_SEPARATOR.'validation.php', $lang);
 
-        self::$externalValidator = true;
+        self::$external = true;
         self::$validationFactory = new ValidationFactory($translator);
         self::$validationFactory->setPresenceVerifier(new DatabasePresenceVerifier($db->getDatabaseManager()));
+
+        self::$hasher = new BcryptHasher();
     }
 
     /**
@@ -522,11 +533,9 @@ public static function configureAsExternal(array $connection, $lang = 'en') {
      * @see Ardent::$externalValidator
      */
     protected static function makeValidator($data, $rules, $customMessages, $customAttributes) {
-        if (self::$externalValidator) {
-            return self::$validationFactory->make($data, $rules, $customMessages, $customAttributes);
-        } else {
-            return Validator::make($data, $rules, $customMessages, $customAttributes);
-        }
+        return self::$external?
+            self::$validationFactory->make($data, $rules, $customMessages, $customAttributes) :
+            Validator::make($data, $rules, $customMessages, $customAttributes);
     }
 
     /**
@@ -770,6 +779,15 @@ public function errors() {
         return $this->validationErrors;
     }
 
+    /**
+     * Hashes the password, working without the Hash facade if this is an instance outside of Laravel.
+     * @param $value
+     * @return string
+     */
+    protected function hashPassword($value) {
+        return self::$external? self::$hasher->make($value) : Hash::make($value);
+    }
+
     /**
      * Automatically replaces all plain-text password attributes (listed in $passwordAttributes)
      * with hash checksum.
@@ -789,7 +807,7 @@ protected function hashPasswordAttributes(array $attributes = array(), array $pa
 
             if (in_array($key, $passwordAttributes) && !is_null($value)) {
                 if ($value != $this->getOriginal($key)) {
-                    $result[$key] = Hash::make($value);
+                    $result[$key] = $this->hashPassword($value);
                 }
             } else {
                 $result[$key] = $value;