From f8e7c4615e65e653541695e8be57780fc1c60e4b Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 5 May 2020 19:37:58 +0200 Subject: [PATCH 1/5] Implement passport:hash command --- src/Console/HashCommand.php | 51 +++++++++++++++++++++++++++++++++ src/PassportServiceProvider.php | 1 + 2 files changed, 52 insertions(+) create mode 100644 src/Console/HashCommand.php diff --git a/src/Console/HashCommand.php b/src/Console/HashCommand.php new file mode 100644 index 000000000..41c8ecfee --- /dev/null +++ b/src/Console/HashCommand.php @@ -0,0 +1,51 @@ +warn("Warning! You haven't enabled client hashing yet in your AppServiceProvider."); + + return; + } + + if ($this->confirm('Are you sure you want to hash ALL client secrets? This cannot be undone.')) { + $model = Passport::clientModel(); + + foreach ((new $model)->whereNotNull('secret')->cursor() as $client) { + $client->timestamps = false; + + $client->forceFill([ + 'secret' => password_hash($client->secret, PASSWORD_BCRYPT), + ])->save(); + } + + $this->info('All OAuth client secrets were successfully hashed.'); + } + } +} diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php index 02cf5a389..44900b2d4 100644 --- a/src/PassportServiceProvider.php +++ b/src/PassportServiceProvider.php @@ -62,6 +62,7 @@ public function boot() $this->commands([ Console\InstallCommand::class, Console\ClientCommand::class, + Console\HashCommand::class, Console\KeysCommand::class, Console\PurgeCommand::class, ]); From 73d03941067eb18c17a7c424b582e2c8adec28be Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 5 May 2020 19:41:31 +0200 Subject: [PATCH 2/5] Skip records which are already hashed --- src/Console/HashCommand.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Console/HashCommand.php b/src/Console/HashCommand.php index 41c8ecfee..681e74d55 100644 --- a/src/Console/HashCommand.php +++ b/src/Console/HashCommand.php @@ -3,6 +3,7 @@ namespace Laravel\Passport\Console; use Illuminate\Console\Command; +use Illuminate\Support\Str; use Laravel\Passport\Passport; class HashCommand extends Command @@ -38,6 +39,10 @@ public function handle() $model = Passport::clientModel(); foreach ((new $model)->whereNotNull('secret')->cursor() as $client) { + if (Str::startsWith($client->secret, '$2y')) { + continue; + } + $client->timestamps = false; $client->forceFill([ From ea8798fcd6729be3746104b407ed7c611e305ac4 Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 5 May 2020 19:47:18 +0200 Subject: [PATCH 3/5] Fix client command when hashing secrets --- src/Console/ClientCommand.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Console/ClientCommand.php b/src/Console/ClientCommand.php index a312a401e..f51a6b08f 100644 --- a/src/Console/ClientCommand.php +++ b/src/Console/ClientCommand.php @@ -162,6 +162,6 @@ protected function createAuthCodeClient(ClientRepository $clients) protected function outputClientDetails(Client $client) { $this->line('Client ID: '.$client->id); - $this->line('Client secret: '.$client->secret); + $this->line('Client secret: '.$client->plainSecret); } } From 2e5dc05ce743cdeac4d0a733e94eb9771c0a3f74 Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 5 May 2020 19:52:42 +0200 Subject: [PATCH 4/5] Use password_get_info --- src/Console/HashCommand.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Console/HashCommand.php b/src/Console/HashCommand.php index 681e74d55..677949c64 100644 --- a/src/Console/HashCommand.php +++ b/src/Console/HashCommand.php @@ -3,7 +3,6 @@ namespace Laravel\Passport\Console; use Illuminate\Console\Command; -use Illuminate\Support\Str; use Laravel\Passport\Passport; class HashCommand extends Command @@ -39,7 +38,7 @@ public function handle() $model = Passport::clientModel(); foreach ((new $model)->whereNotNull('secret')->cursor() as $client) { - if (Str::startsWith($client->secret, '$2y')) { + if (password_get_info($client->secret)['algo'] === PASSWORD_BCRYPT) { continue; } From db70f7da7f7aa0d0c58af6284b581493afe38ee4 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Tue, 5 May 2020 14:26:46 -0500 Subject: [PATCH 5/5] Update HashCommand.php --- src/Console/HashCommand.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Console/HashCommand.php b/src/Console/HashCommand.php index 677949c64..69f83e9aa 100644 --- a/src/Console/HashCommand.php +++ b/src/Console/HashCommand.php @@ -29,12 +29,12 @@ class HashCommand extends Command public function handle() { if (! Passport::$hashesClientSecrets) { - $this->warn("Warning! You haven't enabled client hashing yet in your AppServiceProvider."); + $this->warn("Please enable client hashing yet in your AppServiceProvider before continuning."); return; } - if ($this->confirm('Are you sure you want to hash ALL client secrets? This cannot be undone.')) { + if ($this->confirm('Are you sure you want to hash all client secrets? This cannot be undone.')) { $model = Passport::clientModel(); foreach ((new $model)->whereNotNull('secret')->cursor() as $client) { @@ -49,7 +49,7 @@ public function handle() ])->save(); } - $this->info('All OAuth client secrets were successfully hashed.'); + $this->info('All client secrets were successfully hashed.'); } } }