laravel · driesvints · May 8, 2020 · May 8, 2020
diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php
@@ -60,7 +60,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType)
             return false;
         }
 
-        return ! $record->confidential() || $this->verifySecret((string) $clientSecret, $record->secret);
+        return ! $record->confidential() || $this->verifySecret((string) $clientSecret, $record->secret, $grantType);
     }
 
     /**
@@ -95,11 +95,12 @@ protected function handlesGrant($record, $grantType)
      *
      * @param  string  $clientSecret
      * @param  string  $storedHash
+     * @param  string  $grantType
      * @return bool
      */
-    protected function verifySecret($clientSecret, $storedHash)
+    protected function verifySecret($clientSecret, $storedHash, $grantType)
     {
-        return Passport::$hashesClientSecrets
+        return Passport::$hashesClientSecrets && $grantType !== 'personal_access'
                     ? password_verify($clientSecret, $storedHash)
                     : hash_equals($storedHash, $clientSecret);
     }

diff --git a/tests/BridgeClientRepositoryHashedSecretsTest.php b/tests/BridgeClientRepositoryHashedSecretsTest.php
@@ -21,6 +21,14 @@ protected function setUp(): void
         $this->clientModelRepository = $clientModelRepository;
         $this->repository = new BridgeClientRepository($clientModelRepository);
     }
+
+    public function test_personal_access_grant_is_permitted()
+    {
+        $client = $this->clientModelRepository->findActive(1);
+        $client->personal_access_client = true;
+
+        $this->assertTrue($this->repository->validateClient(1, $client->secret, 'personal_access'));
+    }
 }
 
 class BridgeClientRepositoryHashedTestClientStub extends BridgeClientRepositoryTestClientStub