Laravel API无法登录

Question

I have the following 2 methods to create and login a user in my API . I cannot login the user. These files are in the api.php within the routes folder. If I leave off the bcrypt($password) within the User::Create() method it still seems to hash the password somehow does the User::Create() method automatically hash the password. I am wondering if it is getting double hashed somehow.

Route::post('/register', function( Request $request){
    $rules = [
        'name' => 'required|max:255|alpha_dash|unique:users',
        'email' => 'required|email|max:255|unique:users',
        'password' => 'required|confirmed|min:6',
    ];
    $input = $request->only(
        'name',
        'email',
        'password',
        'password_confirmation'
    );
    $validator = Validator::make($input, $rules);
    if($validator->fails()) {
        $error = $validator->messages();
        return response()->json(['success'=> false, 'error'=> $error]);
    }

    $name = $request->name;
    $email = $request->email;
    $password = $request->password;
    $user = User::create(['name' => $name, 'email' => $email, 'password' => bcrypt($password), 'api_token' => md5($email)]);

    return response()->json(['success'=> true, 'data'=> $user]);

});

Route::post("/login", function (Request $request){

    $rules = [
        'email' => 'required|email',
        'password' => 'required',
    ];

    $input = $request->only('email', 'password');

    $validator = Validator::make($input, $rules);

    if($validator->fails()) {
        $error = $validator->messages();
        return response()->json(['success'=> false, 'error'=> $error]);
    }


        $email = $request->email;
        $password =  bcrypt($request->password);



    if(\Auth::Attempt(['email' => $email, 'password' => $password])){
        ///How to get USER to return with Response
        return response()->json(['success' => true]);

    }else{
        return response()->json(['success' => false, 'error' => 'Invalid Credentials', 'password' => $password, 'email' => $email]);
    }

});

Answer 1

You bcrypt($request->password) but if you Auth::Attempt(['email' => $email, 'password' => $password]) , laravel automatically hash the value. So try in your login route just $password = $request->password;

From the docs:

The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the password specified as the password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. If the two hashed passwords match an authenticated session will be started for the user.

Answer 2

So this is what i came up with to "log the user in".

Route::post("/login", function (Request $request){

    $rules = [
        'email' => 'required|email',
        'password' => 'required',
    ];

    $input = $request->only('email', 'password');

    $validator = Validator::make($input, $rules);

    if($validator->fails()) {
        $error = $validator->messages();
        return response()->json(['success'=> false, 'error'=> $error]);
    }


   $email = $request['email'];
   $password = $request['password'];
   $user = User::where('email', $email)->first();
    if($user){
       if(\Hash::check($password, $user->password)){
           return response()->json(['success' => true, 'user' => $user]);
       }else{
           return response()->json(['success' => false, 'error' => 'Invalid Credentials']);
       }
    }else{
        return response()->json(['success' => false, 'error' => 'Invalid Credentials']);
    }

});