Laravel 5.1 Auth::attempt() doesn't work after Composer update

Question

My project in Laravel 5.1 and I can't login after Composer update

Everything was working before I run

composer update

I'm using standard built in Laravel's register and login process the function Auth::attempt() in AuthController.php always returns false .

I have tested it on a new project of Laravel 5.1 and it's the same problem. I did a password reset, created new user, nothing works …

I get this error:

These credentials do not match our records

Those are the packages that were updated:

Updating dependencies (including require-dev)
- Removing giggsey/libphonenumber-for-php (7.2.6)
- Installing giggsey/libphonenumber-for-php (7.2.8)
  Downloading: 100%

- Removing symfony/var-dumper (v2.7.10)
- Installing symfony/var-dumper (v2.7.11)
  Downloading: 100%

- Removing symfony/translation (v2.7.10)
- Installing symfony/translation (v2.7.11)
  Downloading: 100%

- Removing symfony/routing (v2.7.10)
- Installing symfony/routing (v2.7.11)
  Downloading: 100%

- Removing symfony/process (v2.7.10)
- Installing symfony/process (v2.7.11)
  Downloading: 100%

- Installing symfony/polyfill-mbstring (v1.1.1)
  Downloading: 100%

- Removing symfony/http-foundation (v2.7.10)
- Installing symfony/http-foundation (v2.7.11)
  Downloading: 100%

- Removing symfony/event-dispatcher (v2.8.3)
- Installing symfony/event-dispatcher (v2.8.4)
  Downloading: 100%

- Removing symfony/debug (v2.7.10)
- Installing symfony/debug (v2.7.11)
  Downloading: 100%

- Removing symfony/http-kernel (v2.7.10)
- Installing symfony/http-kernel (v2.7.11)
  Downloading: 100%

- Removing symfony/finder (v2.7.10)
- Installing symfony/finder (v2.7.11)
  Downloading: 100%

- Removing symfony/dom-crawler (v2.7.10)
- Installing symfony/dom-crawler (v2.7.11)
  Downloading: 100%

- Removing symfony/css-selector (v2.7.10)
- Installing symfony/css-selector (v2.7.11)
  Downloading: 100%

- Removing symfony/console (v2.7.10)
- Installing symfony/console (v2.7.11)
  Downloading: 100%

- Removing psy/psysh (v0.7.1)
- Installing psy/psysh (v0.7.2)
  Downloading: 100%

- Removing paragonie/random_compat (v1.2.1)
- Installing paragonie/random_compat (v1.4.1)
  Downloading: 100%

- Removing monolog/monolog (1.18.0)
- Installing monolog/monolog (1.18.1)
  Downloading: 100%

- Removing league/flysystem (1.0.18)
- Installing league/flysystem (1.0.20)
  Downloading: 100%

- Removing symfony/polyfill-util (v1.1.0)
- Installing symfony/polyfill-util (v1.1.1)
  Downloading: 100%

- Removing symfony/polyfill-php56 (v1.1.0)
- Installing symfony/polyfill-php56 (v1.1.1)
  Downloading: 100%

- Removing propaganistas/laravel-phone (2.6.1)
- Installing propaganistas/laravel-phone (2.7.0)
  Downloading: 100%

- Removing symfony/yaml (v3.0.3)
- Installing symfony/yaml (v3.0.4)
  Downloading: 100%

- Removing phpunit/phpunit (4.8.23)
- Installing phpunit/phpunit (4.8.24)
  Downloading: 100%

- Removing phpspec/phpspec (2.4.1)
- Installing phpspec/phpspec (2.5.0)
  Downloading: 100%

Any idea which package is causing the problem? Any workaround or idea how to fix this?

The postLogin function (it's standard, I didn't do any changes):

public function postLogin(Request $request)
{
    $this->validate($request, [
        $this->loginUsername() => 'required', 'password' => 'required',
    ]);

    // If the class is using the ThrottlesLogins trait, we can automatically throttle
    // the login attempts for this application. We'll key this by the username and
    // the IP address of the client making these requests into this application.
    $throttles = $this->isUsingThrottlesLoginsTrait();

    if ($throttles && $this->hasTooManyLoginAttempts($request)) {
        return $this->sendLockoutResponse($request);
    }

    $credentials = $this->getCredentials($request);

    if (Auth::attempt($credentials, $request->has('remember'))) {
        return $this->handleUserWasAuthenticated($request, $throttles);
    }

    // If the login attempt was unsuccessful we will increment the number of attempts
    // to login and redirect the user back to the login form. Of course, when this
    // user surpasses their maximum number of attempts they will get locked out.
    if ($throttles) {
        $this->incrementLoginAttempts($request);
    }

    return redirect($this->loginPath())
        ->withInput($request->only($this->loginUsername(), 'remember'))
        ->withErrors([
            $this->loginUsername() => $this->getFailedLoginMessage(),
        ]);
}

the postRegister function:

public function postRegister(Request $request)
{
    $validator = $this->validator($request->all());

    if ($validator->fails()) {
        $this->throwValidationException(
            $request, $validator
        );
    }

    Auth::login($this->create($request->all()));

    return redirect($this->redirectPath());
}

Answer 1

I have found the problem!

I'm using this package Roles And Permissions For Laravel 5 and forgot to put a role with login permissions to the user on creation …

Apparently I was testing with a user that was created in the seeding process (it has a role attached), but when I tried to register a new user the problems started …

$user->attachRole($regularUserRole);

/**
 * Create a new user instance after a valid registration.
 *
 * @param  array  $data
 * @return User
 */
protected function create(array $data)
{
    $team = new Team(["name" => ""]);
    $regularUserRole = Role::where('slug','user')->first();
    $user = User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => bcrypt($data['password']),
    ]);
    if ($team->save() && $regularUserRole) {
        $user->team()->associate($team);
        $user->attachRole($regularUserRole);
        if ($user->save()) {
            $team->owner()->associate($user);
            $team->save();
            return $user;
        }
    }
    return false;
}