[6.x] – Override default EloquentUserProvider to check $user->authPas…

…sword before checking hashes match

src/Auth/SocialstreamUserProvider.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace JoelButcher\Socialstream\Auth;
+
+use Illuminate\Auth\EloquentUserProvider;
+use Illuminate\Contracts\Auth\Authenticatable as UserContract;
+
+class SocialstreamUserProvider extends EloquentUserProvider
+{
+    public function validateCredentials(UserContract $user, #[\SensitiveParameter] array $credentials): bool
+    {
+        if (is_null($user->getAuthPassword())) {
+            return false;
+        }
+
+        return parent::validateCredentials($user, $credentials);
+    }
+}

src/SocialstreamServiceProvider.php

@@ -18,6 +18,7 @@
 use JoelButcher\Socialstream\Actions\ResolveSocialiteUser;
 use JoelButcher\Socialstream\Actions\SetUserPassword;
 use JoelButcher\Socialstream\Actions\UpdateConnectedAccount;
+use JoelButcher\Socialstream\Auth\SocialstreamUserProvider;
 use JoelButcher\Socialstream\Concerns\InteractsWithComposer;
 use JoelButcher\Socialstream\Http\Livewire\ConnectedAccountsForm;
 use JoelButcher\Socialstream\Http\Livewire\SetPasswordForm;
@@ -76,6 +77,7 @@ protected function registerResponseBindings(): void
      */
     public function boot(): void
     {
+        $this->configureAuth();
         $this->configureDefaults();
         $this->configureRoutes();
         $this->configureCommands();
@@ -91,6 +93,14 @@ public function boot(): void
         }
     }
 
+    private function configureAuth(): void
+    {
+        Auth::provider('eloquent', fn ($app, array $config) => new SocialstreamUserProvider(
+            hasher: $app['hash'],
+            model: $config['model']
+        ));
+    }
+
     /**
      * Sets sensible package defaults.
      */