fix: no password rehashing in case of webauthn login (#485)

asbiin · Apr 8, 2024 · a47afc4 · a47afc4
1 parent 3e5eaa2
commit a47afc4
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/Auth/EloquentWebAuthnProvider.php b/src/Auth/EloquentWebAuthnProvider.php
@@ -84,4 +84,17 @@ public function validateCredentials(User $user, array $credentials): bool
 
         return false;
     }
+
+    /**
+     * Rehash the user's password if required and supported.
+     */
+    public function rehashPasswordIfRequired(User $user, array $credentials, bool $force = false): void
+    {
+        if ($this->isSignedChallenge($credentials)) {
+            // We don't need to rehash the password for WebAuthn credentials.
+            return;
+        }
+
+        parent::rehashPasswordIfRequired($user, $credentials, $force);
+    }
 }