From a47afc4bf20e9fd63749f08d6fa877748fe49faf Mon Sep 17 00:00:00 2001
From: Alexis Saettler <alexis@saettler.org>
Date: Mon, 8 Apr 2024 22:50:21 +0200
Subject: [PATCH] fix: no password rehashing in case of webauthn login (#485)

---
 src/Auth/EloquentWebAuthnProvider.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/Auth/EloquentWebAuthnProvider.php b/src/Auth/EloquentWebAuthnProvider.php
index 0663259..052955c 100644
--- a/src/Auth/EloquentWebAuthnProvider.php
+++ b/src/Auth/EloquentWebAuthnProvider.php
@@ -84,4 +84,17 @@ public function validateCredentials(User $user, array $credentials): bool
 
         return false;
     }
+
+    /**
+     * Rehash the user's password if required and supported.
+     */
+    public function rehashPasswordIfRequired(User $user, array $credentials, bool $force = false): void
+    {
+        if ($this->isSignedChallenge($credentials)) {
+            // We don't need to rehash the password for WebAuthn credentials.
+            return;
+        }
+
+        parent::rehashPasswordIfRequired($user, $credentials, $force);
+    }
 }