fix: no password rehashing in case of webauthn login (#485)

asbiin · web-flow · commit a47afc4bf20e · 2024-04-08T22:50:21.000+02:00
diff --git a/src/Auth/EloquentWebAuthnProvider.php b/src/Auth/EloquentWebAuthnProvider.php
@@ -84,4 +84,17 @@ public function validateCredentials(User $user, array $credentials): bool
 
         return false;
     }
+
+    /**
+     * Rehash the user's password if required and supported.
+     */
+    public function rehashPasswordIfRequired(User $user, array $credentials, bool $force = false): void
+    {
+        if ($this->isSignedChallenge($credentials)) {
+            // We don't need to rehash the password for WebAuthn credentials.
+            return;
+        }
+
+        parent::rehashPasswordIfRequired($user, $credentials, $force);
+    }
 }
