Describe the bug
Using Leaf 4.0 / Auth 4.2.1
Disabling the password verification using this line of code as described in the docs (https://leafphp.dev/docs/auth/login.html#password-verification) :
auth()->config('password.verify', false);
This doesn't remove the password verification, and always leads to a wrong password error.
To Reproduce
auth()->config('password.verify', false);
$success = auth()->login(['email'] => 'valid@email']); // false
Expected behavior
auth()->login() should return true.
Additional context
I think the issue is located in Auth.php, line 295, but not 100% sure :
$passwordIsValid = (Config::get('password.verify') !== false && isset($user[$passwordKey]))
? ((is_callable(Config::get('password.verify')))
? call_user_func(Config::get('password.verify'), $userPassword, $user[$passwordKey])
: Password::verify($userPassword, $user[$passwordKey]))
: false;
The last line should be : true;.
Possible workaround is using a always true function :
config('password.verify', function($pass, $hash) { return true; })
Describe the bug
Using Leaf 4.0 / Auth 4.2.1
Disabling the password verification using this line of code as described in the docs (https://leafphp.dev/docs/auth/login.html#password-verification) :
auth()->config('password.verify', false);This doesn't remove the password verification, and always leads to a wrong password error.
To Reproduce
Expected behavior
auth()->login()should returntrue.Additional context
I think the issue is located in Auth.php, line 295, but not 100% sure :
The last line should be
: true;.Possible workaround is using a always true function :