Framework: Users without a remember token don't generate a new one until logout

Created on 9 Jul 2014  路  1Comment  路  Source: laravel/framework

Using Laravel 4.2.6 and the Eloquent / User authentication configuration I noticed a problem. If I successfully logged in with the Remember Me option selected I'd be logged in, but the remember me cookie is broken like 1|. When checking the DB schema I ran across this issue:

CREATE TABLE `users` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `username` char(255) NOT NULL,
  `email` char(255) NULL,
  `password` char(255) NOT NULL,
  `remember_token` char(255) NOT NULL, -- Note the NOT NULL
  `created_at` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
  `updated_at` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

When loading a user without a remember token their attributes look like:

[
  'id' => 1,
  'username' => 'admin',
  'password' => '...',
  'remember_token' => '',
];

Which interferes with the proper behavior of Guard::createRememberTokenIfDoesntExist:

protected function createRememberTokenIfDoesntExist(UserInterface $user)
{
    // "" is not null, therefore, no refreshing the member token
    if (is_null($user->getRememberToken()))
    {
        $this->refreshRememberToken($user);
    }
}

There are a couple of potential fixes such as:

trait UserTrait {
  // ...
  public function hasRememberToken()
  {
    return !empty($this->attributes['remember_token']);
  }

  // OR

  public function getRememberToken()
  {
    return $this->remember_token ?: null;
  }
  // ...
}

I'm leaning toward the hasRememberToken being more in Laravel's style, and more reliable without regard to schema, but wanted to post this as an issue before I did any sort of pull request. (Contributing has changed a lot since I last contributed to L3...)

The issue is avoidable by making the column nullable, but the documentation doesn't mention this requirement. I happen to think that checking if the column is empty is wiser in case of schema differences like these.

picture rk

>All comments

aiyoo!! BRO if tha collum is nullible u wont see thes issues any longer!!
Make sure check var for a value my bruh.. easier to avoid this.

Not really an issue, LOL

mb2chainz picture mb2chainz on 9 Jul 2014
👎4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gabriellimo picture gabriellimo  路  3Comments
SachinAgarwal1337 picture SachinAgarwal1337  路  3Comments
PhiloNL picture PhiloNL  路  3Comments
JamborJan picture JamborJan  路  3Comments
klimentLambevski picture klimentLambevski  路  3Comments