Custom database and Laravel password migration

levipro · December 12, 2019, 12:11pm

Hello!

I’m doing Custom Database connection to my Laravel application. The connection itself is set-up to corresponding database and data from the users table is retrieved. However, I would like to check if user can be authenticated or not using Laravel hashed password. Right now I always get response “401 - Unauthorized”.

Does anybody have ideas how to implement this using “Database Action Scripts” in Auth0? Here is my code:

function login(email, password, callback) {
const mysql = require(‘mysql’);
const bcrypt = require(‘bcrypt’);

const connection = mysql.createConnection({
host: configuration.ip,
user: configuration.user,
password: configuration.password,
database: configuration.database
});

//console.log(connection);

connection.connect();

const query = ‘SELECT id, name, email, password FROM users WHERE email = ?’;

connection.query(query, [ email ], function(err, results) {
if (err) console.log(err);
if (err) return callback(err);
if (results) console.log(results);
if (results.length === 0) return callback(new WrongUsernameOrPasswordError(email));
const user = results[0];

bcrypt.compare(password, user.password, function(err, isValid) {
  if (err || !isValid) return callback(err || new WrongUsernameOrPasswordError(email));
  callback(null, {
    user_id: user.id.toString(),
    //user_id: user.email,
    nickname: user.name,
    email: user.email
  });
});

});
}

Thank you in advance!

Best regards,
Levipro

dan.woda · December 12, 2019, 10:34pm

Hi @levipro,

Welcome to the Auth0 Community Forum!

Are you on an enterprise account? Custom database is an enterprise feature and could be throwing the unauthorized error if it is not allowed. Mentioned in the docs here.

Otherwise it looks like you may have already seen this, but here is the suggested login script for bcrypt hashes:

https://auth0.com/docs/connections/database/custom-db/templates/login#mysql

Thanks,
Dan

levipro · December 13, 2019, 10:46am

Hello!

Thank you! Probably that’s the case - I have developer subscription. It would make pretty much sense that notice is shown also on the Auth0 Dashboard. Otherwise, if only reference is in docs and response from API with the message “401 - Unauthorized” then it could be misleading. Interestingly, Wordpress custom database worked well but with Laravel it fails.

I will go with another process then and this thread can be closed. Thanks again!

Best regards,
Levipro

dan.woda · December 13, 2019, 7:17pm

Sorry about the confusion! Let us know if there is anything else we can help with.

Thanks,
Dan

dan.woda · December 27, 2019, 11:17pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.