Laravel decrypt() throws "DecryptException The payload is invalid."

Question

I have my authenticated user, and for debugging, I am trying to show his password using decrypt (as it is encrypted using encrypt().

To simplify things, I create a new route /test and I can see the encrypted password of the authenticated user like so:

Route::get('/test', function() {
    dd(Auth::user()->password)
});

This returns me: $2y$10$gdhYnCekBownWU62OitC6uSwoONfDWGO23FnaVwIgFPAeJI9L6DEa

---

But if I try using, it throws me this error:

Route::get('/test', function() {
    dd(decrypt(Auth::user()->password))
});

DecryptException: The payload is invalid.

---

I tried searching around regarding this issue, and two things I found were:

1) "Make sure app key is proper." It was there before, but to be sure, I run php artisan key:generate again. Nothing has changed.

2) "It is a CSRF issue". I disabled the csrf from middleware kernel in web, nothing has changed either. And I am not using post request, so I doubt this is my issue.

---

I need it because the scenario looks like this: I need to decrypt the password because I am generating a random password using this approach beforehand, and saved it to database; and I want to keep this approach.

$randomPassword = rand(111111,999999);
$user->password = encrypt($randomPassword);
$user->save();

Does anyone know what is the reason of this or how to overcome it?

Answer 1

You can't (link). Passwords aren't encrypted, they're hashed. It's one way, and once it's hashed, it cannot be un-hashed.

What you're trying to do is something that should be avoided. I can't think of any use case where you'd need to decrypt a user's password. I think you need to come up with a new strategy, maybe derive a password from a user like: lastname/yearofbirth