Hashed password in DB and plain password with Hash::check are not equal

Question

I've created my accounts in CRM.

Most interesting thing is password and I've handled it creating like that:

$password = $faker->password();
$businessAccount->password = bcrypt($password);

then I send email with this password.

and now I've created login page in my website when I want to make login using some number and password.

public function login(BusinessLoginRequest $request)
    {
        $orgNumber = $request->input('orgNumber');
        $password = $request->input('password');
        var_dump( $pass = BusinessAccounts::find('123456789')->password);
        var_dump(Hash::check($password, $pass));
        if(Auth::guard('business')->attempt(['orgNumber' => $orgNumber, 'password' => $password ])) {
                return 'Hello';
        }
        return 'no';

    }

I'm sorry for that var_dumps, I've inserted it here to see what happen when I click "login"

Password was hashed through bcrypt and how I understand, Auth::attempt check plain password with hashed.

Okay, let's go deeper. First var_dump say me password which was stored in DB and they are equal.

Second var_dump say me "bool(false)" and last say me no, authentication failed, I think.

But when I put hashed password in my form then all is good and I see "Hello" but it's wrong.

And, of course, I've created guard and provider:

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'token',
            'provider' => 'users',
        ],
        'business' => [
            'driver' => 'session',
            'provider' => 'business'
        ]
    ],

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\Eloquent\Account::class,
        ],
        'business' => [
            'driver' => 'eloquent',
            'model'  => App\Models\Eloquent\BusinessAccounts::class
        ]
    ],

and have changed my Model:

class BusinessAccounts extends Model implements Authenticatable
{
    use \Illuminate\Auth\Authenticatable;

    protected $table = 'business_accounts';

    protected $fillable =
        [
            'orgNumber', 'password'
        ];

    public $timestamps = false;

    protected $primaryKey = 'orgNumber';

}

Question is: what I did wrong? How to check unhashed password? I don't want to put hashed password from my db.

Answer 1

Try to hash in that way:

use Illuminate\Support\Facades\Hash;

then:

'password' => Hash::make($request->newPassword)