Laravel Anypass
โค๏ธ for every "lazy" laravel developer ;)
Built with It is always painful to remember and type in the correct password in the login form while you are in development...
It would be nice to be able to login with any password in local environment and only by changing the .env variables(not the application code), switch to: "real password checking".
(This means you do not need to change your application code, when you deploy your app to production while you enjoy the ease in local environments.)
Actually the behaviour of the auth()->attempt($credentials);
simply changes based on the config variable in the auth.php and .env file!
Performance hit:
This package is only a few lines (about 20 lines) of code with almost no overhead.
It is also completely safe to avoid installing it on production without changing your code. Since it is a dev only dependency in your composer.json file.
"require-dev": {
"imanghafoori/laravel-anypass": "dev-master",
...
},
Config
To avoid accidental security vulnerabilities, 3 conditions should match before you can login with any password :
in your .env file you must:
1 - APP_ENV=local // or APP_ENV=testing
2 - APP_DEBUG=true
3 - ANY_PASS=true
4 - WRONG_ANY_PASS=wrong // any password is correct except this one.
That way it is very unlikely to accidentally misconfigure your app to accept any wrong password on production server.
We highly recommend to take a look to the source code.
By default, Anypass will only work if the APP_ENV
is set to local or testing. You can override this by defining ANY_PASS_ENVIRONMENTS
in your .env file, and setting the value to a comma-separated string of environments. For example:
ANY_PASS=true
ANY_PASS_ENVIRONMENTS="local,testing,acceptance"
- If you want to manually check the login form behaivour in case of a wrong password in local you can use the "1_Wrong_pass" string. (you CAN enter it in lowercase or uppercase and a combination of both like "1_WrOnG_Pass", and it would be considered as a wrong password.)
๐ Note
You can not login with an invalid username or an invalid api token. Only the password checking is by-passed.
๐ฅ Installation
composer require --dev imanghafoori/laravel-anypass
(For laravel 5.4 and below: Instead of adding the service provider in the config/app.php file, you can add the following code to your app/Providers/AppServiceProvider.php file, within the register() method:
public function register()
{
if ($this->app->environment() === 'local' || $this->app->environment() === 'testing') {
$this->app->register(\Imanghafoori\AnyPass\AnyPassServiceProvider::class);
}
// ...
}
โ Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
โญ Your Stars Make Us Do More โญ
As always if you found this package useful and you want to encourage us to maintain and work on it, Please press the star button to declare your willing.