From 05e97a83ed36b745afd6abd7c307d6689143a580 Mon Sep 17 00:00:00 2001 From: Sarah Gilberg Date: Thu, 19 Sep 2024 07:31:03 -0400 Subject: [PATCH] Document breaking change in password rehashing if custom password field (#9901) * Document breaking change in password rehashing if custom password field Also added missing likelihood-of-impact, which I'm calling "low" since most folks probably use the default 'password' field name. * Update upgrade.md --------- Co-authored-by: Taylor Otwell --- upgrade.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/upgrade.md b/upgrade.md index 381f486024c..209df7bd94c 100644 --- a/upgrade.md +++ b/upgrade.md @@ -126,9 +126,15 @@ However, we do **not recommend** that Laravel 10 applications upgrading to Larav #### Password Rehashing -Laravel 11 will automatically rehash your user's passwords during authentication if your hashing algorithm's "work factor" has been updated since the password was last hashed. +**Likelihood Of Impact: Low** + +Laravel 11 will automatically rehash your user's passwords during authentication if your hashing algorithm's "work factor" has been updated since the password was last hashed. + +Typically, this should not disrupt your application; however, if your `User` model's "password" field has a name other than `password`, you should specify the field's name via the model's `authPasswordName` property: + + protected $authPasswordName = 'custom_password_field'; -Typically, this should not disrupt your application; however, you may disable this behavior by adding the `rehash_on_login` option to your application's `config/hashing.php` configuration file: +Alternatively, you may disable password rehashing by adding the `rehash_on_login` option to your application's `config/hashing.php` configuration file: 'rehash_on_login' => false,