Ignorance is bliss, but bliss is just a perception
I was developing “a Laravel 5.0 system”. At first, there was no problem with authentication.
After 5 months development, the login feature turns out to be broken. Last time I remember it was fine before. So I tried logging in with my own account and I can log in normally. Then the developer points out that only newly registered users who was not able to login.
Then I open the users table and took my bcrypt-ed password and tested it online. Turned out my old account can be verified and my newly created account cannot be verified. Then I look into registration file at app/services/registar.php and dd-ing some variables. And tested the bcrypted-password online. Then I tried dd-ing bcrypted password (without inserted to laravel model) and it was fine!
So, my first conclusion was Storing password in User Eloquent model is different than the specified value.
apt-get update && apt-get upgrade
Then I suspect Laravel changed my password abruptly. I tested storing the password using plain text, and tested the hash, and it was verified!.
So, the conclusion is, laravel calls bcrypt function upon password assignment without developer consent, which is weird I think, as they changed the behavior that cause my-5-months-code broke.
The fix is easy, just change
'password' => bcrypt($data['password']),
'password' => $data['password'],