[9.x] Implement passport:hash command (#1238)

* Implement passport:hash command

* Skip records which are already hashed

* Fix client command when hashing secrets

* Use password_get_info

* Update HashCommand.php

Co-authored-by: Taylor Otwell <taylor@laravel.com>

src/Console/ClientCommand.php

@@ -162,6 +162,6 @@ protected function createAuthCodeClient(ClientRepository $clients)
     protected function outputClientDetails(Client $client)
     {
         $this->line('<comment>Client ID:</comment> '.$client->id);
-        $this->line('<comment>Client secret:</comment> '.$client->secret);
+        $this->line('<comment>Client secret:</comment> '.$client->plainSecret);
     }
 }

src/Console/HashCommand.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace Laravel\Passport\Console;
+
+use Illuminate\Console\Command;
+use Laravel\Passport\Passport;
+
+class HashCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'passport:hash';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Hash all of the existing secrets in the clients table';
+
+    /**
+     * Execute the console command.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        if (! Passport::$hashesClientSecrets) {
+            $this->warn("Please enable client hashing yet in your AppServiceProvider before continuning.");
+
+            return;
+        }
+
+        if ($this->confirm('Are you sure you want to hash all client secrets? This cannot be undone.')) {
+            $model = Passport::clientModel();
+
+            foreach ((new $model)->whereNotNull('secret')->cursor() as $client) {
+                if (password_get_info($client->secret)['algo'] === PASSWORD_BCRYPT) {
+                    continue;
+                }
+
+                $client->timestamps = false;
+
+                $client->forceFill([
+                    'secret' => password_hash($client->secret, PASSWORD_BCRYPT),
+                ])->save();
+            }
+
+            $this->info('All client secrets were successfully hashed.');
+        }
+    }
+}

src/PassportServiceProvider.php

@@ -62,6 +62,7 @@ public function boot()
             $this->commands([
                 Console\InstallCommand::class,
                 Console\ClientCommand::class,
+                Console\HashCommand::class,
                 Console\KeysCommand::class,
                 Console\PurgeCommand::class,
             ]);