phpsql-serverlaravelsql-server-2008-r2

Laravel - Implicit conversion from data type nvarchar to varbinary is not allowed


I am using Laravel 8.40 and trying to migrate my WebApp to

SQL Server 2008 R2 SP1

on MySQL everything works fine, but after I migrated my database over (with plain SQL commands) and when trying my app on IIS 7.5, PHP 7.4, MS SQL Server 2008 I get this error when trying to register user

SQLSTATE[42000]: [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Implicit conversion from data type nvarchar to varbinary is not allowed. Use the CONVERT function to run this query. (SQL: insert into [users] ([username], [email], [password]) values (wolf, qolf@myemail.com, $2y$10$1b.fjIEbBXgB30J8E6QIsuroXwXqx.WezBIodnnqOgszUJ92LvGgO))

My user model (User.php) looks like this

<?php
namespace App\Models;

use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Support\Str;
use App\Casts\uuid;
use Illuminate\Support\Facades\DB;
/**
 * @OA\Schema(
 *     title="User",
 *     description="User model",
 *     @OA\Xml(
 *         name="User"
 *     )
 * )
 */
class User extends Authenticatable
{
    use Notifiable;

    protected $primaryKey = 'UUID';

    public $incrementing = false;
    public $timestamps = false;

    protected $casts = [
        'UUID' => uuid::class,
        'password' => 'string',
        'created_at' => 'timestamp',
        'updated_at' => 'timestamp'
    ];

    protected $dates = [
        'created_at',
        'updated_at'
    ];

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'username', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];

    /**
     * @OA\Property(
     *      title="username",
     *      description="username",
     *      example="veso266"
     * )
     *
     * @var string
     */
    public $UUID;

    /**
     * @OA\Property(
     *      title="username",
     *      description="username",
     *      example="wolf"
     * )
     *
     * @var string
     */
    public $username;

    /**
     * @OA\Property(
     *      title="email",
     *      description="E-Mail Address",
     *      example="username@email.com"
     * )
     *
     * @var string
     */
    public $email;

    /**
     * @OA\Property(
     *      title="email",
     *      description="E-Mail Verificytion date",
     *      example="null"
     * )
     *
     * @var timestamp
     */
    public $email_verified_at;

    /**
     * @OA\Property(
     *      title="password",
     *      description="User Password",
     *      example="$2y$10$HPfubOU.XX/OptS3sAH73OC3iz6BLsJvIKFyFaoLMt3.."
     * )
     *
     * @var string
     */
    public $password;

    /**
     * @OA\Property(
     *      title="remember_tokem",
     *      description="If we shall remember the user token",
     *      example="null"
     * )
     *
     * @var string
     */
    public $remember_token;

    /**
     * @OA\Property(
     *      title="created_at",
     *      description="User Creation Date",
     *      example="1621804555"
     * )
     *
     * @var timestamp
     */
    public $created_at;
    /**
     * @OA\Property(
     *      title="updated_at",
     *      description="User Update Date",
     *      example="1621804600"
     * )
     *
     * @var timestamp
     */
    public $updated_at;

    public function generateToken()
    {
        $this->api_token = Str::random(60);
        $this->save();

        return $this->api_token;
    }

    public static function status()
    {
        $sql = DB::select("SELECT 
                              users.UUID, 
                              users.username, 
                              users.email, 
                              users.api_token
                           FROM users;");

        return $sql;
    }
}

my Casts\uuid.php

<?php

namespace App\Casts;

use Illuminate\Contracts\Database\Eloquent\CastsAttributes;

class uuid implements CastsAttributes
{
    /**
     * Cast the given value.
     *
     * @param  \Illuminate\Database\Eloquent\Model  $model
     * @param  string  $key
     * @param  mixed  $value
     * @param  array  $attributes
     * @return mixed
     */
    public function get($model, $key, $value, $attributes)
    {
        $hex = bin2hex($value);
        return substr($hex, 0,8) .'-'. substr($hex, 8,4) .'-'. substr($hex, 12,4) .'-'. substr($hex, 16,4) .'-'. substr($hex, 20,12);
    }

    /**
     * Prepare the given value for storage.
     *
     * @param  \Illuminate\Database\Eloquent\Model  $model
     * @param  string  $key
     * @param  mixed  $value
     * @param  array  $attributes
     * @return mixed
     */
    public function set($model, $key, $value, $attributes)
    {
        return hex2bin($value);
    }
}

my RegisterController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use App\Models\User;
use MyLibs\Auth\RegistersUsers;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use Illuminate\Http\Request;
use Illuminate\Auth\Events\Registered;

class RegisterController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Register Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users as well as their
    | validation and creation. By default this controller uses a trait to
    | provide this functionality without requiring any additional code.
    |
    */

    use RegistersUsers;

    /**
     * Where to redirect users after registration.
     *
     * @var string
     */
    protected $redirectTo = RouteServiceProvider::HOME;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'username' => ['required', 'string', 'max:255', 'unique:users', 'regex:/^\S*$/u'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'password' => ['required', 'string', 'min:8', 'confirmed'],
        ]);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return \App\User
     */
    protected function create(array $data)
    {
        return User::create([
            'username' => $data['username'],
            'email' => $data['email'],
            'password' => Hash::make($data['password']),
        ]);
    }

    public function register(Request $request)
    {
        // Here the request is validated. The validator method is located
        // inside the RegisterController, and makes sure the name, email
        // password and password_confirmation fields are required.
        $this->validator($request->all())->validate();

        // A Registered event is created and will trigger any relevant
        // observers, such as sending a confirmation email or any
        // code that needs to be run as soon as the user is created.
        event(new Registered($user = $this->create($request->all())));

        // After the user is created, he's logged in.
        $this->guard()->login($user);

        // And finally this is the hook that we want. If there is no
        // registered() method or it returns null, redirect him to
        // some other URL. In our case, we just need to implement
        // that method to return the correct response.
        return $this->registered($request, $user)
            ?: redirect($this->redirectPath());
    }

    protected function registered(Request $request, $user)
    {
        $user->generateToken();

        return response()->json(['data' => $user->toArray()], 201);
    }
}

and here is my table in the Database for the users

IF OBJECT_ID('dbo.users', 'U') IS NOT NULL
    DROP TABLE dbo.users;
GO

-- Create the `users` table
CREATE TABLE dbo.users (
    UUID UNIQUEIDENTIFIER NOT NULL,
    username NVARCHAR(10) NOT NULL,
    email NVARCHAR(255) NOT NULL,
    email_verified_at DATETIME NULL,
    password VARBINARY(60) NOT NULL, -- SHA512 Hash stored as binary
    api_token NVARCHAR(60) NULL,
    remember_token NVARCHAR(100) NULL,
    created_at DATETIME NULL DEFAULT ('0001-01-01T00:00:00'),
    updated_at DATETIME NULL DEFAULT ('0001-01-01T00:00:00'),
    CONSTRAINT PK_users PRIMARY KEY (UUID),
    CONSTRAINT UQ_users_email UNIQUE (email),
    CONSTRAINT UQ_users_api_token UNIQUE (api_token)
);
GO

-- Triggers for the `users` table
-- Trigger to generate UUID on insert
CREATE TRIGGER trg_generate_UUID
ON dbo.users
INSTEAD OF INSERT
AS
BEGIN
    DECLARE @newUUID UNIQUEIDENTIFIER
    SET @newUUID = NEWID() -- Generates a unique UUID
    INSERT INTO dbo.users (UUID, username, email, email_verified_at, password, api_token, remember_token, created_at, updated_at)
    SELECT @newUUID, username, email, email_verified_at, password, api_token, remember_token, COALESCE(created_at, GETDATE()), COALESCE(updated_at, GETDATE())
    FROM inserted;
END;
GO

-- Trigger to set created_at and updated_at on insert
CREATE TRIGGER trg_user_create
ON dbo.users
AFTER INSERT
AS
BEGIN
    UPDATE dbo.users
    SET created_at = GETDATE(),
        updated_at = GETDATE()
    WHERE UUID IN (SELECT UUID FROM inserted);
END;
GO

-- Trigger to set updated_at on update
CREATE TRIGGER trg_user_update
ON dbo.users
AFTER UPDATE
AS
BEGIN
    UPDATE dbo.users
    SET updated_at = GETDATE()
    WHERE UUID IN (SELECT UUID FROM inserted);
END;
GO

All the other anwsers like this: Implicit conversion from data type varchar(max) to varbinary(max) is not allowed. Use the CONVERT function to run this query

are working with raw SQL statments while I am not (I use ORM), so not even sure where to put CONVERT statment?

What can I do?


Solution

  • A hashed password returned by Hash::make() is a string, not binary. The fix here is to update the table schema so that the password field is also NVARCHAR instead of VARBINARY.

    A hashed password is returned as a crypt() compatible string with the algorithm, salt, and other parameters and looks something like $2y$10$1b.fjIEbBXgB30J8E6QIsuroXwXqx.WezBIodnnqOgszUJ92LvGgO.

    As such, you want to store the password as a string instead of binary.