Podcast
Get Unstuck
Recently, I talked about why Laravel changes the number of Bcrypt rounds when running tests.
This led to some feedback from readers about bypassing the hash altogether in their user factory, and just pre-hashing a fixed password for tests.
Interestingly, this used to be the default behavior in Laravel projects, but not too long ago, the pre-hashed password was removed, and it now uses Hash::make to generate a new password.
Why? The whole discussion is here, but in short it was to prevent throwing exceptions as the bcrypt configuration changes over time.
I understand why this is a better default for the framework, since it avoids confusion for developers bumping into unexpected errors in tests, but I still prefer the old behavior.
Since I know what is happening under the hood, I am willing to manually update my pre-hashed factory password in the future if things change again. I prefer that occasional update once every couple years compared to having to wait for bcrypt hashes to be generated for every user created in every single test run.
This is a good example of knowing the defaults and yet making a reasoned decision to deviate from them and what tradeoffs that entails. Sometimes it may make more sense to keep the default behavior, but in general I find that pre-hashing is a better fit for my projects.
Here to help,
Joel
P.S. Collect all the tips and keep them for ready reference in our latest volume.