laravel · taylorotwell · Jun 20, 2018 · Jun 17, 2018 · Jun 17, 2018 · Jun 17, 2018
diff --git a/src/Illuminate/Auth/DatabaseUserProvider.php b/src/Illuminate/Auth/DatabaseUserProvider.php
@@ -3,6 +3,7 @@
 namespace Illuminate\Auth;
 
 use Illuminate\Support\Str;
+use Illuminate\Support\Collection;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Hashing\Hasher as HasherContract;
@@ -110,7 +111,17 @@ public function retrieveByCredentials(array $credentials)
         $query = $this->conn->table($this->table);
 
         foreach ($credentials as $key => $value) {
-            if (! Str::contains($key, 'password')) {
+            if (Str::contains($key, 'password')) {
+                continue;
+            }
+
+            if ($value instanceof Arrayable || $value instanceof Collection) {
+                $value = $value->toArray();
+            }
+
+            if (is_array($value)) {
+                $query->whereIn($key, $value);
+            } else {
                 $query->where($key, $value);
             }
         }

diff --git a/src/Illuminate/Auth/EloquentUserProvider.php b/src/Illuminate/Auth/EloquentUserProvider.php
@@ -3,6 +3,7 @@
 namespace Illuminate\Auth;
 
 use Illuminate\Support\Str;
+use Illuminate\Support\Collection;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Contracts\Hashing\Hasher as HasherContract;
 use Illuminate\Contracts\Auth\Authenticatable as UserContract;
@@ -113,7 +114,17 @@ public function retrieveByCredentials(array $credentials)
         $query = $this->createModel()->newQuery();
 
         foreach ($credentials as $key => $value) {
-            if (! Str::contains($key, 'password')) {
+            if (Str::contains($key, 'password')) {
+                continue;
+            }
+
+            if ($value instanceof Arrayable || $value instanceof Collection) {
+                $value = $value->toArray();
+            }
+
+            if (is_array($value)) {
+                $query->whereIn($key, $value);
+            } else {
                 $query->where($key, $value);
             }
         }

diff --git a/tests/Auth/AuthGuardTest.php b/tests/Auth/AuthGuardTest.php
@@ -66,6 +66,18 @@ public function testBasicWithExtraConditions()
         $guard->basic('email', ['active' => 1]);
     }
 
+    public function testBasicWithExtraArrayConditions()
+    {
+        list($session, $provider, $request, $cookie) = $this->getMocks();
+        $guard = m::mock('Illuminate\Auth\SessionGuard[check,attempt]', ['default', $provider, $session]);
+        $guard->shouldReceive('check')->once()->andReturn(false);
+        $guard->shouldReceive('attempt')->once()->with(['email' => 'foo@bar.com', 'password' => 'secret', 'active' => 1, 'type' => [1, 2, 3]])->andReturn(true);
+        $request = \Symfony\Component\HttpFoundation\Request::create('/', 'GET', [], [], [], ['PHP_AUTH_USER' => 'foo@bar.com', 'PHP_AUTH_PW' => 'secret']);
+        $guard->setRequest($request);
+
+        $guard->basic('email', ['active' => 1, 'type' => [1, 2, 3]]);
+    }
+
     public function testAttemptCallsRetrieveByCredentials()
     {
         $guard = $this->getGuard();