This is a bad idea as you could inadvertently introduce a security risk into your production code. But in the interests of experimentation...
One way would be to overwrite the validation in the default session guard, but I think this is too risky. So I would duplicate your existing production guard and and force it to die if not in development mode. Here's an example assuming you're using the session guard.
In /app/Providers/AuthServiceProvider.php
register a new guard:
use App\Services\Auth\SillyGuard;
...
public function boot()
{
$this->registerPolicies();
Auth::extend('silly', function ($app, $name, array $config) {
// Return an instance of Illuminate\Contracts\Auth\Guard...
return new SillyGuard(Auth::createUserProvider($config['provider']));
});
}
Add it to your /config/auth.php
- you'll want to overwrite your existing web guard otherwise you'd have to redefine all your routes when you switch from development to production. You must switch this guard back to your original driver when you go to production mode
'guards' => [
//others
'web' => [
'driver' => 'silly',
'provider' => 'users',
],
],
Copy the file ...src/Illuminate/Auth/SessionGuard.php
to app/Services/Auth/SillyGuard.php
and make the following changes:
//namespace Illuminate\Auth;
namespace App\Services\Auth;
...
public function __construct($name,
UserProvider $provider,
SessionInterface $session,
Request $request = null)
{
if (!\App::environment('local') || !config('app.debug')) {
die("This guard only works in local debug mode");
}
$this->name...
...
protected function hasValidCredentials($user, $credentials)
{
//return ! is_null($user) && $this->provider->validateCredentials($user, $credentials);
return ! is_null($user);
}