Commit3792fee

committed

minor#3858 Clarified Password Encoders example (WouterJ)

This PR was merged into the 2.3 branch.Discussion----------Clarified Password Encoders exampleThis replaces#3618| Q | A| --- | ---| Doc fix? | yes| New docs? | no| Applies to | all| Ficket tickets | -Commits-------02f072a Applied comments17999cf Wrong parameters order and wrong naming

2 parents663d68c +02f072a commit3792feeCopy full SHA for 3792fee

File tree

1 file changed

+21

-7

lines changed

components/security
- authentication.rst

1 file changed

+21

-7

lines changed

`‎components/security/authentication.rst‎`

Lines changed: 21 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -237,21 +237,35 @@ method of the password encoder factory is called with the user object as`
`237`	`237`	its first argument, it will return an encoder of type:class:`Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface`
`238`	`238`	`which should be used to encode this user's password::`
`239`	`239`
`240`		`- // fetch a user of type Acme\Entity\LegacyUser`
`241`		`- $user = ...`
	`240`	`+ // a Acme\Entity\LegacyUser instance`
	`241`	`+ $user = ...;`
	`242`	`+`
	`243`	`+ // the password that was submitted, e.g. when registering`
	`244`	`+ $plainPassword = ...;`
`242`	`245`
`243`	`246`	`$encoder = $encoderFactory->getEncoder($user);`
`244`	`247`
`245`	`248`	`// will return $weakEncoder (see above)`
	`249`	`+ $encodedPassword = $encoder->encodePassword($plainPassword, $user->getSalt());`
	`250`	`+`
	`251`	`+ $user->setPassword($encodedPassword);`
`246`	`252`
`247`		`-$encodedPassword = $encoder->encodePassword($password, $user->getSalt());`
	`253`	`+// ... save theuser`
`248`	`254`
`249`		`- // check if the password is valid:`
	`255`	`+Now, when you want to check if the submitted password (e.g. when trying to log`
	`256`	`+in) is correct, you can use::`
	`257`	`+`
	`258`	`+ // fetch the Acme\Entity\LegacyUser`
	`259`	`+ $user = ...;`
	`260`	`+`
	`261`	`+ // the submitted password, e.g. from the login form`
	`262`	`+ $plainPassword = ...;`
`250`	`263`
`251`	`264`	`$validPassword = $encoder->isPasswordValid(`
`252`		`- $user->getPassword(),`
`253`		`- $password,`
`254`		`- $user->getSalt());`
	`265`	`+ $user->getPassword(), // the encoded password`
	`266`	`+ $plainPassword, // the submitted password`
	`267`	`+ $user->getSalt()`
	`268`	`+ );`
`255`	`269`
`256`	`270`	.. _`CVE-2013-5750`:http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
`257`	`271`	.. _`BasePasswordEncoder::checkPasswordLength`:https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit3792fee

File tree

1 file changed

1 file changed

`‎components/security/authentication.rst‎`

0 commit comments