Commit9de96e6

committed

feature#3995 [DX] New service to simplify password encoding (aferrandini)

This PR was merged into the master branch.Discussion----------[DX] New service to simplify password encoding| Q | A| ------------- | ---| Doc fix? | no| New docs? | [#11306](symfony/symfony#11306)| Applies to | 2.6Add documentation for symfony/symfony PR [#11306](symfony/symfony#11306)New service to simplify password encoding.Commits-------785827f New service to simplify password encoding

2 parents928a579 +785827f commit9de96e6Copy full SHA for 9de96e6

File tree

2 files changed

+47

-26

lines changed

book
- security.rst
cookbook/security
- custom_password_authenticator.rst

2 files changed

+47

-26

lines changed

`‎book/security.rst‎`

Lines changed: 31 additions & 4 deletions

Original file line number	Diff line number	Diff line change
@@ -1567,30 +1567,57 @@ is available by calling the PHP function :phpfunction:`hash_algos`.
`1567`	`1567`	`Determining the Hashed Password`
`1568`	`1568`	`...............................`
`1569`	`1569`
	`1570`	`+..versionadded::2.6`
	`1571`	+ The ``security.password_encoder`` service was introduced in Symfony 2.6.
	`1572`	`+`
`1570`	`1573`	`If you're storing users in the database and you have some sort of registration`
`1571`	`1574`	`form for users, you'll need to be able to determine the hashed password so`
`1572`	`1575`	`that you can set it on your user before inserting it. No matter what algorithm`
`1573`	`1576`	`you configure for your user object, the hashed password can always be determined`
`1574`	`1577`	`in the following way from a controller::`
`1575`	`1578`
`1576`		`- $factory = $this->get('security.encoder_factory');`
`1577`	`1579`	`$user = new Acme\UserBundle\Entity\User();`
	`1580`	`+ $plainPassword = 'ryanpass';`
	`1581`	`+ $encoded = $this->container->get('security.password_encoder')`
	`1582`	`+ ->encodePassword($user, $plainPassword);`
`1578`	`1583`
`1579`		`- $encoder = $factory->getEncoder($user);`
`1580`		`- $password = $encoder->encodePassword('ryanpass', $user->getSalt());`
`1581`		`- $user->setPassword($password);`
	`1584`	`+ $user->setPassword($encoded);`
`1582`	`1585`
`1583`	`1586`	`In order for this to work, just make sure that you have the encoder for your`
`1584`	`1587`	user class (e.g. ``Acme\UserBundle\Entity\User``) configured under the ``encoders``
`1585`	`1588`	key in ``app/config/security.yml``.
`1586`	`1589`
	`1590`	`+..sidebar::Get the User Encoder`
	`1591`	`+`
	`1592`	+ In some cases, you need a specific encoder for a given user (e.g. ``Acme\UserBundle\Entity\User``).
	`1593`	+ You can use the ``EncoderFactory`` to get this encoder::
	`1594`	`+`
	`1595`	`+ $factory = $this->get('security.encoder_factory');`
	`1596`	`+ $user = new Acme\UserBundle\Entity\User();`
	`1597`	`+`
	`1598`	`+ $encoder = $factory->getEncoder($user);`
	`1599`	`+`
`1587`	`1600`	`..caution::`
`1588`	`1601`
`1589`	`1602`	`When you allow a user to submit a plaintext password (e.g. registration`
`1590`	`1603`	`form, change password form), you must have validation that guarantees`
`1591`	`1604`	`that the password is 4096 characters or less. Read more details in`
`1592`	`1605`	:ref:`How to implement a simple Registration Form<cookbook-registration-password-max>`.
`1593`	`1606`
	`1607`	`+Validating a Plaintext Password`
	`1608`	`+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
	`1609`	`+`
	`1610`	`+Sometimes you want to check if a plain password is valid for a given user::`
	`1611`	`+`
	`1612`	`+ // a user instance of some class which implements Symfony\Component\Security\Core\User\UserInterface`
	`1613`	`+ $user = ...;`
	`1614`	`+`
	`1615`	`+ // the password that should be checked`
	`1616`	`+ $plainPassword = ...;`
	`1617`	`+`
	`1618`	`+ $isValidPassword = $this->container->get('security.password_encoder')`
	`1619`	`+ ->isPasswordValid($user, $plainPassword);`
	`1620`	`+`
`1594`	`1621`	`Retrieving the User Object`
`1595`	`1622`	`~~~~~~~~~~~~~~~~~~~~~~~~~~`
`1596`	`1623`

`‎cookbook/security/custom_password_authenticator.rst‎`

Lines changed: 16 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,13 +8,17 @@ Imagine you want to allow access to your website only between 2pm and 4pm`
`8`	`8`	`UTC. Before Symfony 2.4, you had to create a custom token, factory, listener`
`9`	`9`	`and provider. In this entry, you'll learn how to do this for a login form`
`10`	`10`	`(i.e. where your user submits their username and password).`
	`11`	`+Before Symfony 2.6, you had to use the password encoder to authenticate the user password.`
`11`	`12`
`12`	`13`	`The Password Authenticator`
`13`	`14`	`--------------------------`
`14`	`15`
`15`	`16`	`..versionadded::2.4`
`16`	`17`	The ``SimpleFormAuthenticatorInterface`` interface was introduced in Symfony 2.4.
`17`	`18`
	`19`	`+..versionadded::2.6`
	`20`	+ The ``UserPasswordEncoderInterface`` interface was introduced in Symfony 2.6.
	`21`	`+`
`18`	`22`	`First, create a new class that implements`
`19`	`23`	:class:`Symfony\\Component\\Security\\Core\\Authentication\\SimpleFormAuthenticatorInterface`.
`20`	`24`	`Eventually, this will allow you to create custom logic for authenticating`
`@@ -27,18 +31,18 @@ the user::`
`27`	`31`	`use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;`
`28`	`32`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`29`	`33`	`use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;`
`30`		`- use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;`
	`34`	`+ use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;`
`31`	`35`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
`32`	`36`	`use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;`
`33`	`37`	`use Symfony\Component\Security\Core\User\UserProviderInterface;`
`34`	`38`
`35`	`39`	`class TimeAuthenticator implements SimpleFormAuthenticatorInterface`
`36`	`40`	`{`
`37`		`- private $encoderFactory;`
	`41`	`+ private $encoder;`
`38`	`42`
`39`		`- public function __construct(EncoderFactoryInterface $encoderFactory)`
	`43`	`+ public function __construct(UserPasswordEncoderInterface $encoder)`
`40`	`44`	`{`
`41`		`- $this->encoderFactory = $encoderFactory;`
	`45`	`+ $this->encoder = $encoder;`
`42`	`46`	`}`
`43`	`47`
`44`	`48`	`public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)`
`@@ -49,12 +53,7 @@ the user::`
`49`	`53`	`throw new AuthenticationException('Invalid username or password');`
`50`	`54`	`}`
`51`	`55`
`52`		`- $encoder = $this->encoderFactory->getEncoder($user);`
`53`		`- $passwordValid = $encoder->isPasswordValid(`
`54`		`- $user->getPassword(),`
`55`		`- $token->getCredentials(),`
`56`		`- $user->getSalt()`
`57`		`- );`
	`56`	`+ $passwordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());`
`58`	`57`
`59`	`58`	`if ($passwordValid) {`
`60`	`59`	`$currentHour = date('G');`
`@@ -127,17 +126,12 @@ Ultimately, your job is to return a new token object that is "authenticated"`
`127`	`126`	(i.e. it has at least 1 role set on it) and which has the ``User`` object
`128`	`127`	`inside of it.`
`129`	`128`
`130`		`-Inside this method,an encoder is needed to check the password's validity::`
	`129`	`+Inside this method,the password encoder is needed to check the password's validity::`
`131`	`130`
`132`		`- $encoder = $this->encoderFactory->getEncoder($user);`
`133`		`- $passwordValid = $encoder->isPasswordValid(`
`134`		`- $user->getPassword(),`
`135`		`- $token->getCredentials(),`
`136`		`- $user->getSalt()`
`137`		`- );`
	`131`	`+ $passwordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());`
`138`	`132`
`139`		`-This is a service that is already available in Symfony and the password algorithm`
`140`		-is configured in the security configuration (e.g. ``security.yml``) under
	`133`	`+This is a service that is already available in Symfony andit usesthe password algorithm`
	`134`	+thatis configured in the security configuration (e.g. ``security.yml``) under
`141`	`135`	the ``encoders`` key. Below, you'll see how to inject that into the ``TimeAuthenticator``.
`142`	`136`
`143`	`137`	`.. _cookbook-security-password-authenticator-config:`
@@ -157,7 +151,7 @@ Now, configure your ``TimeAuthenticator`` as a service:
`157`	`151`
`158`	`152`	`time_authenticator:`
`159`	`153`	`class:Acme\HelloBundle\Security\TimeAuthenticator`
`160`		`-arguments:["@security.encoder_factory"]`
	`154`	`+arguments:["@security.password_encoder"]`
`161`	`155`
`162`	`156`	`..code-block::xml`
`163`	`157`
@@ -173,7 +167,7 @@ Now, configure your ``TimeAuthenticator`` as a service:
`173`	`167`	`<serviceid="time_authenticator"`
`174`	`168`	`class="Acme\HelloBundle\Security\TimeAuthenticator"`
`175`	`169`	`>`
`176`		`- <argumenttype="service"id="security.encoder_factory" />`
	`170`	`+ <argumenttype="service"id="security.password_encoder" />`
`177`	`171`	`</service>`
`178`	`172`	`</services>`
`179`	`173`	`</container>`
@@ -188,7 +182,7 @@ Now, configure your ``TimeAuthenticator`` as a service:
`188`	`182`
`189`	`183`	`$container->setDefinition('time_authenticator', new Definition(`
`190`	`184`	`'Acme\HelloBundle\Security\TimeAuthenticator',`
`191`		`- array(new Reference('security.encoder_factory'))`
	`185`	`+ array(new Reference('security.password_encoder'))`
`192`	`186`	`));`
`193`	`187`
`194`	`188`	Then, activate it in the ``firewalls`` section of the security configuration

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit9de96e6

File tree

2 files changed

2 files changed

`‎book/security.rst‎`

`‎cookbook/security/custom_password_authenticator.rst‎`

0 commit comments