Symfony2 + Fosuserbundle - Password without Encoder

Asked

Viewed 86 times

0

Using Symfony2 plus Fosuserbundle, I want the user registration in the database to have no password encoder.

In security.yml was placed:

encoders: FOS\UserBundle\Model\UserInterface: plaintext

However, when I create the user from the console: 

fos:user:create -- admin [email protected] admin

The password in the bank is created as follows: admin{salt...}. In short, it creates with the password admin how was reported plus salt between keys, for example: admin{e3adudjubsgsg88kgwg4w4oscw8os4c}.

What should I do so that this field is only the password in plaintext without the salt?

php symfony

1 answer

0


Analyzing the code of the framework, I saw that the code calls are like this:

Class Symfony\Component\Security\Core\Encoder\UserPasswordEncoder:

public function encodePassword(UserInterface $user, $plainPassword)
{
    $encoder = $this->encoderFactory->getEncoder($user);

    return $encoder->encodePassword($plainPassword, $user->getSalt());
}

Class Symfony\Component\Security\Core\Encoder\BasePasswordEncoder:

public function encodePassword($raw, $salt)
{
    if ($this->isPasswordTooLong($raw)) {
        throw new BadCredentialsException('Invalid password.');
    }

    return $this->mergePasswordAndSalt($raw, $salt);
}

Class Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder:

protected function mergePasswordAndSalt($password, $salt)
{
    if (empty($salt)) {
        return $password;
    }

    if (false !== strrpos($salt, '{') || false !== strrpos($salt, '}')) {
        throw new \InvalidArgumentException('Cannot use { or } in salt.');
    }

    return $password.'{'.$salt.'}';
}

That is, salt is concatenated with the password because there is a salt in the user’s registration. Clear this field that the returned password will be the password itself.

Browser other questions tagged php symfony

You are not signed in. Login or sign up in order to post.