Symfony2 + FOSUserBundle - Password without encoder

0

Using Symfony2 plus FOSUserBundle, I want the user's database in the database to have no password encoders.

In security.yml was placed:

encoders: FOS\UserBundle\Model\UserInterface: plaintext

However, when I create the user from the console:

fos:user:create -- admin [email protected] admin 

The password in the database is created as follows: admin{salt...} . In short, it creates with the admin password as it was informed plus the salt between keys, for example: admin{e3adudjubsgsg88kgwg4w4oscw8os4c} .

What should I do to make this field only the password in plaintext without the salt?

    
asked by anonymous 16.02.2016 / 19:43

1 answer

0

Analyzing the framework code, I saw code calls look like this:

Class Symfony\Component\Security\Core\Encoder\UserPasswordEncoder :

public function encodePassword(UserInterface $user, $plainPassword)
{
    $encoder = $this->encoderFactory->getEncoder($user);

    return $encoder->encodePassword($plainPassword, $user->getSalt());
}

Class Symfony\Component\Security\Core\Encoder\BasePasswordEncoder :

public function encodePassword($raw, $salt)
{
    if ($this->isPasswordTooLong($raw)) {
        throw new BadCredentialsException('Invalid password.');
    }

    return $this->mergePasswordAndSalt($raw, $salt);
}

Class Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder :

protected function mergePasswordAndSalt($password, $salt)
{
    if (empty($salt)) {
        return $password;
    }

    if (false !== strrpos($salt, '{') || false !== strrpos($salt, '}')) {
        throw new \InvalidArgumentException('Cannot use { or } in salt.');
    }

    return $password.'{'.$salt.'}';
}

That is, you concatenate the salt with the password because there is a salt in the user's registry. Clear this field that the password returned will be the password itself.

    
18.03.2016 / 14:36