thisfro/pflaenz.li-Symfony
Archived
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases 3 Wiki Activity

Use new authentication and hashing system

Browse source
This commit is contained in:
Jannis Portmann 2021-09-04 12:59:08 +02:00
parent 10e250a1da
commit b2428f6ae3
4 changed files with 17 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
config/packages/security.yaml
View file

@ -1,6 +1,11 @@
security: security:
encoders: enable_authenticator_manager: true
password_hashers:
# use your user class name here
App\Entity\User: App\Entity\User:
# Use native password hasher, which auto-selects the best
# possible hashing algorithm (starting from Symfony 5.3 this is "bcrypt")
algorithm: auto algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
@ -15,7 +20,6 @@ security:
pattern: ^/(_(profiler|wdt)|css|images|js)/ pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false security: false
main: main:
anonymous: true
lazy: true lazy: true
provider: app_user_provider provider: app_user_provider
guard: guard:

6
src/Controller/RegistrationController.php
View file

@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Mime\Address; use Symfony\Component\Mime\Address;
use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface; use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
@ -27,7 +27,7 @@ class RegistrationController extends AbstractController
} }
#[Route('/register', name: 'app_register')] #[Route('/register', name: 'app_register')]
public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder, GuardAuthenticatorHandler $guardHandler, AppAuthenticator $authenticator): Response public function register(Request $request, UserPasswordHasherInterface $passwordHasher, GuardAuthenticatorHandler $guardHandler, AppAuthenticator $authenticator): Response
{ {
$user = new User(); $user = new User();
$form = $this->createForm(RegistrationFormType::class, $user); $form = $this->createForm(RegistrationFormType::class, $user);
@ -36,7 +36,7 @@ class RegistrationController extends AbstractController
if ($form->isSubmitted() && $form->isValid()) { if ($form->isSubmitted() && $form->isValid()) {
// encode the plain password // encode the plain password
$user->setPassword( $user->setPassword(
$passwordEncoder->encodePassword( $passwordHasher->encodePassword(
$user, $user,
$form->get('plainPassword')->getData() $form->get('plainPassword')->getData()
) )

6
src/Controller/ResetPasswordController.php
View file

@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Mailer\MailerInterface; use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Mime\Address; use Symfony\Component\Mime\Address;
use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait; use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface; use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface; use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
@ -71,7 +71,7 @@ class ResetPasswordController extends AbstractController
* Validates and process the reset URL that the user clicked in their email. * Validates and process the reset URL that the user clicked in their email.
*/ */
#[Route('/reset/{token}', name: 'app_reset_password')] #[Route('/reset/{token}', name: 'app_reset_password')]
public function reset(Request $request, UserPasswordEncoderInterface $passwordEncoder, string $token = null): Response public function reset(Request $request, UserPasswordHasherInterface $passwordHasher, string $token = null): Response
{ {
if ($token) { if ($token) {
// We store the token in session and remove it from the URL, to avoid the URL being // We store the token in session and remove it from the URL, to avoid the URL being
@ -106,7 +106,7 @@ class ResetPasswordController extends AbstractController
$this->resetPasswordHelper->removeResetRequest($token); $this->resetPasswordHelper->removeResetRequest($token);
// Encode the plain password, and set it. // Encode the plain password, and set it.
$encodedPassword = $passwordEncoder->encodePassword( $encodedPassword = $passwordHasher->encodePassword(
$user, $user,
$form->get('plainPassword')->getData() $form->get('plainPassword')->getData()
); );

10
src/Security/AppAuthenticator.php
View file

@ -8,7 +8,7 @@ use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Core\Security;
@ -29,14 +29,14 @@ class AppAuthenticator extends AbstractFormLoginAuthenticator implements Passwor
private $entityManager; private $entityManager;
private $urlGenerator; private $urlGenerator;
private $csrfTokenManager; private $csrfTokenManager;
private $passwordEncoder; private $passwordHasher;
public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder) public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordHasherInterface $passwordHasher)
{ {
$this->entityManager = $entityManager; $this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator; $this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager; $this->csrfTokenManager = $csrfTokenManager;
$this->passwordEncoder = $passwordEncoder; $this->passwordHasher = $passwordHasher;
} }
public function supports(Request $request) public function supports(Request $request)
@ -79,7 +79,7 @@ class AppAuthenticator extends AbstractFormLoginAuthenticator implements Passwor
public function checkCredentials($credentials, UserInterface $user) public function checkCredentials($credentials, UserInterface $user)
{ {
return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); return $this->passwordHasher->isPasswordValid($user, $credentials['password']);
} }
/** /**