Symfony4自定义密码编码器

时间:2018-07-17 13:54:23

标签: php symfony authentication symfony4 lexikjwtauthbundle

我正在升级一个旧的应用程序,以在后端使用Symfony(v4),但我一直在尝试使身份验证功能起作用。我的数据库为用户存储了哈希密码和盐,密码使用了crypt php函数。我还在使用lexik JWT捆绑包,试图将令牌返回到前端。

除了symfony / lexik的“不良凭证”之外,我无法获得其他答复。

认为,我的问题根源于编码器部分,我试图实现自定义密码编码器,因为crypt根据PHP文档使用了经过修改的DES算法,并且在我的security.yaml中使用以下命令无效。

encoders:
App\Entity\DB_1\User:
    algorithm: DES

这是我完整的security.yaml

security.yaml

security:
encoders:
    App\Entity\DB_1\User:
        id: 'App\Security\MyPasswordEncoder'

providers:
    entity_provider:
        entity:
            class: App\Entity\MetallicBonds\User
            property: username

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern:  ^/login
        stateless: true
        anonymous: true
        json_login:
            check_path: /login_check
            success_handler: lexik_jwt_authentication.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure

    register:
        pattern:  ^/register
        stateless: true
        anonymous: true

    api:
        pattern:  ^/test
        stateless: true
        anonymous: false
        provider: entity_provider
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator

access_control:
    - { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/test, roles: IS_AUTHENTICATED_FULLY }

和我的自定义密码编码器 MyPasswordEncoder.php

namespace App\Security;

use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;

class MyPasswordEncoder extends BasePasswordEncoder implements  
PasswordEncoderInterface
{
private $ignorePasswordCase;

public function __construct($ignorePasswordCase = false)
{
    $this->ignorePasswordCase = $ignorePasswordCase;
}

public function encodePassword($raw, $salt)
{
    // TODO: Implement encodePassword() method.
    return crypt($raw,$salt);
}

public function isPasswordValid($encoded, $raw, $salt)
{
    // TODO: Implement isPasswordValid() method.
    if ($this->isPasswordTooLong($raw)) {
        return false;
    }

    try {
        $pass2 = $this->encodePassword($raw, $salt);
    } catch (BadCredentialsException $e) {
        return false;
    }

    if (!$this->ignorePasswordCase) {
        return $this->comparePasswords($encoded, $pass2);
    }

    return $this->comparePasswords(strtolower($encoded), strtolower($pass2));
}
}

我想至少暂时不使用当前存储的密码,因此对于最终用户而言,从旧系统到新系统的更改将很顺利。有人在Symfony 4上使用自定义密码编码器成功了吗?

我应该注意,当我在MyPasswordEncoder.php中放置xdebug断点时,它永远不会停止应用程序,是否还有其他地方需要注册该类才能让Symfony使用它?

1 个答案:

答案 0 :(得分:0)

这是我的security.yaml security: encoders: App\Entity\User: id: 'App\Security\Encoder\MyCustomPasswordEncoder'

这是我的代码

namespace App\Security\Encoder;


use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;

class MyCustomPasswordEncoder extends BasePasswordEncoder
{

private $algorithm;
private $encodeHashAsBase64;
private $iterations;

/**
 * @param string $algorithm          The digest algorithm to use
 * @param bool   $encodeHashAsBase64 Whether to base64 encode the password hash
 * @param int    $iterations         The number of iterations to use to stretch the password hash
 */
public function __construct(string $algorithm = 'sha1', bool $encodeHashAsBase64 = false, int $iterations = 0)
{
    $this->algorithm = $algorithm;
    $this->encodeHashAsBase64 = $encodeHashAsBase64;
    $this->iterations = $iterations;
}

/**
 * {@inheritdoc}
 */
public function encodePassword($raw, $salt)
{
    if ($this->isPasswordTooLong($raw)) {
        throw new BadCredentialsException('Invalid password.');
    }

    if (!in_array($this->algorithm, hash_algos(), true)) {
        throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
    }

    //$salted = $this->mergePasswordAndSalt($raw, $salt);
    $salted = $salt.$raw;
    $digest = hash($this->algorithm, $salted, true);

    // "stretch" hash
    for ($i = 1; $i < $this->iterations; ++$i) {
        $digest = hash($this->algorithm, $digest.$salted, true);
    }

    return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}

/**
 * {@inheritdoc}
 */
public function isPasswordValid($encoded, $raw, $salt)
{
    return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}

}

代码正确运行。旧代码是symfony 1.4。