我正在升级一个旧的应用程序,以在后端使用Symfony(v4),但我一直在尝试使身份验证功能起作用。我的数据库为用户存储了哈希密码和盐,密码使用了crypt
php函数。我还在使用lexik JWT捆绑包,试图将令牌返回到前端。
除了symfony / lexik的“不良凭证”之外,我无法获得其他答复。
我认为,我的问题根源于编码器部分,我试图实现自定义密码编码器,因为crypt根据PHP文档使用了经过修改的DES算法,并且在我的security.yaml中使用以下命令无效。
encoders:
App\Entity\DB_1\User:
algorithm: DES
这是我完整的security.yaml
security.yaml
security:
encoders:
App\Entity\DB_1\User:
id: 'App\Security\MyPasswordEncoder'
providers:
entity_provider:
entity:
class: App\Entity\MetallicBonds\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login
stateless: true
anonymous: true
json_login:
check_path: /login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
register:
pattern: ^/register
stateless: true
anonymous: true
api:
pattern: ^/test
stateless: true
anonymous: false
provider: entity_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/test, roles: IS_AUTHENTICATED_FULLY }
和我的自定义密码编码器 MyPasswordEncoder.php
namespace App\Security;
use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
class MyPasswordEncoder extends BasePasswordEncoder implements
PasswordEncoderInterface
{
private $ignorePasswordCase;
public function __construct($ignorePasswordCase = false)
{
$this->ignorePasswordCase = $ignorePasswordCase;
}
public function encodePassword($raw, $salt)
{
// TODO: Implement encodePassword() method.
return crypt($raw,$salt);
}
public function isPasswordValid($encoded, $raw, $salt)
{
// TODO: Implement isPasswordValid() method.
if ($this->isPasswordTooLong($raw)) {
return false;
}
try {
$pass2 = $this->encodePassword($raw, $salt);
} catch (BadCredentialsException $e) {
return false;
}
if (!$this->ignorePasswordCase) {
return $this->comparePasswords($encoded, $pass2);
}
return $this->comparePasswords(strtolower($encoded), strtolower($pass2));
}
}
我想至少暂时不使用当前存储的密码,因此对于最终用户而言,从旧系统到新系统的更改将很顺利。有人在Symfony 4上使用自定义密码编码器成功了吗?
我应该注意,当我在MyPasswordEncoder.php中放置xdebug断点时,它永远不会停止应用程序,是否还有其他地方需要注册该类才能让Symfony使用它?
答案 0 :(得分:0)
这是我的security.yaml
security:
encoders:
App\Entity\User:
id: 'App\Security\Encoder\MyCustomPasswordEncoder'
这是我的代码
namespace App\Security\Encoder;
use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
class MyCustomPasswordEncoder extends BasePasswordEncoder
{
private $algorithm;
private $encodeHashAsBase64;
private $iterations;
/**
* @param string $algorithm The digest algorithm to use
* @param bool $encodeHashAsBase64 Whether to base64 encode the password hash
* @param int $iterations The number of iterations to use to stretch the password hash
*/
public function __construct(string $algorithm = 'sha1', bool $encodeHashAsBase64 = false, int $iterations = 0)
{
$this->algorithm = $algorithm;
$this->encodeHashAsBase64 = $encodeHashAsBase64;
$this->iterations = $iterations;
}
/**
* {@inheritdoc}
*/
public function encodePassword($raw, $salt)
{
if ($this->isPasswordTooLong($raw)) {
throw new BadCredentialsException('Invalid password.');
}
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
//$salted = $this->mergePasswordAndSalt($raw, $salt);
$salted = $salt.$raw;
$digest = hash($this->algorithm, $salted, true);
// "stretch" hash
for ($i = 1; $i < $this->iterations; ++$i) {
$digest = hash($this->algorithm, $digest.$salted, true);
}
return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}
/**
* {@inheritdoc}
*/
public function isPasswordValid($encoded, $raw, $salt)
{
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}
}
代码正确运行。旧代码是symfony 1.4。