Symfony2 创建自己的编码器来存储密码 [英] Symfony2 create own encoder for storing password
问题描述
我是 Symfony2 的新手,我可能有一个关于在我的数据库中编码我的用户密码的简单问题.
我想以这种方式对我的用户密码进行编码并存储在数据库中:
encoded_password = salt .sha1(盐.raw_password)
我找到了各种编码器(sha1、sha512、明文),我在我的数据库 raw_password{salt} 中看到了明文,但我仍然对 Symfony2 中的 signin/login/getSalt() 方法不满意.
如果你能帮我解决这个问题(请假设我不想使用现有的用户管理包,我想制作我自己的包)那就太棒了!
谢谢
我可以在我的 signinAction() 中做到这一点:
$salt = substr(md5(time()),0,10);$pwd = $encoder->encodePassword($user->getPassword(), $salt);$user->setPassword($salt.$pwd);
我可以在我的 getSalt() 中做到这一点:
return substr($this->password,0,10);
但我目前在我的 loginAction() 中只有那个:(见这里:http://symfony.com/doc/current/book/security.html)
//src/Acme/SecurityBundle/Controller/Main;命名空间 AcmeSecurityBundleController;使用 SymfonyBundleFrameworkBundleControllerController;使用 SymfonyComponentSecurityCoreSecurityContext;类 SecurityController 扩展控制器{公共函数 loginAction(){$request = $this->getRequest();$session = $request->getSession();//如果有,则获取登录错误if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);} 别的 {$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);}return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(//用户最后输入的用户名'last_username' =>$session->get(SecurityContext::LAST_USERNAME),'错误' =>$错误,));}}
我如何告诉 Symfony2 在登录操作期间按照我需要的方式检查密码?(目前在做 encode(password,salt) 而不是 salt.encode(password,salt)
为了简单起见:您必须创建并添加一个新的 Service,将其添加到您的包中,并指定 User
类将使用它.首先,您必须实现自己的密码编码器:
命名空间 AcmeTestBundleService;使用 SymfonyComponentSecurityCoreEncoderPasswordEncoderInterface;类 Sha256Salted 实现 PasswordEncoderInterface{公共函数 encodePassword($raw, $salt){return hash('sha256', $salt . $raw);//自定义密码加密函数}公共函数 isPasswordValid($encoded, $raw, $salt){返回 $encoded === $this->encodePassword($raw, $salt);}}
然后,您将添加服务定义,并且您希望为 User
类指定使用您的自定义编码器.在 TestBundle/Resources/config/services.yml 中添加自定义编码器:
服务:sha256salted_encoder:类:AcmeTestBundleServiceSha256Salted
并且在 app/config/security.yml 中,您可以将自定义类指定为默认编码器(对于 AcmeTestBundleEntityUser
类):>
编码器:AcmeTestBundleEntityUser:id: acme.test.sha256salted_encoder
当然,盐在密码加密中起着核心作用.Salt 是唯一的,并为每个用户存储.类 User
可以使用 YAML 注释自动生成(表应该——当然——包含字段用户名、密码、salt 等)并且应该实现 UserInterface
.>
最后,当你必须创建一个新的AcmeTestBundleEntityUser
时,你可以使用它(控制器代码):
//添加一个新用户$user = 新用户();$user->setUsername = '用户名';$user->setSalt(uniqid(mt_rand()));//用户唯一的盐//设置加密密码$encoder = $this->container->get('acme.test.sha256salted_encoder')->getEncoder($user);$password = $encoder->encodePassword('MyPass', $user->getSalt());$user->setPassword($password);
I'm new to Symfony2 and I have maybe a simple question about encoding my user passwords in my DB.
I'd like to encode and store in DB my users' password that way:
encoded_password = salt . sha1 ( salt . raw_password )
I've found various encoders (sha1, sha512, plaintext), I saw that with plaintext I have in my DB raw_password{salt} but I'm still not comfortable with signin/login/getSalt() method in Symfony2.
If you could give me a lift on that (please, assume I do not want to use an existing bundle for UserManagement, I'd like to make my own) it would be AWESOME!
Thanks
EDIT:
I could do that in my signinAction():
$salt = substr(md5(time()),0,10);
$pwd = $encoder->encodePassword($user->getPassword(), $salt);
$user->setPassword($salt.$pwd);
I could do that in my getSalt():
return substr($this->password,0,10);
But I currently have only that in my loginAction(): (see here: http://symfony.com/doc/current/book/security.html)
// src/Acme/SecurityBundle/Controller/Main;
namespace AcmeSecurityBundleController;
use SymfonyBundleFrameworkBundleControllerController;
use SymfonyComponentSecurityCoreSecurityContext;
class SecurityController extends Controller
{
public function loginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
));
}
}
How can I tell Symfony2 to check the password during the login action the way I need? (curently doing encode(password,salt) and not salt.encode(password,salt)
To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User
class will use it. First you have to implement your own password encoder:
namespace AcmeTestBundleService;
use SymfonyComponentSecurityCoreEncoderPasswordEncoderInterface;
class Sha256Salted implements PasswordEncoderInterface
{
public function encodePassword($raw, $salt)
{
return hash('sha256', $salt . $raw); // Custom function for password encrypt
}
public function isPasswordValid($encoded, $raw, $salt)
{
return $encoded === $this->encodePassword($raw, $salt);
}
}
Then you'll add the service definition and you want to specify to use your custom encoder for the class User
. In TestBundle/Resources/config/services.yml you add custom encoder:
services:
sha256salted_encoder:
class: AcmeTestBundleServiceSha256Salted
and in app/config/security.yml you can therefore specify your custom class as default encoder (for AcmeTestBundleEntityUser
class):
encoders:
AcmeTestBundleEntityUser:
id: acme.test.sha256salted_encoder
Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User
can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface
.
Finally you can use it (controller code) when you have to create a new AcmeTestBundleEntityUser
:
// Add a new User
$user = new User();
$user->setUsername = 'username';
$user->setSalt(uniqid(mt_rand())); // Unique salt for user
// Set encrypted password
$encoder = $this->container->get('acme.test.sha256salted_encoder')
->getEncoder($user);
$password = $encoder->encodePassword('MyPass', $user->getSalt());
$user->setPassword($password);
这篇关于Symfony2 创建自己的编码器来存储密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!