将现有用户和密码迁移到新的Symfony / sfDoctrineGuard用户系统 [英] Migrating Existing Users and Passwords to new Symfony/sfDoctrineGuard User System
问题描述
我正在从事本网站的版本2时间使用Symfony,与Doctrine。新版本正常工作,我正在使用sfDoctrineGuard插件进行用户管理。
我想将现有用户迁移到新应用程序中最小的,保留现有的用户名和密码。我的主要问题是,我想更改我使用的密码哈希。
当前网站使用无密码的MD5散列密码 * 。我已经弄清楚如何将用户迁移到Symfony / sfDoctrineGuard,同时保持现有的算法(通过为未加密的MD5提供我自己的算法功能)。但是,未加密的md5显然不是理想的。
所以 - 我的问题是,给了一大堆用户,我可以使用我的自定义plain-MD5密码哈希算法成功迁移到sfDoctrineGuard用户,是否有任何方法,我可以转换这些用户,使他们使用标准的盐酸SHA1 sfDoctrineGuard算法?
我想我每个用户只能在每个用户登录时才能做到这一点,因为这是唯一的一次,将具有用户的明文密码进行重新哈希。我想我需要做的是在这个用户刚刚使用此密码登录的地方挂钩,所以我可以将用户的算法,盐和密码设置为新的SHA1系统,并将用户保存回数据库没有他们甚至知道它。
我已经挖了一点,我无法找出一种方法来覆盖或挂接到sfDoctrineGuard(具体来说sfGuardSecurityUser,我想?)登录系统在正确的点。嗯,不是没有黑客实际的插件文件,这似乎是邪恶的。
任何Symfony / sfDoctrineGuard专家可以指出我的方向正确吗?
*不要这样看着我,这是我的第一个网站!至少我没有存储他们的明文...
你有很多选择来解决你的
您可以重载或更改sfDoctrineGuardPlugin中的所有内容。
如果您需要更改sfGuardSecurityUser中的某些内容,您可以在应用程序的User类(实际扩展sfGuardSecurityUser)中执行此操作。
还可以将默认情况下的模型类重载到lib / model / doctrine / sfDoctrineGuardPlugin目录中。
您还可以扩展默认保护模式。例如,您可以添加一个字段,告诉您用户是否更改了密码,如果没有更改密码则更新它。
最后,您可以实现自定义密码检查和设置算法:
http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin?tab=plugin_readme (滚动到使用外部方法检查用户密码和更改用于存储密码的算法)。
I have an existing, non-framework-based PHP/MySQL website. It has a simple security model, with a users table with usernames and hashed (MD5) passwords.
I'm currently working on "version 2" of this site, this time using Symfony, with Doctrine. The new version is working fine, and I'm using the sfDoctrineGuard plugin for my user management.
I'd like to migrate my existing users into the new app with the minimum of fuss, retaining their existing usernames and passwords. My main problem, though, is that I'd like to change the password hash I'm using.
The current site uses unsalted MD5 hashes of the passwords*. I've already figured out how to migrate users to Symfony/sfDoctrineGuard while maintaining the existing algorithm (by providing my own "algorithm" function for unsalted MD5.) But unsalted md5 obviously isn't ideal.
So -- my question is, given a bunch of users that I can successfully migrate into sfDoctrineGuard users with my custom plain-MD5 password hashing algorithm, is there any way I can then transform those users so they use the standard, salted SHA1 sfDoctrineGuard algorithm?
I figure I'll only be able to do this per-user as each user logs in, as that's the only time I'll have the user's plaintext password for re-hashing. I guess what I need to do is hook into something at the "this user just successfully logged in with this password" point so I can then set the user's algorithm, salt and password to the new SHA1 system, and save the user back to the database without them even knowing about it.
I've dug around a bit and I can't figure out a way to override or hook into the sfDoctrineGuard (specifically sfGuardSecurityUser, I think?) login system at the right point. Well, not without hacking around with the actual plugin files, which seems evil.
Can any Symfony/sfDoctrineGuard experts out there point me in the right direction?
*Don't look at me like that, it was my first website! And at least I didn't store them plaintext...
You have plenty of options to solve your issues.
You're able to overload or change almost everything in sfDoctrineGuardPlugin.
If you need to change something in sfGuardSecurityUser than you can do it in your application's User class (which actually extends sfGuardSecurityUser).
It's also possible to overload model classes which are by default put into lib/model/doctrine/sfDoctrineGuardPlugin directory.
You can extend default guard schema as well. You could for example add a field telling you if user changed the password and update it if he didn't.
Finally you're able to implement your custom password checking and setting algorithm: http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin?tab=plugin_readme (scroll to "Check the user password with an external method" and "Change the algorithm used to store passwords").
这篇关于将现有用户和密码迁移到新的Symfony / sfDoctrineGuard用户系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
