Symfony2创建自己的编码器来存储密码 [英] Symfony2 create own encoder for storing password

查看:147
本文介绍了Symfony2创建自己的编码器来存储密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是Symfony2的新手,我可能有一个关于在我的数据库中编码用户密码的简单问题。



我想编码并存储在数据库中我的用户密码是这样的:

  encoded_pa​​ssword = salt。 sha1(salt。raw_password)

我发现了各种编码器(sha1,sha512,明文)在我的数据库raw_password {salt}中看到明文,但我仍然不熟悉Symfony2中的signin / login / getSalt()方法。



如果可以的话(请假设我不想使用现有的UserManagement包,我想自己创建),那真是太棒了!



谢谢

编辑:



我可以在我的signinAction()中做到这一点:

  $ salt = substr(md5(time()),0,10); 
$ pwd = $ encoder-> encodePassword($ user-> getPassword(),$ salt);
$ user-> setPassword($ salt。$ pwd);

我可以在我的getSalt()中做到这一点:

  return substr($ this-> password,0,10); 

但是我现在只有在我的loginAction()中:(请参阅:http://symfony.com/doc/current/book/security.html

  // src / Acme / SecurityBundle / Controller / Main; 
命名空间Acme\SecurityBundle\Controller;

使用Symfony \ Bundle \ FrameworkBundle \Controller\Controller;
使用Symfony \ Component \Security\Core\SecurityContext;

class SecurityController extends Controller
{
public function loginAction()
{
$ request = $ this-> getRequest();
$ session = $ request-> getSession();

//如果有一个
,则获取登录错误if($ request-> attributes-> has(SecurityContext :: AUTHENTICATION_ERROR)){
$ error = $请求 - >属性 - >获得(SecurityContext的:: AUTHENTICATION_ERROR);
} else {
$ error = $ session-> get(SecurityContext :: AUTHENTICATION_ERROR);

$ b return $ this-> render('AcmeSecurityBundle:Security:login.html.twig',array(
//用户输入的最后一个用户名
'last_username'=> $ session-> get(SecurityContext :: LAST_USERNAME),
'error'=> $ error,
));


$ / code>

如何告诉Symfony2在以我需要的方式登录操作? (可以做编码(密码,盐),而不是salt.encode(密码,盐)

解决方案

必须创建并添加一个新的服务,将其添加到您的套件中,并说明首先你必须实现你的自己的密码编码器

  namespace Acme\TestBundle\Service; 

使用Symfony \ Component \Security\Core\Encoder\PasswordEncoderInterface;

class Sha256Salted implements PasswordEncoderInterface
{

public function encodePassword($ raw,$ salt)
{
return hash('sha256',$ salt。 $ raw

$ public function isPasswordValid($ encoded,$ raw,$ salt)
{
return $ encoded = == $ this-> encodePassword($ raw,$ salt );
}

}

然后您将添加服务定义,并且您希望为类用户指定使用自定义编码器。在 TestBundle / Resources / config / services.yml 中添加自定义编码器:

 服务:
sha256salted_encoder:
class:Acme\TestBundle\Service\Sha256Salted

和在 app / config / security.yml 中,您可以将您的自定义类指定为默认编码器(对于 Acme \TestBundle\Entity\User ):

 编码器:
Acme\TestBundle\Entity\User:
id: acme.test.sha256salted_encoder

当然,盐在密码加密中起着核心作用。盐是独一无二的,并为每个用户储存。类 User 可以使用YAML注释自动生成(当然,表格应该包含用户名,密码,salt等字段)并且应该实现 UserInterface



最后,您可以在创建新的 Acme \时使用它(控制器代码) TestBundle \Entity\User

  //添加一个新用户
$ user = new User();
$ user-> setUsername ='username';
$ user-> setSalt(uniqid(mt_rand())); //用户

//设置加密密码
$编码器= $ this->容器 - > get('acme.test.sha256salted_encoder')
- > getEncoder($用户);
$ password = $ encoder-> encodePassword('MyPass',$ user-> getSalt());
$ user-> setPassword($ password);


I'm new to Symfony2 and I have maybe a simple question about encoding my user passwords in my DB.

I'd like to encode and store in DB my users' password that way:

encoded_password = salt . sha1 ( salt . raw_password )

I've found various encoders (sha1, sha512, plaintext), I saw that with plaintext I have in my DB raw_password{salt} but I'm still not comfortable with signin/login/getSalt() method in Symfony2.

If you could give me a lift on that (please, assume I do not want to use an existing bundle for UserManagement, I'd like to make my own) it would be AWESOME!

Thanks

EDIT:

I could do that in my signinAction():

$salt = substr(md5(time()),0,10);
$pwd = $encoder->encodePassword($user->getPassword(), $salt);
$user->setPassword($salt.$pwd);

I could do that in my getSalt():

return substr($this->password,0,10);

But I currently have only that in my loginAction(): (see here: http://symfony.com/doc/current/book/security.html)

// src/Acme/SecurityBundle/Controller/Main;
namespace Acme\SecurityBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;

class SecurityController extends Controller
{
    public function loginAction()
    {
        $request = $this->getRequest();
        $session = $request->getSession();

        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
        }

        return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        ));
    }
}

How can I tell Symfony2 to check the password during the login action the way I need? (curently doing encode(password,salt) and not salt.encode(password,salt)

解决方案

To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User class will use it. First you have to implement your own password encoder:

namespace Acme\TestBundle\Service;

use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

class Sha256Salted implements PasswordEncoderInterface
{

    public function encodePassword($raw, $salt)
    {
        return hash('sha256', $salt . $raw); // Custom function for password encrypt
    }

    public function isPasswordValid($encoded, $raw, $salt)
    {
        return $encoded === $this->encodePassword($raw, $salt);
    }

}

Then you'll add the service definition and you want to specify to use your custom encoder for the class User. In TestBundle/Resources/config/services.yml you add custom encoder:

services:
    sha256salted_encoder:
        class: Acme\TestBundle\Service\Sha256Salted

and in app/config/security.yml you can therefore specify your custom class as default encoder (for Acme\TestBundle\Entity\User class):

 encoders:
   Acme\TestBundle\Entity\User:
     id: acme.test.sha256salted_encoder

Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface.

Finally you can use it (controller code) when you have to create a new Acme\TestBundle\Entity\User:

// Add a new User
$user = new User();
$user->setUsername = 'username';
$user->setSalt(uniqid(mt_rand())); // Unique salt for user

// Set encrypted password
$encoder = $this->container->get('acme.test.sha256salted_encoder')
  ->getEncoder($user);
$password = $encoder->encodePassword('MyPass', $user->getSalt());
$user->setPassword($password);

这篇关于Symfony2创建自己的编码器来存储密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆