Symfony2创建自己的编码器来存储密码 [英] Symfony2 create own encoder for storing password
问题描述
我是Symfony2的新手,我可能有一个关于在我的数据库中编码用户密码的简单问题。
我想编码并存储在数据库中我的用户密码是这样的:
encoded_password = salt。 sha1(salt。raw_password)
我发现了各种编码器(sha1,sha512,明文)在我的数据库raw_password {salt}中看到明文,但我仍然不熟悉Symfony2中的signin / login / getSalt()方法。
如果可以的话(请假设我不想使用现有的UserManagement包,我想自己创建),那真是太棒了!
谢谢
编辑:
我可以在我的signinAction()中做到这一点:
$ salt = substr(md5(time()),0,10);
$ pwd = $ encoder-> encodePassword($ user-> getPassword(),$ salt);
$ user-> setPassword($ salt。$ pwd);
我可以在我的getSalt()中做到这一点:
return substr($ this-> password,0,10);
但是我现在只有在我的loginAction()中:(请参阅:http://symfony.com/doc/current/book/security.html )
// src / Acme / SecurityBundle / Controller / Main;
命名空间Acme\SecurityBundle\Controller;
使用Symfony \ Bundle \ FrameworkBundle \Controller\Controller;
使用Symfony \ Component \Security\Core\SecurityContext;
class SecurityController extends Controller
{
public function loginAction()
{
$ request = $ this-> getRequest();
$ session = $ request-> getSession();
//如果有一个
,则获取登录错误if($ request-> attributes-> has(SecurityContext :: AUTHENTICATION_ERROR)){
$ error = $请求 - >属性 - >获得(SecurityContext的:: AUTHENTICATION_ERROR);
} else {
$ error = $ session-> get(SecurityContext :: AUTHENTICATION_ERROR);
$ b return $ this-> render('AcmeSecurityBundle:Security:login.html.twig',array(
//用户输入的最后一个用户名
'last_username'=> $ session-> get(SecurityContext :: LAST_USERNAME),
'error'=> $ error,
));
$ / code>
如何告诉Symfony2在以我需要的方式登录操作? (可以做编码(密码,盐),而不是salt.encode(密码,盐)
必须创建并添加一个新的服务,将其添加到您的套件中,并说明首先你必须实现你的自己的密码编码器:
namespace Acme\TestBundle\Service;
使用Symfony \ Component \Security\Core\Encoder\PasswordEncoderInterface;
class Sha256Salted implements PasswordEncoderInterface
{
public function encodePassword($ raw,$ salt)
{
return hash('sha256',$ salt。 $ raw
$ public function isPasswordValid($ encoded,$ raw,$ salt)
{
return $ encoded = == $ this-> encodePassword($ raw,$ salt );
}
}
然后您将添加服务定义,并且您希望为类用户
指定使用自定义编码器。在 TestBundle / Resources / config / services.yml 中添加自定义编码器:
服务:
sha256salted_encoder:
class:Acme\TestBundle\Service\Sha256Salted
和在 app / config / security.yml 中,您可以将您的自定义类指定为默认编码器(对于 Acme \TestBundle\Entity\User
):
编码器:
Acme\TestBundle\Entity\User:
id: acme.test.sha256salted_encoder
当然,盐在密码加密中起着核心作用。盐是独一无二的,并为每个用户储存。类 User 可以使用YAML注释自动生成(当然,表格应该包含用户名,密码,salt等字段)并且应该实现
UserInterface
。
最后,您可以在创建新的 Acme \时使用它(控制器代码) TestBundle \Entity\User
:
//添加一个新用户
$ user = new User();
$ user-> setUsername ='username';
$ user-> setSalt(uniqid(mt_rand())); //用户
//设置加密密码
$编码器= $ this->容器 - > get('acme.test.sha256salted_encoder')
- > getEncoder($用户);
$ password = $ encoder-> encodePassword('MyPass',$ user-> getSalt());
$ user-> setPassword($ password);
I'm new to Symfony2 and I have maybe a simple question about encoding my user passwords in my DB.
I'd like to encode and store in DB my users' password that way:
encoded_password = salt . sha1 ( salt . raw_password )
I've found various encoders (sha1, sha512, plaintext), I saw that with plaintext I have in my DB raw_password{salt} but I'm still not comfortable with signin/login/getSalt() method in Symfony2.
If you could give me a lift on that (please, assume I do not want to use an existing bundle for UserManagement, I'd like to make my own) it would be AWESOME!
Thanks
EDIT:
I could do that in my signinAction():
$salt = substr(md5(time()),0,10);
$pwd = $encoder->encodePassword($user->getPassword(), $salt);
$user->setPassword($salt.$pwd);
I could do that in my getSalt():
return substr($this->password,0,10);
But I currently have only that in my loginAction(): (see here: http://symfony.com/doc/current/book/security.html)
// src/Acme/SecurityBundle/Controller/Main;
namespace Acme\SecurityBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;
class SecurityController extends Controller
{
public function loginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
));
}
}
How can I tell Symfony2 to check the password during the login action the way I need? (curently doing encode(password,salt) and not salt.encode(password,salt)
To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User
class will use it. First you have to implement your own password encoder:
namespace Acme\TestBundle\Service;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
class Sha256Salted implements PasswordEncoderInterface
{
public function encodePassword($raw, $salt)
{
return hash('sha256', $salt . $raw); // Custom function for password encrypt
}
public function isPasswordValid($encoded, $raw, $salt)
{
return $encoded === $this->encodePassword($raw, $salt);
}
}
Then you'll add the service definition and you want to specify to use your custom encoder for the class User
. In TestBundle/Resources/config/services.yml you add custom encoder:
services:
sha256salted_encoder:
class: Acme\TestBundle\Service\Sha256Salted
and in app/config/security.yml you can therefore specify your custom class as default encoder (for Acme\TestBundle\Entity\User
class):
encoders:
Acme\TestBundle\Entity\User:
id: acme.test.sha256salted_encoder
Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User
can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface
.
Finally you can use it (controller code) when you have to create a new Acme\TestBundle\Entity\User
:
// Add a new User
$user = new User();
$user->setUsername = 'username';
$user->setSalt(uniqid(mt_rand())); // Unique salt for user
// Set encrypted password
$encoder = $this->container->get('acme.test.sha256salted_encoder')
->getEncoder($user);
$password = $encoder->encodePassword('MyPass', $user->getSalt());
$user->setPassword($password);
这篇关于Symfony2创建自己的编码器来存储密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!