Symfony2创建自己的编码器来存储密码 [英] Symfony2 create own encoder for storing password

问题描述

我是Symfony2的新手，我可能有一个关于在我的数据库中编码用户密码的简单问题。

我想编码并存储在数据库中我的用户密码是这样的：

  encoded_pa​​ssword = salt。 sha1（salt。raw_password）
  

我发现了各种编码器（sha1，sha512，明文）在我的数据库raw_password {salt}中看到明文，但我仍然不熟悉Symfony2中的signin / login / getSalt（）方法。

如果可以的话（请假设我不想使用现有的UserManagement包，我想自己创建），那真是太棒了！

谢谢

编辑：

我可以在我的signinAction（）中做到这一点：

  $ salt = substr（md5（time（）），0,10）; 
 $ pwd = $ encoder-> encodePassword（$ user-> getPassword（），$ salt）; 
 $ user-> setPassword（$ salt。$ pwd）; 
  

我可以在我的getSalt（）中做到这一点：

  return substr（$ this-> password，0,10）; 
  

但是我现在只有在我的loginAction（）中:(请参阅：http://symfony.com/doc/current/book/security.html ）

  // src / Acme / SecurityBundle / Controller / Main; 
命名空间Acme\SecurityBundle\Controller; 
 
使用Symfony \ Bundle \ FrameworkBundle \Controller\Controller; 
使用Symfony \ Component \Security\Core\SecurityContext; 
 
 class SecurityController extends Controller 
 {
 public function loginAction（）
 {
 $ request = $ this-> getRequest（）; 
 $ session = $ request-> getSession（）; 
 
 //如果有一个
，则获取登录错误if（$ request-> attributes-> has（SecurityContext :: AUTHENTICATION_ERROR））{
 $ error = $请求 - >属性 - >获得（SecurityContext的:: AUTHENTICATION_ERROR）; 
} else {
 $ error = $ session-> get（SecurityContext :: AUTHENTICATION_ERROR）; 
 
 $ b return $ this-> render（'AcmeSecurityBundle：Security：login.html.twig'，array（
 //用户输入的最后一个用户名
'last_username'=> $ session-> get（SecurityContext :: LAST_USERNAME），
'error'=> $ error，
））; 
 
 
 $ / code> 

如何告诉Symfony2在以我需要的方式登录操作？ （可以做编码（密码，盐），而不是salt.encode（密码，盐）


解决方案

必须创建并添加一个新的服务，将其添加到您的套件中，并说明首先你必须实现你的自己的密码编码器：

  namespace Acme\TestBundle\Service; 
 
使用Symfony \ Component \Security\Core\Encoder\PasswordEncoderInterface; 
 
 class Sha256Salted implements PasswordEncoderInterface 
 {
 
 public function encodePassword（$ raw，$ salt）
 {
 return hash（'sha256'，$ salt。 $ raw 
 
 $ public function isPasswordValid（$ encoded，$ raw，$ salt）
 {
 return $ encoded = == $ this-> encodePassword（$ raw，$ salt ）; 
} 
 
} 
  

然后您将添加服务定义，并且您希望为类用户指定使用自定义编码器。在 TestBundle / Resources / config / services.yml 中添加自定义编码器：



 服务：
 sha256salted_encoder：
 class：Acme\TestBundle\Service\Sha256Salted 
  

和在 app / config / security.yml 中，您可以将您的自定义类指定为默认编码器（对于 Acme \TestBundle\Entity\User ）：



 编码器：
 Acme\TestBundle\Entity\User：
 id： acme.test.sha256salted_encoder 
  

当然，盐在密码加密中起着核心作用。盐是独一无二的，并为每个用户储存。类 User 可以使用YAML注释自动生成（当然，表格应该包含用户名，密码，salt等字段）并且应该实现 UserInterface 。

最后，您可以在创建新的 Acme \时使用它（控制器代码） TestBundle \Entity\User ：

  //添加一个新用户
 $ user = new User（）; 
 $ user-> setUsername ='username'; 
 $ user-> setSalt（uniqid（mt_rand（）））; //用户
 
 //设置加密密码
 $编码器= $ this->容器 - > get（'acme.test.sha256salted_encoder'）
  - > getEncoder（$用户）; 
 $ password = $ encoder-> encodePassword（'MyPass'，$ user-> getSalt（））; 
 $ user-> setPassword（$ password）; 
  

I'm new to Symfony2 and I have maybe a simple question about encoding my user passwords in my DB.

I'd like to encode and store in DB my users' password that way:

encoded_password = salt . sha1 ( salt . raw_password )

I've found various encoders (sha1, sha512, plaintext), I saw that with plaintext I have in my DB raw_password{salt} but I'm still not comfortable with signin/login/getSalt() method in Symfony2.

If you could give me a lift on that (please, assume I do not want to use an existing bundle for UserManagement, I'd like to make my own) it would be AWESOME!

Thanks

EDIT:

I could do that in my signinAction():

$salt = substr(md5(time()),0,10);
$pwd = $encoder->encodePassword($user->getPassword(), $salt);
$user->setPassword($salt.$pwd);

I could do that in my getSalt():

return substr($this->password,0,10);

But I currently have only that in my loginAction(): (see here: http://symfony.com/doc/current/book/security.html)

// src/Acme/SecurityBundle/Controller/Main;
namespace Acme\SecurityBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;

class SecurityController extends Controller
{
    public function loginAction()
    {
        $request = $this->getRequest();
        $session = $request->getSession();

        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
        }

        return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        ));
    }
}

How can I tell Symfony2 to check the password during the login action the way I need? (curently doing encode(password,salt) and not salt.encode(password,salt)

解决方案

To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User class will use it. First you have to implement your own password encoder:

namespace Acme\TestBundle\Service;

use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

class Sha256Salted implements PasswordEncoderInterface
{

    public function encodePassword($raw, $salt)
    {
        return hash('sha256', $salt . $raw); // Custom function for password encrypt
    }

    public function isPasswordValid($encoded, $raw, $salt)
    {
        return $encoded === $this->encodePassword($raw, $salt);
    }

}

Then you'll add the service definition and you want to specify to use your custom encoder for the class User. In TestBundle/Resources/config/services.yml you add custom encoder:

services:
    sha256salted_encoder:
        class: Acme\TestBundle\Service\Sha256Salted

and in app/config/security.yml you can therefore specify your custom class as default encoder (for Acme\TestBundle\Entity\User class):

 encoders:
   Acme\TestBundle\Entity\User:
     id: acme.test.sha256salted_encoder

Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface.

Finally you can use it (controller code) when you have to create a new Acme\TestBundle\Entity\User:

// Add a new User
$user = new User();
$user->setUsername = 'username';
$user->setSalt(uniqid(mt_rand())); // Unique salt for user

// Set encrypted password
$encoder = $this->container->get('acme.test.sha256salted_encoder')
  ->getEncoder($user);
$password = $encoder->encodePassword('MyPass', $user->getSalt());
$user->setPassword($password);

这篇关于Symfony2创建自己的编码器来存储密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！