Permalink
Browse files

minor #3858 Clarified Password Encoders example (WouterJ)

This PR was merged into the 2.3 branch.

Discussion
----------

Clarified Password Encoders example

This replaces #3618

| Q   | A
| --- | ---
| Doc fix? | yes
| New docs? | no
| Applies to | all
| Ficket tickets | -

Commits
-------

02f072a Applied comments
17999cf Wrong parameters order and wrong naming
  • Loading branch information...
weaverryan committed May 27, 2014
2 parents 663d68c + 02f072a commit 3792fee4a18cc1b411ca02c4909534e17ee22593
Showing with 21 additions and 7 deletions.
  1. +21 −7 components/security/authentication.rst
@@ -237,21 +237,35 @@ method of the password encoder factory is called with the user object as
its first argument, it will return an encoder of type :class:`Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface`
which should be used to encode this user's password::
// fetch a user of type Acme\Entity\LegacyUser
$user = ...
// a Acme\Entity\LegacyUser instance
$user = ...;
// the password that was submitted, e.g. when registering
$plainPassword = ...;
$encoder = $encoderFactory->getEncoder($user);
// will return $weakEncoder (see above)
$encodedPassword = $encoder->encodePassword($plainPassword, $user->getSalt());
$user->setPassword($encodedPassword);
$encodedPassword = $encoder->encodePassword($password, $user->getSalt());
// ... save the user
// check if the password is valid:
Now, when you want to check if the submitted password (e.g. when trying to log
in) is correct, you can use::
// fetch the Acme\Entity\LegacyUser
$user = ...;
// the submitted password, e.g. from the login form
$plainPassword = ...;
$validPassword = $encoder->isPasswordValid(
$user->getPassword(),
$password,
$user->getSalt());
$user->getPassword(), // the encoded password
$plainPassword, // the submitted password
$user->getSalt()
);
.. _`CVE-2013-5750`: http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
.. _`BasePasswordEncoder::checkPasswordLength`: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php

0 comments on commit 3792fee

Please sign in to comment.