使用REST API密码更改的FosUserBundle-Symfony 4

Question

Posted this on github issues but actually it probably belongs here.

I am steadily upgrading a Symfony app to S4, and have hit a bit of a roadblock with regards to changing passwords via a REST API.

The current controller I have essentially steals from the FosUserBundle one ( ChangePasswordController.php ) with a couple of changes, notably disabling csrf and of course returning a json response rather than rendering a template.

With the new changes in S4 I get service errors as expected but, unfortunately, these don't seem to be fixable with Dependency Injection. The one that errors out is FOS\\UserBundle\\Form\\Factory\\FactoryInterface - I get 'cannot autowire service'.

I understand that this is not going to change, but I also am keen to find a way forward. What would be the recommended way to update a user password via REST API going forward?

My idea so far is to:

1. Take the plain 'current' password, hash it using the same mechanism as the bundle and compare the hashes to make sure the correct password was entered in the first place.
2. Compare the two plain 'new' passwords, make sure they match, then use the UserManager to setPlainPassword

Is this a bad way to go?

Answer 1

Symfony 4 Method

UserController.php

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;

use Symfony\Component\HttpFoundation\Request;

use Symfony\Component\HttpFoundation\Response;

use Symfony\Component\Routing\Annotation\Route;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;

use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;

class UserController extends Controller {

...


    public function appUsersPasswordChange(Request $request, UserPasswordEncoderInterface $encoder){
        $user = $this->getUser();

        $currentPassword = $request->request->get('current_password');
        /* Checking current user password with given password param from $reqest */
        $passwordValid = $encoder->isPasswordValid($user,$currentPassword );
        if($passwordValid){
            ($request->request->get('new_password')) ? $user->setPassword($encoder->encodePassword($user, $request->request->get('new_password'))) : '';        
            $this->em->persist($user);
            $this->em->flush();
        }else{
            return $this->errorResponse('Mismatch current password', $passwordValid );
        }
        return $this->successResponse('Successfully changed password', $passwordValid );
    }

...

}