为什么 isPasswordValid() 函数总是返回 false?
[英]Why isPasswordValid() function always return false?
问题描述
I am working on a simple reset password system with Symfony4.
我正在使用 Symfony4 开发一个简单的重置密码系统。
I don't know why isPasswordValid() always return false ?我不知道为什么isPasswordValid()总是返回false ?
I am using Bcrypt to Hash the password Here is some code of Security.yaml :我正在使用Bcrypt对密码进行哈希处理这是 Security.yaml 的一些代码:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
I don't know why isPasswordValid() Always returns false.我不知道为什么isPasswordValid()总是返回 false。 I manually tried this:我手动试过这个:
$pass="000000000";
dump($encoder->isPasswordValid($user, $pass));
die();
and it dump false..它转储错误..
Here is the function I wrote on the controller:这是我在控制器上写的函数:
/**
* @Route("/password", name="change_pass", methods={"GET","POST"})
* @IsGranted("ROLE_USER")
*/
public function edit(Request $request,UserPasswordEncoderInterface $encoder): Response
{
$user = $this->getUser();
$form = $this->createForm(ResetPassType::class, $user);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$oldPassword = $request->request->get('reset_pass')['oldPassword'];
$newPassword = $user->getPassword();
if ($encoder->isPasswordValid($user, $oldPassword)) {
$hash = $encoder->encodePassword($user,$newPassword);
$user->setPassword($hash);
$this->getDoctrine()->getManager()->flush();
$this->addFlash('success', 'Your password is succesfully changed');
}else {
$this->addFlash('fail', 'old password is wrong');
}
}
$this->getDoctrine()->getManager()->refresh($user);
return $this->render('consultant/changepass.html.twig', [
'form' => $form->createView(),
]);
}
Here is the form ResetPassType :这是 ResetPassType 的形式:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('oldPassword', PasswordType::class, [
'mapped' => false,])
->add('password',PasswordType::class)
;
}
2 个解决方案
解决方案1
3 已采纳 2020-09-04 08:16:51
Short answer: you are using the new password as the old password's hash.简短回答:您使用新密码作为旧密码的哈希值。
Explanation:解释:
I guess you bound your form to your user class.我猜您将表单绑定到您的用户类。 The password field in your form is mapped , meaning it updates your user's password property.您表单中的password字段是映射的,这意味着它会更新您用户的password属性。
Therefore, as the property should contain the hash of the "old password" but contains your new password, it can't validate.因此,由于该属性应包含“旧密码”的哈希值但包含您的新密码,因此无法验证。
Solution and improvements:解决方案和改进:
The quickest solution would be to "unmap" the password field or to remove the data_class form option, and to replace a line in your controller:最快的解决方案是“取消映射” password字段或删除data_class表单选项,并替换控制器中的一行:
// before: $newPassword = $user->getPassword();
$newPassword = $form->get('password')->getData();
I'd suggest to:我建议:
- unbind the form to your user class将表单与您的用户类解除绑定
- use the UserPassword validation constraint for your
oldPasswordfield对oldPassword字段使用UserPassword验证约束 - fetch the form data using
$form->getData()instead of accessing the$requestmanually使用$form->getData()获取表单数据,而不是手动访问$request
解决方案2
0 2020-09-04 13:44:06
You will change your form because if you keep the field password, the password of the user will be changed by form too, so the right way is :您将更改您的表单,因为如果您保留字段密码,用户的密码也会被表单更改,因此正确的方法是:
-in your Form : - 在您的表格中:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('oldPassword', PasswordType::class, [
'mapped' => false,])
->add('newPassword',PasswordType::class, [
'mapped' => false,])
;
}
and then in your controller change the way you get the new password然后在您的控制器中更改获取新密码的方式
$oldPassword = $request->request->get('reset_pass')['oldPassword'];
$newPassword = $request->request->get('reset_pass')['newPassword'];
Have fun :)玩得开心 :)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.