[英]Why isPasswordValid() function always return false?
I am working on a simple reset password system with Symfony4.我正在使用 Symfony4 开发一个简单的重置密码系统。
I don't know why isPasswordValid()
always return false ?我不知道为什么
isPasswordValid()
总是返回false ?
I am using Bcrypt to Hash the password Here is some code of Security.yaml :我正在使用Bcrypt对密码进行哈希处理这是 Security.yaml 的一些代码:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
I don't know why isPasswordValid()
Always returns false.我不知道为什么
isPasswordValid()
总是返回 false。 I manually tried this:我手动试过这个:
$pass="000000000";
dump($encoder->isPasswordValid($user, $pass));
die();
and it dump false..它转储错误..
Here is the function I wrote on the controller:这是我在控制器上写的函数:
/**
* @Route("/password", name="change_pass", methods={"GET","POST"})
* @IsGranted("ROLE_USER")
*/
public function edit(Request $request,UserPasswordEncoderInterface $encoder): Response
{
$user = $this->getUser();
$form = $this->createForm(ResetPassType::class, $user);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$oldPassword = $request->request->get('reset_pass')['oldPassword'];
$newPassword = $user->getPassword();
if ($encoder->isPasswordValid($user, $oldPassword)) {
$hash = $encoder->encodePassword($user,$newPassword);
$user->setPassword($hash);
$this->getDoctrine()->getManager()->flush();
$this->addFlash('success', 'Your password is succesfully changed');
}else {
$this->addFlash('fail', 'old password is wrong');
}
}
$this->getDoctrine()->getManager()->refresh($user);
return $this->render('consultant/changepass.html.twig', [
'form' => $form->createView(),
]);
}
Here is the form ResetPassType :这是 ResetPassType 的形式:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('oldPassword', PasswordType::class, [
'mapped' => false,])
->add('password',PasswordType::class)
;
}
Short answer: you are using the new password as the old password's hash.简短回答:您使用新密码作为旧密码的哈希值。
Explanation:解释:
I guess you bound your form to your user class.我猜您将表单绑定到您的用户类。 The
password
field in your form is mapped , meaning it updates your user's password
property.您表单中的
password
字段是映射的,这意味着它会更新您用户的password
属性。
Therefore, as the property should contain the hash of the "old password" but contains your new password, it can't validate.因此,由于该属性应包含“旧密码”的哈希值但包含您的新密码,因此无法验证。
Solution and improvements:解决方案和改进:
The quickest solution would be to "unmap" the password
field or to remove the data_class
form option, and to replace a line in your controller:最快的解决方案是“取消映射”
password
字段或删除data_class
表单选项,并替换控制器中的一行:
// before: $newPassword = $user->getPassword();
$newPassword = $form->get('password')->getData();
I'd suggest to:我建议:
oldPassword
fieldoldPassword
字段使用UserPassword验证约束$form->getData()
instead of accessing the $request
manually$form->getData()
获取表单数据,而不是手动访问$request
You will change your form because if you keep the field password, the password of the user will be changed by form too, so the right way is :您将更改您的表单,因为如果您保留字段密码,用户的密码也会被表单更改,因此正确的方法是:
-in your Form : - 在您的表格中:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('oldPassword', PasswordType::class, [
'mapped' => false,])
->add('newPassword',PasswordType::class, [
'mapped' => false,])
;
}
and then in your controller change the way you get the new password然后在您的控制器中更改获取新密码的方式
$oldPassword = $request->request->get('reset_pass')['oldPassword'];
$newPassword = $request->request->get('reset_pass')['newPassword'];
Have fun :)玩得开心 :)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.