stackoom
  简体   繁体   中英

Sonata Admin: why the password field is not encrypted?

 原文  2014-02-21 01:43:11       php/ mongodb/ symfony/ encryption/ sonata-admin

Question

Using Symfony2, Sonata Admin and mongodb, the application save the fields but the password is not encrypted.

The CRUD work very fine saving the User fields on database, the problem is when loggin i got "Bad Credentials", and when i see the database the password is not encrypted.

I am not using UserBundle,FOSUserBundle.

  1. UserAdmin.php 

     protected function configureFormFields(FormMapper $formMapper) { $formMapper ->add('names', null, array('label' => 'Nombres','required' => true)) ->add('surnames', null, array('label' => 'Apellidos')) ->add('email', 'email', array('label' => 'Email','required' => true)) ->add('password', 'repeated', array('type' => 'password', 'first_options' => array('label' => 'Contraseña'), 'second_options' => array('label' => 'Repita la contraseña'), 'invalid_message' => 'Las contraseñas no coinciden' )) ->add('birthday','date', array('label' => 'Fecha de Nacimiento', 'years' => range(date('y'),date('Y')-90), 'format' => 'dd-MMMM-yyyy' )); }

  2. security.yml 

     security: encoders: Bluetton\\DispatcherBundle\\Document\\User: algorithm: sha512 encode-as-base64: true iterations: 10 role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: dispatcherdb: mongodb: { class: Bluetton\\DispatcherBundle\\Document\\User, property: email } firewalls: main: pattern: /.* provider: dispatcherdb form_login: login_path: /login check_path: /login_check remember_me: true logout: path: /logout target: / remember_me: key: MiClaveSegura lifetime: 1800 path: /.* domain: ~ security: true anonymous: true access_control: - { path: /setup, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /user, roles: IS_AUTHENTICATED_ANONYMOUSLY } #ROLE_USER } # - { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }

  3. SecurityController.php 

     class SecurityController extends Controller { public function loginAction() { $request = $this->getRequest(); $session = $request->getSession(); // get the login error if there is one if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR); } else { $error = $session->get(SecurityContext::AUTHENTICATION_ERROR); } return $this->render('DispatcherBundle:Security:login.html.twig', array( // last username entered by the user 'last_username' => $session->get(SecurityContext::LAST_USERNAME), 'error' => $error, )); } public function indexAction() { $user = new User(); $validator = $this->get('validator'); $errors = $validator->validate($user); if (count($errors) > 0) { $errorsString = (string) $errors; return new Response($errorsString); } return new Response('El usuario es valido!'); } }

2 answers

solution1
 0  2014-02-21 23:49:03

I solve the problem overriding the functions preUpdate() and prePersist() on UserAdmin class 

            public function preUpdate($object) {
                $uniqid = $this->getRequest()->query->get('uniqid');
                $encoder = new MessageDigestPasswordEncoder('sha512', true, 10);
                $formData = $this->getRequest()->request->get($uniqid);
                if(array_key_exists('password', $formData) && $formData['password'] !== null && strlen($formData['password']['first' ]) > 0) {
                    $object->setPassword($encoder->encodePassword($formData['password']['first' ],$object->getSalt()));
                }
            }

            public function prePersist($object) {
                $encoder = new MessageDigestPasswordEncoder('sha512', true, 10);
                $uniqid = $this->getRequest()->query->get('uniqid');
                $formData = $this->getRequest()->request->get($uniqid);
                if(array_key_exists('password', $formData) && $formData['password'] !== null && strlen($formData['password']['first' ]) > 0) {
                    $object->setPassword($encoder->encodePassword($formData['password']['first' ],$object->getSalt()));
                }
            }

solution2
 0  2014-03-30 15:53:57

  1. you should use hooks as described there (your case for sure)
  2. you need to change field declaration to something like that (use plainPassword instead of password) 
->add('plainPassword', 'repeated', array(
        'type' => 'password',
        'options' => array('translation_domain' => 'FOSUserBundle'),
        'first_options' => array('label' => 'form.password'),
        'second_options' => array('label' => 'form.password_confirmation'),
        'invalid_message' => 'fos_user.password.mismatch',
    ))

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sonata Admin Panel Input Field Sonata Admin - sort on relation field Change field css in listMapper Sonata Admin Add custom form field that is not in entity - Sonata admin Sonata Admin Bundle - Custom field with URL Sonata Admin - Change filter values (relation field) Symfony Sonata admin find by some field Sonata Admin Bundle - Different field options in configureFormFields Sonata Admin how to read not mapped field? Sonata Admin - How to add a link to a field
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM