How to disable cakephp3 hashing password on demand before insert it to database?

Question

In My App I use by default DefaultPasswordHasher of cakephp3 to create and modify users password. I am doing a CSV export/import users module that allow to import already hashed password by DefaultPasswordHasher.

My CSV have some users that have plaintext password that will be hashed during import. And users that already have hashed password, so it have just to be pushed to database.

username;displayname;password_type;password;profilename;enabled;admin
user1;User1;plaintext;abcd1234;Default;1;1
user2;User2;hashed;$ueipzueirzouiodjfm$dsklfj;Default;1;1

So I tried this :

Create the file ./src/Auth/LegacyPasswordHasher.php and insert this :

<?php
namespace App\Auth;

use Cake\Auth\AbstractPasswordHasher;

class LegacyPasswordHasher extends AbstractPasswordHasher
{
        public function hash($password)
        {
                return $password;
        }
}

?>

In UsersController.php

public function import()
{
... 
// If hashed is set in CSV line then :
                            $this->loadComponent('Auth', [
                                'authenticate' => [
                                    'Form' => [
                                        'passwordHasher' => ['className' => 'Legacy',]
                                        ]
                                    ]
                                ]);
...
}

I get an error that The "Auth" alias has already been loaded. Yes it is by parent AppController.php. I wan't to avoid to load Auth Component on each Users method.

Is there a way to just disable hashing on demand for the field "password"?

Answer 1

I found a solution by my own.

I tried a solution that was completly wrong when I have post my question. The right question is: Is there a way to disable hashing password on demand before insert it to database ?

I don't know if it is the best solution.

As the hashing is done by Model, so I created a new model that point to the same table as Users Model.

src/Model/Table/NoHashPasswordUsersTable.php :

class NoHashPasswordUsersTable extends Table
{
   public function initialize(array $config) {
      // Set table to use
      $this->table('users');
      // or After Cakephp 3.4.0
      //$this->setTable('users');
      ...
   }
    public function validationDefault(Validator $validator)
    {
        ...
        // Validation rules to check length of hashed string
        $validator
            ->add('password', 'notEmpty', [
                'rule' => ['lengthBetween', 60, 60],
                'message' => __('Hashed password should contains 60 chars')
            ]);

        return $validator;
    }
}

Create an entity file src/Model/Entiry/NoHashPasswordUser.php that does not have a function _setPassword

In src/Controller/UsersController.php :

// Load model that allow to import Users without hashing the password
$this->loadModel('NoHashPasswordUsers');
...
// I can switch Model to use to hash or not hash the password, for example 
$this->Users->save($user)
$this->NoHashPasswordUsers->save($user)