php – 在encodePassword中使用salt的Symfony
发布时间:2020-12-13 16:56:12 所属栏目:PHP教程 来源:网络整理
导读:我正在使用Symfony 2.6.6,我目前正在尝试在我的数据库用户上使用salt.在注册过程中,我执行以下哈希,同时通过Doctrine持久保存用户信息. SRC /的appbundle /表格/ RegisterFormType.php ?php$account-setSalt(base_convert(sha1(uniqid(mt_rand(),true)),16,3
|
我正在使用Symfony 2.6.6,我目前正在尝试在我的数据库用户上使用salt.在注册过程中,我执行以下哈希,同时通过Doctrine持久保存用户信息.
SRC /的appbundle /表格/ RegisterFormType.php <?php $account->setSalt(base_convert(sha1(uniqid(mt_rand(),true)),16,36)); $account->setPassword($this->encodePassword($account,$account->getPlainPassword())); 在同一个文件中我有这个功能: <?php
private function encodePassword(Account $account,$plainPassword)
{
$encoder = $this->container->get('security.encoder_factory')->getEncoder($account);
return $encoder->encodePassword($plainPassword,$account->getSalt());
}
这是我的security.yml文件: 应用程序/配置/ security.yml security:
encoders:
AppBundleEntityAccount: bcrypt
providers:
database_users:
entity: { class: AppBundle:Account }
role_hierarchy:
ROLE_ADMIN: [ROLE_USER,ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: [ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
prod:
pattern: ^/
form_login:
check_path: account_login_check
login_path: account_login
csrf_provider: form.csrf_provider
logout:
path: account_logout
target: home
anonymous: ~
switch_user: ~
remember_me:
key: "%secret%"
access_control:
- { path: ^/account/login,roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/account/register,roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/account/logout,roles: IS_AUTHENTICATED_FULLY }
在我的实体中,这些是盐键: SRC /的appbundle /实体/ Account.php <?php // src/AppBundle/Entity/Account.php
namespace AppBundleEntity;
use DoctrineORMMapping as ORM;
use SymfonyComponentSecurityCoreRoleRole;
use SymfonyComponentSecurityCoreUserAdvancedUserInterface;
use Serializable;
use SymfonyComponentValidatorConstraints as Assert;
use SymfonyBridgeDoctrineValidatorConstraintsUniqueEntity;
/**
* @ORMTable(name="accounts")
* @ORMEntity(repositoryClass="AppBundleEntityAccountRepository")
* @UniqueEntity(fields="username",message="That username is taken!")
* @UniqueEntity(fields="email",message="That email is taken!")
*/
class Account implements AdvancedUserInterface,Serializable
{
/**
* @ORMColumn(name="id",type="integer")
* @ORMId
* @ORMGeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORMColumn(name="username",type="string",length=30)
* @AssertNotBlank(message="Give us at least 3 characters")
* @AssertLength(min=3,minMessage="Give us at least 3 characters!")
*/
private $username;
/**
* @ORMColumn(name="password",length=255)
*/
private $password;
/**
* @ORMColumn(name="salt",type="string")
*/
private $salt;
/**
* @ORMColumn(type="string",length=120)
* @AssertNotBlank
* @AssertEmail
*/
private $email;
/**
* @ORMColumn(type="json_array")
*/
private $roles = array();
/**
* @ORMColumn(type="boolean")
*/
private $isActive = false;
/**
* @AssertNotBlank
* @AssertRegex(
* pattern="/^(?=.*d)(?=.*[a-z])(?=.*[A-Z])(?!.*s).*$/",* message="Use 1 upper case letter,1 lower case letter,and 1 number"
* )
*/
private $plainPassword;
/**
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* @return string
*/
public function getUsername()
{
return $this->username;
}
/**
* @param string $username
* @return Account
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* @param string $email
* @return Account
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* @return string
*/
public function getPassword()
{
return $this->password;
}
/**
* @param string $password
* @return Account
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* @return string
*/
public function getPlainPassword()
{
return $this->plainPassword;
}
/**
* @param $plainPassword
* @return string
*/
public function setPlainPassword($plainPassword)
{
$this->plainPassword = $plainPassword;
return $this;
}
/**
* @return array Role
*/
public function getRoles()
{
$roles = $this->roles;
$roles[] = 'ROLE_USER';
return array_unique($roles);
}
/**
* @param array $roles
* @return Role
*/
public function setRoles(array $roles)
{
$this->roles = $roles;
return $this;
}
/**
* Removes sensitive data from the user
*/
public function eraseCredentials()
{
$this->setPlainPassword(null);
}
/**
* @return string
*/
public function getSalt()
{
return $this->salt;
}
/**
* @param $salt
* @return Account
*/
public function setSalt($salt)
{
$this->salt = $salt;
return $this;
}
/**
* @return boolean
*/
public function getIsActive()
{
return $this->isActive;
}
/**
* @param boolean $isActive
*/
public function setIsActive($isActive)
{
$this->isActive = $isActive;
}
public function isAccountNonExpired()
{
return true;
}
public function isAccountNonLocked()
{
return true;
}
public function isCredentialsNonExpired()
{
return true;
}
public function isEnabled()
{
return $this->getIsActive();
}
public function serialize()
{
return serialize(array(
$this->id,$this->username,$this->password,$this->salt
));
}
public function unserialize($serialized)
{
list (
$this->id,$this->salt
) = unserialize($serialized);
}
}
当我登录时,它可以工作,但是Profiler告诉我Authenticated?说没有.当我将salt更改为数据库中的不同内容时,用户仍然可以登录. 是否有我在Symfony文档中遗漏的内容或者我是否需要更改整个salting方式? 编辑:对不起,我没有包括我序列化和反序列化$this->密码,$this-> salt. 编辑2:包含app / config / security.yml并按用户发布完整的src / AppBundle / Entity / Account.php文件:ghanbari的请求. 感谢您阅读我的问题. 解决方法
首先,您的User对象必须实现Serializable接口,并且您必须序列化id&盐.
阅读this. 编辑:你的实体类必须是这样的: <?php // src/AppBundle/Entity/Account.php
namespace AppBundleEntity;
use DoctrineORMMapping as ORM;
use SymfonyComponentSecurityCoreRoleRole;
use SymfonyComponentSecurityCoreUserAdvancedUserInterface;
use Serializable;
use SymfonyComponentValidatorConstraints as Assert;
use SymfonyBridgeDoctrineValidatorConstraintsUniqueEntity;
/**
* @ORMTable(name="accounts")
* @ORMEntity(repositoryClass="AppBundleEntityAccountRepository")
* @UniqueEntity(fields="username",and 1 number"
* )
*/
private $plainPassword;
/**
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* @return string
*/
public function getUsername()
{
return $this->username;
}
/**
* @param string $username
* @return Account
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* @param string $email
* @return Account
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* @return string
*/
public function getPassword()
{
return $this->password;
}
/**
* @param string $password
* @return Account
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* @return string
*/
public function getPlainPassword()
{
return $this->plainPassword;
}
/**
* @param $plainPassword
* @return string
*/
public function setPlainPassword($plainPassword)
{
$this->plainPassword = $plainPassword;
return $this;
}
/**
* @return array Role
*/
public function getRoles()
{
$roles = $this->roles;
$roles[] = 'ROLE_USER';
return array_unique($roles);
}
/**
* @param array $roles
* @return Role
*/
public function setRoles(array $roles)
{
$this->roles = $roles;
return $this;
}
/**
* Removes sensitive data from the user
*/
public function eraseCredentials()
{
$this->setPlainPassword(null);
}
/**
* @return string
*/
public function getSalt()
{
return null;
}
/**
* @param $salt
* @return Account
*/
public function setSalt($salt)
{
$this->salt = $salt;
return $this;
}
/**
* @return boolean
*/
public function getIsActive()
{
return $this->isActive;
}
/**
* @param boolean $isActive
*/
public function setIsActive($isActive)
{
$this->isActive = $isActive;
}
public function isAccountNonExpired()
{
return true;
}
public function isAccountNonLocked()
{
return true;
}
public function isCredentialsNonExpired()
{
return true;
}
public function isEnabled()
{
return $this->getIsActive();
}
public function serialize()
{
return serialize(array(
$this->id,$this->salt,$this->isActive
));
}
public function unserialize($serialized)
{
list (
$this->id,$this->isActive
) = unserialize($serialized);
}
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |