using sha512 encoder with symfony2 in_memory security provider

Question

I'm trying to configure my symfony2 application to use the sha512 password encoder with the in_memory security provider, but I can't get it to work. I am getting the infamous "Bad credentials" error on login. Unlike most questions here, I do not want to get users from any database. I do not want to use FOSUserBundle. All I want is simply to replace the plaintext passwords in my security.yml with sha512 hashes.

According to http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password this should be as simple as setting the encoder and replacing the plaintext password with the hash, so that is what I tried to do:

security.yml:

security:
    encoders:
        Symfony\Component\Security\Core\User\User: sha512

    providers:
        in_memory:
            memory:
                users:
                    admin: { password: $6$randomsalt$mbd3sS15ibE.W7hkLqfQ0LNEQsUod7BOUD67g/oIb8uhqGfyAzaga3vgGaRJZn67VdHHfn.tnkKY9ffDVXw3C., roles: [ 'ROLE_ADMIN' ] }

The password is "admin", the salt is "randomsalt" and the hash was generated by mkpasswd:

mkpasswd -m sha-512 admin randomsalt

Why is this not working? Does symfony2 expect the hash to be in some other format?

EDIT: things I've tried as well:

• generating the hash through PHP using crypt($password, "$6$".$salt)
• toggling encode_as_base64 true/false on the security encoder
• specifying the number of iterations to use (default 5000)

Result is the same: "Bad credentials".

Answer 1

I found a solution which is not elegant but working and allows any number of iteration unlike the accepted answer:

It uses the following class: Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder

In any Controller (or whatever php file) add the following code:

use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;

...

$messageDigestPasswordEncoder= new MessageDigestPasswordEncoder;
var_dump($messageDigestPasswordEncoder); // you'll see the default options
var_dump($messageDigestPasswordEncoder->encodePassword('Hello', '')); // ouput the encoded password

In your security.yml, add the following code:

security:

encoders:
    Symfony\Component\Security\Core\User\User: sha512

providers:
    admin:
        memory:
            users:
                # password: Hello
                test:  { password: CYvx/IlZCmwdywJkE8X6FTAixdgaL1oq0u8Ij3o+2LIAyDkWHynQ5UCdWe78YQt5j4oMIIu7YjYYR2b3H7zbvg==, roles: 'ROLE_ADMIN' }

Answer 2

After much trial and error, the only configuration I have been able to get working is the simplest case:

security:
    encoders:
        Symfony\Component\Security\Core\User\User:
            algorithm: sha512
            encode_as_base64: false
            iterations: 1

    providers:
        in_memory:
            memory:
                users:
                    admin: { password: c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec, roles: [ 'ROLE_ADMIN' ] }

That's a single sha512 iteration of the unsalted password obtained by echo -n admin | sha512sum or from any of the various online hash generators. I can't get it to work with anything created by PHP's standard crypt() or password_hash() functions. The docs don't specify a format. My app doesn't deal with users or passwords in any other way and I was rather hoping to use symfony's security component without writing custom user entities or password encoders. This is turning into an awful lot of work for what seems like a very basic thing.