How to check if a username/password combination is valid for FOS UserBundle

Question

We are currently using Symfony 2 and FOS/UserBundle for user authentication.

I want to check if a given username/password combination is valid without logging in. This is because another person is currently logged in but for example needs to do a specific action which needs to be done by someone with a higher clearance.

Basically I want another user to do a different controller action besides the person that is currently logged.

If there's a better way of doing this please let me know

Answer 1

Symfony 5.4

Password validation can be done using UserPasswordHasherInterface

use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;

class AuthenticaitonServices
{    
    public function __construct(UserPasswordHasherInterface $passwordHasher)
    {
        $this->hasher = $passwordHasher;
    }

    public function validate($request)
    {
         $form = [
            "username" => $request->request->get("_username"),
            "password" => $request->request->get("_password")
         ];

         if(!$this->hasher->isPasswordValid($user, $form['password']))
         {
             // Incorrect Password
         } else {
             // Correct Password
         }

isPasswordValid returns a bool response

Bundles are not longer available in newer Symfony versions. Above code is for validating password posted from a login form

Hope this is helpful.

Answer 2

How can validate username and password from controller #696

public function validUser($username, $password){

    $user = new Users();    //entity

    $factory = $this->get('security.encoder_factory');
    $encoder = $factory->getEncoder($user);

    $bool = $encoder->isPasswordValid($user->getPassword(),$password,$user->getSalt());
}