CODEWITHSUNDEEP
symfonypasswordsfosuserbundle
Bendy
Bendy

Reputation: 3576

How to migrate users passwords to Symfony FOSUserBundle table

I have an old website which I want to migrate to Symfony2 and use the FOSUserBundle.

My 'old' website's database stores encrypted passwords as follows:

sha1(\"$salt1$plain_text_password$salt2\")

However, I've not done this before and am not sure on how to go about doing it. Is my only option to somehow configure FOSUserBundle to use the same encryption as the old website? If so, where would I do this?

Upvotes: 1

Views: 803

Answers (2)

Pedro Casado
Pedro Casado

Reputation: 1745

Snippet for Magento migration password logic.

<?php

namespace AppBundle\Utils;

use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;

class CustomPasswordEncoder extends BasePasswordEncoder
{
    public function encodePassword($raw, $salt)
    {
        $salt2 = base64_encode($salt.uniqid());

        // logic from magento
        return md5($salt2.$raw).":".$salt2;
    }

    public function isPasswordValid($encoded, $raw, $salt)
    {
        // magento logic
        $hashArr = explode(':', $encoded);
        $hashToValidate = md5($hashArr[1] . $raw);

        return $this->comparePasswords(
           $hashArr[0], // first piece of password
           $hashToValidate // $salt.$password md5 hash
        );
    }
}

Upvotes: 1

wonde
wonde

Reputation: 1181

You can create a custom password encoder and override BasePasswordEncoder ::isPasswordValid() add your logic in it

example

class CustomPasswordEncoder extends BasePasswordEncoder
{
   public function encodePassword($raw,$salt){
       list($salt1,$salt2) = explode(",",$salt);
       return sha1($salt1.$raw.$salt2); // your logic here
   }
    public function isPasswordValid($encoded,$raw,$salt)
    {
      return $this->comparePasswords(
       $encoded,$this>encodePassword($raw,$salt));
    }
}

make this class a service 

service.yml
services:
    custom-password-encoder:
        class: path\to\CustomPasswordEncoder

and add this on your security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: {id: custom-password-encoder}

you also need to change User::getSalt() to return the two salts separated by comma

example

Class User extends BaseUser
{
    public function getSalt()
    {
        return "salt1,salt2";
    }
}

Upvotes: 2

Related Questions