Configure Silex security with InMemoryUserProvider with PlaintextPasswordEncoder

Question

I'm trying to secure ^/admin path (for learning purpose) with basic http authentication using silex and the symfony security component by providing an array of users with raw passwords, this is what I tried

use Symfony\Component\Security\Core\User\InMemoryUserProvider;

$app['security.firewalls'] = [
    'admin' => [
        'pattern' => '^/admin',
        'http' => true,
        'security' => true,
        'users' => function () use ($app) {
            return new InMemoryUserProvider([
                'admin' => [
                    'password' => 'admin',
                    'enabled' => true,
                    'roles' => ['ROLE_ADMIN'],
                ]
            ]);
        },
];

$app->register(new Silex\Provider\SecurityServiceProvider());

The equivalent symfony configuration is:

# app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                    admin:
                        password: admin
                        roles: 'ROLE_ADMIN

Part of my composer.json looks like:

  "require": {
    "silex/silex": "~2.0",
    "symfony/security": "^3.2"
  },

Why I can't login with the above credentials (user: admin, password: admin)?

Answer 1

It's probably because you're using the default encoder for user passwords (BCrypt), and you're using a plain text password in your configuration instead. You can change it with:

use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;

// register this first
$app->register(new Silex\Provider\SecurityServiceProvider());

$app['security.default_encoder'] = function ($app) {
    // Plain text (e.g. for debugging)
    return new PlaintextPasswordEncoder();
};

Remember that you can override the security.default_encoder service only after you've registered SecurityServiceProvider.

You can read more about it in the documentation.