Symfony fos_user bundle encoded password in Laravel - Symfony to Laravel Migration

Question

We are migrating one of our application from Symfony 3.3 to Laravel 5.5 and we want to use all our existing users without requiring a password change.

In Symfony application, we used FOSUserBundle to encode the password.

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email
encoders:
    FOS\UserBundle\Model\UserInterface: sha512

Trying to figure out how we can use the same algorithm in Laravel.

Tried, password_verify

password_verify($raw, $encoded)

but doesn't work. Any idea would be very helpful.

Answer 1

Try this:

$raw = 'qwerty12345';
$salt = 'salt'; // $user->getSalt() users salt field

if (empty($salt)) {
    $salted = $raw;
} else {
    $salted = $raw.'{'.$salt.'}';
}

$digest = hash('sha512', $salted, true);

for ($i = 1; $i < 5000; ++$i) {
    $digest = hash('sha512', $digest.$salted, true);
}

$encoded = base64_encode($digest);

echo hash_equals($encoded, %password_from_db%);

Password is hashed many times, iterations count is set in SecurityBundle. All parameters are available by command ./bin/console debug:config SecurityBundle in encoders section:

    FOS\UserBundle\Model\UserInterface:
        algorithm: sha512
        hash_algorithm: sha512
        key_length: 40
        ignore_case: false
        encode_as_base64: true
        iterations: 5000
        cost: 13

Password encoding code for this case can be taken from https://github.com/symfony/symfony/blob/3.2/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php