CasualBen
Reputation: 909
isPasswordValid does not work with sha256
I'm implementierung a ui for an existing oracle db with a users table and passwords stored as sha256 hashes. But the authenticator shows that the password is wrong.
Config:
security:
encoders:
App\Entity\User:
algorithm: sha256
Authenticator-Function:
public function checkCredentials($credentials, UserInterface $user)
{
return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); // -> False
return hash_equals(hash('sha256', $credentials['password']), $user->getPassword()); // -> True
}
As described if i manually check the password with hash_equals it works. Can someone help? Might be a misconfiguration i think.
Upvotes: 0
Views: 429
Answers (1)
Alex Howansky
Reputation: 53553
sha256 is not a valid value for this YAML setting. Symfony doesn't (natively) support straight hashes like this because they're not considered strong enough for passwords.
If you really want to use SHA256 (you shouldn't) you can create your own encoder.
Upvotes: 3
Related Questions
- Cannot find solution for Call to a member function isPasswordValid() on null in Symfony
- Why isPasswordValid() function always return false?
- Symfony 4.2 isPasswordValid method disconect my user when he change e-mail
- Encoder->IsPasswordValid must implement interface \UserInterface
- Symfony using salt in encodePassword
- Symfony 2.3 login form isn't authenticating
- Symfony2 Login SHA512 - Bad Credentials
- Symfony2 Security, Using sha512, not working. Receiving Bad Credentials message
- Symfony2: Encode Password before login_check
- sfValidator for compare password sha1