Symfony2 Create Own Encoder for Storing Password

Symfony2 create own encoder for storing password

To make it simple: you have to create and add a new Service, add it to your bundle and specity that the User class will use it. First you have to implement your own password encoder:

namespace Acme\TestBundle\Service;

use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

class Sha256Salted implements PasswordEncoderInterface
{

    public function encodePassword($raw, $salt)
    {
        return hash('sha256', $salt . $raw); // Custom function for password encrypt
    }

    public function isPasswordValid($encoded, $raw, $salt)
    {
        return $encoded === $this->encodePassword($raw, $salt);
    }

}

Then you'll add the service definition and you want to specify to use your custom encoder for the class User. In TestBundle/Resources/config/services.yml you add custom encoder:

services:
    sha256salted_encoder:
        class: Acme\TestBundle\Service\Sha256Salted

and in app/config/security.yml you can therefore specify your custom class as default encoder (for Acme\TestBundle\Entity\User class):

 encoders:
   Acme\TestBundle\Entity\User:
     id: acme.test.sha256salted_encoder

Of course, salt plays a central role in password encryption. Salt is unique and is stored for each user. The class User can be auto-generated using YAML annotations (table should - of course - contain fields username, password, salt and so on) and should implement UserInterface.

Finally you can use it (controller code) when you have to create a new Acme\TestBundle\Entity\User:

// Add a new User
$user = new User();
$user->setUsername = 'username';
$user->setSalt(uniqid(mt_rand())); // Unique salt for user

// Set encrypted password
$encoder = $this->container->get('acme.test.sha256salted_encoder')
  ->getEncoder($user);
$password = $encoder->encodePassword('MyPass', $user->getSalt());
$user->setPassword($password);

Symfony2 custom Password Encoder (bcrypt)

As of November 2011, before Symfony 2.2, this is not directly supported.

Instead of reinventing the wheel, I suggest you to use the Blowfish Password Encoder bundle I wrote (ElnurBlowfishPasswordEncoderBundle), which solves the same problem. Or, at least, you can see how it's implemented.

If you're using Symfony 2.2 or later, see Seldaek's answer for configuration instructions.

How to use encoder factory in Symfony 2 inside the model setter?

The entity contains data, not handles it. If you want to change data of an entity you can create the event listener and do stuff before persistence. Check How to Register Event Listeners and Subscribers from the official documentation.

You can also take a look at FosUserBundle and its user management.

FosUserBundle UserManager

So, the main idea is to pass plain password from a form to the user entity and encode it before persitence using event listener.

Symfony2: How do i generate sha512 hash of a password?

In your controller you can do (assuming that you set sha512 as encoding algorithm in app/config/security.yml)

    $userName = 'username';
    $password = "pass";
    $userManager = $this->get('fos_user.user_manager');
    $user = $userManager->loadUserByUsername($userName);
    $encoder = $this->get('security.encoder_factory')->getEncoder($user);
    $encodedPass = $encoder->encodePassword($password, $user->getSalt());
    echo $user->getPassword() === $encodedPass;

How to use the Password Encoder from Drupal 7 in Symfony2

Take a look here: http://api.drupal.org/api/drupal/includes%21password.inc/function/user_hash_password/7

Then following the function calls, you should be able to mimic this is Symfony. It's basically using sha512 with a salt.

See this question for how to code your own encoder in Symfony: Symfony2 create own encoder for storing password

---

Related Topics