does anybody know how brypt hashes for passwords, used in Symfony 3 with FOSUser Bundle (default parameters) can be generated (online service or php function(preferred))? For example, for password 111 I have the following hash: $2y$13$zGCO1RyfbDZovNY9tWOETuXuG/NghlNqimTICEI1r15podQMOp.e2
I have tried several online generators but still could not reproduce this hash. Any Ideas? Is it possible to use hash generated 'separately' from Symfony? Thank you
When a tried to execute it from Controller this was the result:
[Symfony\Component\Console\Exception\CommandNotFoundException] There are no commands defined in the "fos:user" namespace.
the command is not a service or is not public(by fos_user) IDK.
I did it this way
public function changePasswordAction(Request $request){
...
$manipulator = $this->get('fos_user.util.user_manipulator');
$manipulator->changePassword('jimorales', '123');
...
return new Response('password changed!');
}
before/after you can add your own logig
Hope it helps!!
Related
I have my symfony 2.7 updatet to symfony 3.4.
I used in Symfony 2.7 the function generateToken() to create a token for a file upload task. I found just information about Securely Generating Random Values
for symfony 3.4. But how I can integrate it?
can I use the following Statement?
return bin2hex(random_bytes(32));
I know this might be late but hopefuly it will help somone else because there is no function out-of-the-box from symfony that can be used to generate tokens.
so what i did when i run into this problem is that i used the same token generator that is used by FOSUserBundle wich is this:
public function generateToken()
{
return rtrim(strtr(base64_encode(random_bytes(32)), '+/', '-_'), '=');
}
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Util/TokenGenerator.php
and as you can see it uses the random_bytes() function that is recommended in the official documentation of symfony combined with the php function base64_encode() wich is designed to make binary data survive transport through transport layers that are not 8-bit clean, such as mail bodies as explained in the official php documentation and they are using exactiy this example.
I have a need to manually encrypt the password in the same way Symfony does it.
$user->setPlainPassword($password);
$userManager->updateUser($user);
This is application code that saves the user password. But it is obviously encrypted (not plain as method says).
How can I manually get the same result for given password?
EDIT1:
The problem is that I want to authenticate user manually in users controller code. I have readable username and password that comes as parameters. I want to return 401 if they to not exist in database.
Symfony comes with a useful command to encode a password the same way it does:
bin/console security:encode-password 'your_plain_password' 'AppBundle\Entity\YourUserClass'
Try this in your controller action:
$encoder = $this->get('security.encoder_factory')->getEncoder($userClass);
$encodedPassword = $encoder->encodePassword($plainPassword);
In newer Symfony versions (5.3+) you can do it by running CLI command:
bin/console security:hash-password
I was asked to create an API using the Laravel framework on an existing Web application. The web application uses the Zend 2 Block Cipher encryption to encrypt user password. The previous developer who developed the site has already moved on and I need to create a service to verify the user's password in the API. The problem is I can't crack Zend's encryption. I even tried using the PHP mcrypt function but I'm getting this error.
mcrypt_decrypt(): Size of key is too large for this algorithm
This is a bit odd but is there anyway I can decrypt Zend's encryption using just plain PHP? Or is there a work around here? I can't change the current web application as it is being used.
Here is the sample code of the encryption:
use Zend\Crypt\BlockCipher;
class Encryption {
private $_cipher = null;
public function __construct(){
$this->_cipher = BlockCipher::factory('mcrypt',array('algo'=>'aes'));
$this->_cipher->setKey('fltjXW05820D[1(Z5SknJBZ12goBbyK<*271biqT5"j$WvA2JCycgA"{UIe6qJ2');
}
public function encrypt($plainText){
return $this->_cipher->encrypt($plainText);
}
public function decrypt($enctyptedData){
return $this->_cipher->decrypt($enctyptedData);
}
}
Any advice by the experts?
Thank you in advance. Sorry I'm a beginner in Laravel and Zend.
I add a user to the database.
I encode their password using bcrypt encryption:
$factory = $this->get('security.encoder_factory');
$encoder = $factory->getEncoder($user);
$password = $encoder->encodePassword($user->getPassword(),$user->getSalt());
$postData->setPassword($password);
This all persists to the database just fine.
On my User Entity my getSalt() method returns null:
public function getSalt(){
return null;
}
Now when I try to authenticate the symfony logs tells me that I am entering bad credentials.
However...
If i use this site to encrypt my password with bcrypt:
http://bcrypthashgenerator.apphb.com/
Then enter the result into the database manually and try and authenticate with the users password i have updated with the results from the above link,
It works fine.
So there is something I have not set, that when I am encrypting the password that symfony cannot authenticate against it.
I have tried the setting a salt on the getSalt(), setting it to an empty string.
EDIT
I am using php 5.5.9
I have also tried using the BCryptPasswordEncoder($cost) class,
setting the cost on the __construct the same as what's in my security.yml
and it still does not authenticate.
EDIT
I have also tried installing this class via composer to as suggested here.
EDIT
If I use the php method:
password_hash('testertester',PASSWORD_BCRYPT,array('cost'=>13));
It authenticates perfectly.
So its something to do deeper in Symfony. I'll keep digging.
Still no luck :-/
I am scouring the web to no avail so far.
Any help would be greatly appreciated.
Ad
I was passing in the existing entity object not the submitted data object!!
$postData = $form->getdata();
$factory = $this->get('security.encoder_factory');
$encoder = $factory->getEncoder($user);
$password = $encoder->encodePassword($user->getPassword(),$user->getSalt());
$postData->setPassword($password);
Note this line here:
$user->getPassword() needed to be $postData->getPassword()
$password = $encoder->encodePassword($postData->getPassword(),$user->getSalt());
You live and learn ay!
So I am trying to create a new Silex application and use the Security bundle included. For simplicities sake I was going to go with the basic password encoding.
Per the Silex documentation http://silex.sensiolabs.org/doc/providers/security.html I have created a custom User Provider. However this user interface does not seem to use the default password encoding.
I can successfully get a password out of
$password = $app['security.encoder.digest']->encodePassword('foo');
However when I use the example
// find the encoder for a UserInterface instance
$encoder = $app['security.encoder_factory']->getEncoder($user);
// compute the encoded password for foo
$password = $encoder->encodePassword('foo', $user->getSalt());
I get the
RuntimeException: No encoder has been configured for account
In symfony2, I would use something like the following
encoders:
somename:
class: Acme\DemoBundle\Entity\User
Acme\DemoBundle\Entity\User: sha512
Acme\DemoBundle\Entity\User: plaintext
Acme\DemoBundle\Entity\User:
algorithm: sha512
encode_as_base64: true
iterations: 5000
Acme\DemoBundle\Entity\User:
id: my.custom.encoder.service.id
But that doesnt seem to be the case here. I can't seem to find any type of setEncoder method so I am a bit stumped.
You need to reconstruct the EncoderFactory to add your custom implementation:
<?php
$app = new Silex\Application();
$app['myapp.encoder.base64'] = new Base64PasswordEncoder();
$app['security.encoder_factory'] = $app->share(function ($app) {
return new EncoderFactory(
array(
'Symfony\Component\Security\Core\User\UserInterface' => $app['security.encoder.digest'],
'MyApp\Model\UserInterface' => $app['myapp.encoder.base64'],
)
);
});
(oh and please, don't use a Base64Encoder() for password ;))
I was able to use the accepted answer to fix my problem, but I couldn't assign it to security.encoder_factory directly, so I'm just sharing what I found to work.
instead of:
$app['security.encoder_factory'] = $app->share(function($app) {
//..see above...//
});
I had to use:
$app->register(new Silex\Provider\SecurityServiceProvider(),array(
'security.encoder_factory' => $app->share(function($app) {
//... same as above ...//
})
));
I'm too new to Silex to know why it didn't work as above for me. My initial guess would be a version difference (question was asked over two years ago). I can assign to security.provider.default before the call to register the module, but I can't seem to assign to security.encoder_factory . I also seem to have to put security.firewalls in the register call.