Ask Question Sign In Sign Up

How to hash user password in Symfony?

Member

by tavares_marks , in category: PHP , 2 years ago

I have a RegistrationController and I am trying to create a registerAction method. My question is how do you guys hash user passwords in Symfony?


Here is my Symfony code but I heard md5 is not secure:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

class RegistrationController extends Controller
{
    public function registerAction(Request $request)
    {
        $em = $this->getDoctrine()->getManager();
        $user = new User();
        $form = $this->createForm(UserForm::class, $user);

        $form->handleRequest($request);
        if ($form->isValid()) {
            $password = $user->getPlainPassword();
            // how do you encrypt user passwords?
            $user->setPassword(md5($password));
        }
    }
}
Facebook Twitter LinkedIn Telegram Whatsapp
user password framework symfony hash

2 answers

Member

by percy , 2 years ago

@tavares_marks Depends on your Symfony version, but in Symfony 5 and above you can use the UserPasswordHasherInterface and hashPassword() method to set hashed user password in Symfony, your final code is below:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

public function registerAction(Request $request, UserPasswordHasherInterface $passwordHasher)
{
    $em = $this->getDoctrine()->getManager();
    $securityContext = $this->get('security.authorization_checker');

    if ($securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
        return new RedirectResponse($this->generateUrl('fos_user_profile_show'));
    }
    $user = new User();
    $form = $this->createForm(UserForm::class, $user);

    $form->handleRequest($request);
    if ($form->isValid()) {
        $password = $user->getPlainPassword();
        // hash the password (based on the security.yaml config for the $user class)
        $hashedPassword = $passwordHasher->hashPassword(
            $user,
            $password
        );
        $user->setPassword($hashedPassword);
    }
}

Member

by freddy , 2 years ago

@tavares_marks just in case, you have Symfony 4 or 3.4 installed you can inject the UserPasswordEncoderInterface interface and call encodePassword() to hash user password in Symfony, code:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

public function registerAction(Request $request, UserPasswordEncoderInterface $encoder)
{
    $em = $this->getDoctrine()->getManager();
    $securityContext = $this->get('security.authorization_checker');

    if ($securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
        return new RedirectResponse($this->generateUrl('fos_user_profile_show'));
    }
    $user = new User();
    $form = $this->createForm(UserForm::class, $user);

    $form->handleRequest($request);
    if ($form->isValid()) {
        $password = $user->getPlainPassword();
        $hashedPassword = $encoder->encodePassword(
            $user,
            $password
        );
        $user->setPassword($hashedPassword);
    }
}

Related Threads:

How to hash a password for a user in prestashop?
How to get a plain user password in symfony?
How to encode a password in Symfony 5?
How to hash password and verify password in PHP?
How to use multiple user provider in Symfony 5?