【发布时间】:2019-08-30 20:03:35
【问题描述】:
我想允许用户从他们的个人空间更改他们的密码。为此,他必须连接,所以知道他的密码。 更改密码必须按以下步骤进行:
- 输入旧密码
- 输入新密码并确认(screenshot)
除了我有一个我根本不明白的问题。我无法通过密码比较步骤。 我检查输入的旧密码是否与数据库中的密码不同,如果是,我会发送一个错误。否则,我将新密码发送到数据库。
你怎么看?这是正确的方法吗?
我的控制器
/**
* @Route("/account/settings", name="account_settings")
* @IsGranted("ROLE_USER")
* @param Request $request
* @param UserPasswordEncoderInterface $passwordEncoder
* @param ObjectManager $manager
* @return Response
*/
public function settings(Request $request, UserPasswordEncoderInterface $passwordEncoder, ObjectManager $manager): Response
{
$updatePassword = new UpdatePassword();
$user = $this->getUser();
$form = $this->createForm(UpdatePasswordType::class, $updatePassword);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
if (!password_verify($updatePassword->getOldPassword(), $user->getHash())) {
$form->get('oldPassword')->addError(new FormError('L’ancien mot de passe ne correspond pas'));
} else {
$newPassword = $updatePassword->getNewPassword();
$hash = $passwordEncoder->encodePassword($user, $newPassword);
$user->setHash($hash);
$manager->persist($user);
$manager->flush();
$this->addFlash(
'success',
'votre mot de passe a bien été mise à jour'
);
return $this->redirectToRoute('account_index');
}
}
return $this->render('front/account/settings.html.twig', [
'form' => $form->createView(),
]);
}
我的实体
<?php
namespace App\Entity;
use Symfony\Component\Validator\Constraints as Assert;
class UpdatePassword
{
private $oldPassword;
/**
* @Assert\Length(min=8, minMessage="Le mot de passe doit être composé d'au moins 8 caractères")
*/
private $newPassword;
/**
* @Assert\EqualTo(propertyPath="newPassword", message="La confirmation du mot de passe ne correspond pas")
*/
private $confirmPassword;
public function getOldPassword(): ?string
{
return $this->oldPassword;
}
public function setOldPassword(string $oldPassword): self
{
$this->oldPassword = $oldPassword;
return $this;
}
public function getNewPassword(): ?string
{
return $this->newPassword;
}
public function setNewPassword(string $newPassword): self
{
$this->newPassword = $newPassword;
return $this;
}
public function getConfirmPassword(): ?string
{
return $this->confirmPassword;
}
public function setConfirmPassword(string $confirmPassword): self
{
$this->confirmPassword = $confirmPassword;
return $this;
}
}
我的 security.yaml 文件
security:
role_hierarchy:
ROLE_PRO: ROLE_USER
ROLE_ADMIN: [ROLE_USER, ROLE_PRO]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
encoders:
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
in_memory: { memory: ~ }
in_database:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
provider: in_database
form_login:
login_path: account_login
check_path: account_login
default_target_path: account_index
logout:
path: account_logout
target: account_login
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/account, roles: ROLE_USER }
# - { path: ^/profile, roles: ROLE_ADMIN }
【问题讨论】:
-
“除非我有一个我完全不理解的问题”。那是什么?
-
尝试使用
isPasswordValid代替password_verify并检查this 最近的questions。
标签: php symfony passwords change-password