On 01.12.2010, at 14:52, Lukas Kahwe Smith wrote: > the provider handles comparing the submitted password with the one stored in > the provider. however in order to initially store the hashed password there > doesnt seem to be any facility to easily figure out what password encoder is > set for a given provider.
to illustrate the issue some more: https://github.com/liip/DoctrineUserBundle/tree/algorithm_fix2 The issue is how do I get the password_encoder setting from a specific provider into the DoctrineUserBundle. Note that right now DoctrineUserBundle probably does not support multiple different encoders for different providers, but it would be great to just have to configure the name of the provider to link DoctrineUserBundle with. security.config: providers: main: password_encoder: &password_encoder sha1 entity: class: FooBundle:User doctrine_user.config: password_encoder: <<: *password_encoder Furthermore I wonder if there should be a getter in MessageDigestPasswordEncoder. Then I could inject the encoder into the Entity. namespace Bundle\DoctrineUserBundle\Model; abstract class User implements AdvancedAccountInterface { public function __construct($algorithm) { $this->algorithm = $algorithm; } protected function hashUserPassword() { $password = $this->getPassword(); if (empty($password)) { $hashPassword = null; } else { $encoder = new MessageDigestPasswordEncoder($this->algorithm); $hashPassword = $encoder->encodePassword($password, $this->getSalt()); } $this->setPasswordHash($hashPassword); } } regards, Lukas Kahwe Smith m...@pooteeweet.org -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
