Symfony2 custom Password Encoder (bcrypt)

Question

I\'ve written my own password encoder which implements the PasswordEncoderInterface:

class BCryptPasswordEncoder implements PasswordEncoderInterface         


        

Answer 1

Starting from Symfony 2.2, BCrypt is natively supported, so you can configure it easily as such:

security:
    encoders:
        Symfony\Component\Security\Core\User\User:
            algorithm: bcrypt
            cost: 7

You may want to adjust the cost upwards if you have a fast enough server though.

Answer 2

As of November 2011, before Symfony 2.2, this is not directly supported.

Instead of reinventing the wheel, I suggest you to use the Blowfish Password Encoder bundle I wrote (ElnurBlowfishPasswordEncoderBundle), which solves the same problem. Or, at least, you can see how it's implemented.

If you're using Symfony 2.2 or later, see Seldaek's answer for configuration instructions.

Answer 3

Your encoders section should look like this:

encoders:
    Acme\UserBundle\Entity\User:
        id: bcrypt.password.encoder

where Acme\UserBundle is your vendor and bundle namespace, of course.

For reference, a complete example security config can be found here.

EDIT: The way the encoder factory works (source code here, relevant lines start on line 33) is that in your config, you have given the framework a class, and an encoder to use for the class. It's Doctrine-independent, so just provide the fully-qualified class name of your user object in the config instead of a "user entity," and when your password is encoded, Symfony will know how to handle it.