Using MD5 in symfony2 security.yml for legacy users
I have a legacy system which contains md5 hashed passwords. I have tested these to be correct and they do not use a salt.
security.yml
s
-
Turns out that the md5 in symfony2 uses a salt by default. There may be an easier way, but I just created a custom md5 password encoder interface that ignores salt.
Register a service
namespace.project.md5password.encoder: class: Namepspace\MyBundle\Services\CustomMd5PasswordEncoderCreate the encoder service
namespace Namespace\MyBundle\Services; use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface; class CustomMd5PasswordEncoder implements PasswordEncoderInterface { public function __construct() { } public function encodePassword($raw, $salt) { return md5($raw); } public function isPasswordValid($encoded, $raw, $salt) { return md5($raw) == $encoded; } }Use the new service in security.yml
security: encoders: Namespace\MyBundle\Entity\User: id: namespace.project.md5password.encoderHope this helps
讨论(0) -
I was having exactly the same problem and had to dig into the code to find out why.
You don't need to create a custom encoder.
By default, the
MessageDigestPasswordEncoderencoder (Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder) in Symfony 2.5 - and possibly all Symfony 2 releases - calculates the MD5 hash of the raw password, with/without using a salt, as expected, and then re-hashes the MD5 a number of times (5000 times, by default, in Symfony 2.5). To make things that little bit more exciting, the encoder will also base64-encode the hash, by default. Both of those features were causing problems for me.You can fix the problem(s) by disabling the re-hashing and/or disabling the base64 encoding, in
security.yml, thus:security: encoders: Namespace\Of\Your\User: algorithm: md5 encode_as_base64: false iterations: 0Hope that saves you some time.
讨论(0)
加载中...
- 热议问题