I have a legacy system which contains md5 hashed passwords. I have tested these to be correct and they do not use a salt.
security.yml
security:
encoders:
Namespace\MyBundle\Entity\User:
algorithm: md5
providers:
entityUsers:
entity: { class: NamespaceBundle:User, property: username }
In my User entity I have implemented UserInterface and made sure the salt is set to the empty string.
But I get a bad credentials error when trying to authenticate.
I have tried switching security.yml to plaintext and entered the hash and the system works fine.
Surely md5 should just work?
I was having exactly the same problem and had to dig into the code to find out why.
You don't need to create a custom encoder.
By default, the MessageDigestPasswordEncoder encoder (Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder) in Symfony 2.5 - and possibly all Symfony 2 releases - calculates the MD5 hash of the raw password, with/without using a salt, as expected, and then re-hashes the MD5 a number of times (5000 times, by default, in Symfony 2.5). To make things that little bit more exciting, the encoder will also base64-encode the hash, by default. Both of those features were causing problems for me.
You can fix the problem(s) by disabling the re-hashing and/or disabling the base64 encoding, in security.yml, thus:
security:
encoders:
Namespace\Of\Your\User:
algorithm: md5
encode_as_base64: false
iterations: 0
Hope that saves you some time.
Turns out that the md5 in symfony2 uses a salt by default. There may be an easier way, but I just created a custom md5 password encoder interface that ignores salt.
Register a service
namespace.project.md5password.encoder:
class: Namepspace\MyBundle\Services\CustomMd5PasswordEncoder
Create the encoder service
namespace Namespace\MyBundle\Services;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
class CustomMd5PasswordEncoder implements PasswordEncoderInterface
{
public function __construct() {
}
public function encodePassword($raw, $salt) {
return md5($raw);
}
public function isPasswordValid($encoded, $raw, $salt) {
return md5($raw) == $encoded;
}
}
Use the new service in security.yml
security:
encoders:
Namespace\MyBundle\Entity\User:
id: namespace.project.md5password.encoder
Hope this helps
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《Using MD5 in symfony2 security.yml for legacy user》','https://www.manongdao.com/article-577148.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}