{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《How to use the credentials expired property in Sym》','https://www.manongdao.com/q-570017.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In a Symfony 2.4 project our client wants to force the users to change their password every N days. We saw that there are columns "credentials_expired" and "credentials_expire_at" in the database and a check that throws an AccountExpiredException in the UserChecker class that seem to be for that purpose, but I can't find any documentation on how to enable or configure this feature.
- How can the credentials_expire_at column be filled with a date N days after now on every password change?
- How can a user still change the password, if the password is expired?
- How to warn the user about the passoword expiration some days in advance?
- Is it possible to forbid the reuse of the last password?
Actually, it's the
CredentialsExpiredExceptionyou want to catch. If you're using the Symfony Security component, then the simplest way to handle this is to check for the exception in theloginActionof yourSecurityController:You'll obviously need to create a route for changing passwords, which you can set as the form action of your
changePasswordtemplate. Password change requests can then be handled accordingly in yourSecurityController.The core of your business logic can/should exist within a
UserManager(or whatever you wish to call it) service class, which you can instantiate and invoke as needed from yourSecurityController.Hope that helps.
NOTE: For posterity, the expired user object is stored within the
CredentialsExpiredExceptionexception, so you can easily retrieve it if you need to act upon it for handling expired passwords:$error->getUser();