FOSUserBundle force user to write a different pass

2019-07-16 02:23发布

站内问答 / 后端开发
1414 2 4

I have an application running on Symfony2.0 with FOSUSerBundle. Every 3 months a user who connect the application have to change its password, it's in place and it's working.

Today every 3 months if the user write as new password the same as the previous one there is no verification and he can use it 3 more months.

I would like to add a constraints on the password reset and force the user to give a different password from the previous one. I have no idea how to do this. I tried to create a validator but i don't have my user ID in the validator...

Any clue?

2条回答
Explosion°爆炸
2楼-- · 2019-07-16 02:40

I found a solution, It's working but I still have a small issue : when i submit my new password, if i try to put the same password as the previous one, my form is not valid (that's great !), but the error message is not shown by my twig whereas I'm using :

{{ form_widget(edit_form) }}

Any idea why?

Anyway here is my solution :

I added a validator on the class level to verify the password. To do so, i added a validator on my User class :

// \src\Acme\UserBundle\Resources\config\validation.xml
<class name="Acme\UserBundle\Entity\User">
    <constraint name="Acme\UserBundle\Validator\Constraints\IsDifferentPassword">
        <option name="message">Password has to be different from the previous one</option>
    </constraint>
    <property name="plainPassword">
        <constraint name="NotBlank">
            <option name="message">fos_user.password.blank</option>
        </constraint>
    </property>
</class>

And i created a validator on the class level :

// \src\Acme\UserBundle\Validator\Constraints\IsDifferentPassword.php

namespace Acme\UserBundle\Validator\Constraints;

use Symfony\Component\Validator\Constraint;

/**
 * @Annotation
 */
class IsDifferentPassword extends Constraint
{
    public $message = 'Password has to be different from the previous one';

    public function getTargets()
    {
        return Constraint::CLASS_CONSTRAINT;
    }
}

And :

// \src\Acme\UserBundle\Validator\Constraints\IsDifferentPasswordValidator.php

namespace Acme\UserBundle\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;

class IsDifferentPasswordValidator extends ConstraintValidator
{
    public function isValid($value, Constraint $constraint)
    {
        $encoder = new MessageDigestPasswordEncoder();
        $password = $encoder->encodePassword($value->getPlainPassword(), $value->getSalt());
        $oldPassword = $value->getPassword();
        if($password == $oldPassword){
            return false;
        }
        return true;
    }
}
查看更多
0人赞 添加讨论(0) 举报
ら.Afraid
3楼-- · 2019-07-16 02:45

I had the same problem with symfony 3.4. I solved (symfony doc) replacing your "return false" with this:

    if ($password == $oldPassword) {
        $this->context->buildViolation($constraint->message)
            ->atPath('current_password')
            ->addViolation();
    }

where

The atPath() method defines the property which the validation error is associated to. Use any valid PropertyAccess syntax to define that property.

and cutting the "return true;" row at the end of your isValid function.

Another difference is that I used validate() function instead of your isValid()

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)