Fosuserbundle: How can validate username and password from controller
I try create a function to login from webservice but i don't know how validate the username and password generated by fosuserbundle
I have the next function but the request always is false
public function validUser($username, $password){
$user = new Users(); //entity
$factory = $this->get('security.encoder_factory');
$encoder = $factory->getEncoder($user);
$bool = ($encoder->isPasswordValid($user->getPassword(),$password,$user->getSalt())) ? "true" : "false";
}
this function is ok?
then what is the correct function for validate username and password
please, helpme on this issue
saidmoya12
All 7 comments
The validation of the login is right. (I simply find it weird to call your variable $bool if it contains a string). The validation of the login is done before that, when getting the user (you should not do new Users() but search the user by username to get the existing one)
stof
on 6 Jul 2012
Yes, thanks!!!
loginAction
public function loginAction($username, $password)
{
$user_manager = $this->get('fos_user.user_manager');
$factory = $this->get('security.encoder_factory');
$user = $user_manager->loadUserByUsername($username);
$encoder = $factory->getEncoder($user);
$bool = ($encoder->isPasswordValid($user->getPassword(),$password,$user->getSalt())) ? "true" : "false";
return array('name' => $bool);
}
This is an example using Symfony Request on Symfony 2.8
maybe this will be useful for someone else too.
$username = $request->request->get('username');
$password = $request->request->get('password');
if(is_null($username) || is_null($password)) {
return new Response(
'Please verify all your inputs.',
Response::HTTP_UNAUTHORIZED,
array('Content-type' => 'application/json')
);
}
$user_manager = $this->get('fos_user.user_manager');
$factory = $this->get('security.encoder_factory');
$user = $user_manager->findUserByUsername($username);
$encoder = $factory->getEncoder($user);
$salt = $user->getSalt();
if($encoder->isPasswordValid($user->getPassword(), $password, $salt)) {
$response = new Response(
'Welcome '. $user->getUsername(),
Response::HTTP_OK,
array('Content-type' => 'application/json')
);
} else {
$response = new Response(
'Username or Password not valid.',
Response::HTTP_UNAUTHORIZED,
array('Content-type' => 'application/json')
);
}
isramv
on 19 Jun 2016
+1, great example
saidmoya12
on 20 Jun 2016
@isramv nice!! was very helpful for me, but it's seems that you forgot to control if the user exist when you do: $user_manager->findUserByUsername($username);
If the user dont exist then the $user variable is null and the next line $factory->getEncoder($user) throws an exception.
matiasfessia
on 5 Dec 2016
Hi,
$encoder->isPasswordValid($adminUser->getPassword(), $_password, $salt), this function is always returning false, even when we enter the correct password.
Can anyone provide some insight as to why isPasswordValid method is not validating correct passwords?
Thanks!
Sharad
sharad225
on 22 Oct 2017
@sharad225 this question is not FOSUserBundle related. Functionality is provided by Symfony and their security bundle. According to the api docs (http://api.symfony.com/3.4/Symfony/Component/Security/Core/Encoder/UserPasswordEncoder.html#method_isPasswordValid), the signature of the method only takes two arguments. the first one is the userobject itself and the second should be the password maybe from a form.
For further questions on this you should use stackoverflow.com or the support channel on https://symfony-devs.slack.com
remoteclient
on 22 Oct 2017
Related issues
kironet
路
4Comments
hermandinho
路
4Comments
gencer
路
4Comments
sinner
路
3Comments
philrennie
路
4Comments
Most helpful comment
This is an example using Symfony Request on Symfony 2.8
maybe this will be useful for someone else too.