0

I'm doing a authentication with guard feature. Problem is than I have to put a password to my User, he don't have to know this password so I choose to generate a random password. Problem is than I'm not in a controller so I can't use UserPasswordEncoderInterface ... So I'm looking for some help here.

I give you some code :

 public function getUser($credentials, UserProviderInterface $userProvider)
{
    /**
     * @var FacebookUser $facebookUser
     */
    $facebookUser = $this->getFacebookClient()
        ->fetchUserFromToken($credentials);

    $email = $facebookUser->getEmail();

    $user = $this->em->getRepository('App:User')
        ->findOneBy(['email' => $email]);
    if (!$user) {
        $user = new User();
        $user->setEmail($facebookUser->getEmail());
        $user->setName($facebookUser->getFirstName());
        $user->setLastName($facebookUser->getLastName());
        $user->setRoles(["ROLE_USER"]);

        //TODO HASH PASSWORD

        $user->setPassword(bin2hex(random_bytes(80)));
        $this->em->persist($user);
        $this->em->flush();
    }

    return $user;
}

and the method from controller

/**
 * After going to Facebook, you're redirected back here
 * because this is the "redirect_route" you configured
 * in config/packages/knpu_oauth2_client.yaml
 * @Route("/connect/facebook/check", name="connect_facebook_check")
 *
 * @return JsonResponse|\Symfony\Component\HttpFoundation\RedirectResponse
 */
public function connectCheckAction() {
    if (!$this->getUser()) {
        return new JsonResponse(array('status' => false, 'message' => "User not found!"));
    } else {
//            $em = $this->getDoctrine()->getManager();
//
//            $user = $this->getUser();
//            $password = bin2hex(random_bytes(80));
//            $hash = $encoder->encodePassword($user, $password);
//            $user->setPassword($hash);
//
//            $em->persist($user);
//            $em->flush();

        return $this->redirectToRoute('default');
    }
}
Improve this question

2 Answers 2

Reset to default
2

You can inject EncoderFactoryInterface by constructor:

/**
 * @var EncoderFactoryInterface
 */
private $securityEncoderFactory;

public function __construct(EncoderFactoryInterface $securityEncoderFactory)
{
    $this->securityEncoderFactory = $securityEncoderFactory;
}

And then use:

$encoder = $this->securityEncoderFactory->getEncoder($user);
$encoder->encodePassword($user, $password);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can just use the PHP's function password_hash to hash your randomly generated password. See the documentation here

Improve this answer

3 Comments

Bad bad bad idea. At least in the Symfony environment. The password encoder is there for a reason. Inject it and use it.
@Cerad Why? I agree that normally injecting and using a password encoder is a better idea, but in this particular case using password_hash seems to be ok. The encoders use this function internally as well.
Except that there are a number of available options for password_hash as well as for other hashing approaches. The default options tend to change over time. With a Symfony password encoder you can be confident that the hashing won't change unless you specifically configure it to. Having password_hash buried in the bowels of your code while the rest of the system uses the encoder is just asking for long term headaches.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.