FOSUserBundle强迫用户写一个不同的密码[英] FOSUserBundle force user to write a different password

本文是小编为大家收集整理的关于FOSUserBundle强迫用户写一个不同的密码的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我的应用程序在Symfony2.0上使用FosuserBundle运行. 连接应用程序的用户每3个月必须更改密码,它就位并且正在工作.

今天,如果用户以新密码与上一张密码相同,则每3个月都没有验证,他可以再使用3个月.

我想在密码重置上添加一个约束,并迫使用户提供与上一个密码不同的密码. 我不知道该怎么做.我试图创建一个验证器,但我在验证器中没有用户ID ...

有任何线索?

推荐答案

我找到了一个解决方案,它正在工作,但我仍然有一个小问题:当我提交新密码时,如果我尝试将密码与上一张密码放置相同的密码,我的表单是无效的(这太好了! ),但是错误消息未显示我的树枝,而我正在使用:

{{ form_widget(edit_form) }}

任何想法为什么?

无论如何,这是我的解决方案:

我在类级别上添加了一个验证器来验证密码.为此,我在用户类上添加了一个验证器:

// \src\Acme\UserBundle\Resources\config\validation.xml
<class name="Acme\UserBundle\Entity\User">
    <constraint name="Acme\UserBundle\Validator\Constraints\IsDifferentPassword">
        <option name="message">Password has to be different from the previous one</option>
    </constraint>
    <property name="plainPassword">
        <constraint name="NotBlank">
            <option name="message">fos_user.password.blank</option>
        </constraint>
    </property>
</class>

我在类级别创建了一个验证器:

// \src\Acme\UserBundle\Validator\Constraints\IsDifferentPassword.php

namespace Acme\UserBundle\Validator\Constraints;

use Symfony\Component\Validator\Constraint;

/**
 * @Annotation
 */
class IsDifferentPassword extends Constraint
{
    public $message = 'Password has to be different from the previous one';

    public function getTargets()
    {
        return Constraint::CLASS_CONSTRAINT;
    }
}

和:

// \src\Acme\UserBundle\Validator\Constraints\IsDifferentPasswordValidator.php

namespace Acme\UserBundle\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;

class IsDifferentPasswordValidator extends ConstraintValidator
{
    public function isValid($value, Constraint $constraint)
    {
        $encoder = new MessageDigestPasswordEncoder();
        $password = $encoder->encodePassword($value->getPlainPassword(), $value->getSalt());
        $oldPassword = $value->getPassword();
        if($password == $oldPassword){
            return false;
        }
        return true;
    }
}

其他推荐答案

我在Symfony 3.4上也有同样的问题.我解决了( symfony doc )/p>

    if ($password == $oldPassword) {
        $this->context->buildViolation($constraint->message)
            ->atPath('current_password')
            ->addViolation();
    }

其中

atpath()方法定义了验证错误是的属性 与.使用任何有效的属性语法来定义 属性.

并切割"返回true"; iSvalid函数末尾的行.

另一个区别是我使用validate()函数,而不是您的iSvalid()

本文地址:https://www.itbaoku.cn/post/2090818.html

问题描述

I have an application running on Symfony2.0 with FOSUSerBundle. Every 3 months a user who connect the application have to change its password, it's in place and it's working.

Today every 3 months if the user write as new password the same as the previous one there is no verification and he can use it 3 more months.

I would like to add a constraints on the password reset and force the user to give a different password from the previous one. I have no idea how to do this. I tried to create a validator but i don't have my user ID in the validator...

Any clue?

推荐答案

I found a solution, It's working but I still have a small issue : when i submit my new password, if i try to put the same password as the previous one, my form is not valid (that's great !), but the error message is not shown by my twig whereas I'm using :

{{ form_widget(edit_form) }}

Any idea why?

Anyway here is my solution :

I added a validator on the class level to verify the password. To do so, i added a validator on my User class :

// \src\Acme\UserBundle\Resources\config\validation.xml
<class name="Acme\UserBundle\Entity\User">
    <constraint name="Acme\UserBundle\Validator\Constraints\IsDifferentPassword">
        <option name="message">Password has to be different from the previous one</option>
    </constraint>
    <property name="plainPassword">
        <constraint name="NotBlank">
            <option name="message">fos_user.password.blank</option>
        </constraint>
    </property>
</class>

And i created a validator on the class level :

// \src\Acme\UserBundle\Validator\Constraints\IsDifferentPassword.php

namespace Acme\UserBundle\Validator\Constraints;

use Symfony\Component\Validator\Constraint;

/**
 * @Annotation
 */
class IsDifferentPassword extends Constraint
{
    public $message = 'Password has to be different from the previous one';

    public function getTargets()
    {
        return Constraint::CLASS_CONSTRAINT;
    }
}

And :

// \src\Acme\UserBundle\Validator\Constraints\IsDifferentPasswordValidator.php

namespace Acme\UserBundle\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;

class IsDifferentPasswordValidator extends ConstraintValidator
{
    public function isValid($value, Constraint $constraint)
    {
        $encoder = new MessageDigestPasswordEncoder();
        $password = $encoder->encodePassword($value->getPlainPassword(), $value->getSalt());
        $oldPassword = $value->getPassword();
        if($password == $oldPassword){
            return false;
        }
        return true;
    }
}

其他推荐答案

I had the same problem with symfony 3.4. I solved (symfony doc) replacing your "return false" with this:

    if ($password == $oldPassword) {
        $this->context->buildViolation($constraint->message)
            ->atPath('current_password')
            ->addViolation();
    }

where

The atPath() method defines the property which the validation error is associated to. Use any valid PropertyAccess syntax to define that property.

and cutting the "return true;" row at the end of your isValid function.

Another difference is that I used validate() function instead of your isValid()