5

As it can be read in the official documentation, the current procedure to manually hash a password in the Symfony framework, is the following:

use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;

public function register(UserPasswordEncoderInterface $encoder)
{
    // whatever *your* User object is
    $user = new App\Entity\User();
    $plainPassword = 'ryanpass';
    $encoded = $encoder->encodePassword($user, $plainPassword);

    $user->setPassword($encoded);
}

The encodePassword method requires an User instance to be passed as its first argument. The User instance must therefore pre-exist when the method is called: this means that a 'User' must be instantiated without a valid hashed password. I'd like the password to be provided as a constructor argument instead, so that an User entity is in a valid state when it is created.

Is there an alternative way of hashing the password using Symfony?

Improve this question

2 Answers 2

Reset to default
6

Update for Symfony 5 and later. The Encoder stuff was renamed to Hasher. The answer still works but just replace EncoderFactoryInterface with PasswordHasherFactoryInterface and change your variable names to hasher.

The UserPasswordEncoder uses what is known as an EncoderFactory to determine the exact password encoder for a given type of user. Adjust your code to:

public function register(EncoderFactoryInterface $encoderFactory)
{
    $passwordEncoder = $encoderFactory->getEncoder(User::class);
    $hashedPassword = $passwordEncoder->encodePassword($plainPassword,null);

And that should work as desired. Notice that getEncoder can take either a class instance or a class name.

Also note the need to explicitly send null for the salt. For some reason, some of the Symfony encoder classes do not have default values for salt yet.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you, It worked as expected. I think this should be included in the documentation. If it is already, could you please point me to it?
Start here: symfony.com/doc/current/components/security/… But quite a few of these sorts of details are best figured out by looking at the code itself.
It might work, but it's not the official way. This is the official way: stackoverflow.com/a/79794145/10977967
0

This is the way for Symfony 5, 6 and 7:

use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;

function hashPassword($plainText)
{
    $factory = new PasswordHasherFactory(
    [
        'common' => ['algorithm' => 'bcrypt']
    ]);
    $hasher = $factory->getPasswordHasher('common');
    return $hasher->hash($plainText);
}

Full example: https://symfony.com/doc/current/security/passwords.html#hashing-a-stand-alone-string

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.