@@ -781,12 +781,12 @@ Creating a custom Password Hasher
781781
782782If you need to create your own, it needs to follow these rules:
783783
784- #. The class must implement :class: `Symfony\\ Component\\ PasswordHasher\\ Hasher \\ UserPasswordHasherInterface `
785- (you can also extend :class: `Symfony\\ Component\\ PasswordHasher\\ Hasher \\ UserPasswordHasher ` );
784+ #. The class must implement :class: `Symfony\\ Component\\ PasswordHasher\\ PasswordHasherInterface `
785+ (you can also implement :class: `Symfony\\ Component\\ PasswordHasher\\ LegacyPasswordHasherInterface ` if your hash algorithm uses a separate salt );
786786
787787#. The implementations of
788- :method: `Symfony\\ Component\\ PasswordHasher\\ Hasher \\ UserPasswordHasherInterface::hashPassword `
789- and :method: `Symfony\\ Component\\ PasswordHasher\\ Hasher \\ UserPasswordHasherInterface::isPasswordValid `
788+ :method: `Symfony\\ Component\\ PasswordHasher\\ PasswordHasherInterface::hash `
789+ and :method: `Symfony\\ Component\\ PasswordHasher\\ PasswordHasherInterface::verify `
790790 **must validate that the password length is no longer than 4096
791791 characters. ** This is for security reasons (see `CVE-2013-5750 `_).
792792
@@ -795,31 +795,31 @@ If you need to create your own, it needs to follow these rules:
795795
796796.. code-block :: php
797797
798- // src/Security/CustomVerySecureHasher.php
799- namespace App\Security;
798+ // src/Security/Hasher/ CustomVerySecureHasher.php
799+ namespace App\Security\Hasher ;
800800
801+ use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
801802 use Symfony\Component\PasswordHasher\Hasher\CheckPasswordLengthTrait;
802- use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasher;
803- use Symfony\Component\Security\Core\Exception\BadCredentialsException;
803+ use Symfony\Component\PasswordHasher\PasswordHasherInterface;
804804
805- class CustomVerySecureHasher extends UserPasswordHasher
805+ class CustomVerySecureHasher implements PasswordHasherInterface
806806 {
807807 use CheckPasswordLengthTrait;
808808
809- public function hashPassword(UserInterface $user, string $plainPassword): string
809+ public function hash( string $plainPassword): string
810810 {
811- if ($this->isPasswordTooLong($user->getPassword() )) {
812- throw new BadCredentialsException('Invalid password.' );
811+ if ($this->isPasswordTooLong($plainPassword )) {
812+ throw new InvalidPasswordException( );
813813 }
814814
815815 // ... hash the plain password in a secure way
816816
817817 return $hashedPassword;
818818 }
819819
820- public function isPasswordValid(UserInterface $user , string $plainPassword): bool
820+ public function verify(string $hashedPassword , string $plainPassword): bool
821821 {
822- if ($ this->isPasswordTooLong($user->getPassword() )) {
822+ if ('' === $plainPassword || $ this->isPasswordTooLong($plainPassword )) {
823823 return false;
824824 }
825825
@@ -860,21 +860,21 @@ Now, define a password hasher using the ``id`` setting:
860860 <!-- ... -->
861861 <!-- id: the service ID of your custom hasher (the FQCN using the default services.yaml) -->
862862 <security : password_hasher class =" app_hasher"
863- id =" App\Security\Hasher\MyCustomPasswordHasher "
863+ id =" App\Security\Hasher\CustomVerySecureHasher "
864864 </config >
865865 </srv : container >
866866
867867code-block :: php
868868
869869 // config/packages/security.php
870- use App\Security\Hasher\MyCustomPasswordHasher ;
870+ use App\Security\Hasher\CustomVerySecureHasher ;
871871 use Symfony\Config\SecurityConfig;
872872
873873 return static function (SecurityConfig $security) {
874874 // ...
875875 $security->passwordHasher('app_hasher')
876876 // the service ID of your custom hasher (the FQCN using the default services.yaml)
877- ->id(MyCustomPasswordHasher ::class)
877+ ->id(CustomVerySecureHasher ::class)
878878 ;
879879 };
880880
0 commit comments