@@ -226,6 +226,61 @@ After configuring the correct algorithm, you can use the
226226 throw new \Exception('Bad credentials, cannot delete this user.');
227227 }
228228
229+
230+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
231+
232+ In some cases, you might define a password hasher in your configuration that is
233+ not linked to a user entity but is instead identified by a unique key.
234+ For example, you might have a separate hasher for things like password recovery
235+ codes.
236+
237+ With the following configuration:
238+
239+ .. code-block :: yaml
240+
241+ # config/packages/security.yaml
242+ security :
243+ password_hashers :
244+ recovery_code : ' auto'
245+
246+ firewalls :
247+ main :
248+ # ...
249+
250+
251+ To do this, you can't rely on standard autowiring, as Symfony wouldn't know
252+ which specific hasher to provide.
253+
254+ Instead, you can use the ``#[Target] `` attribute to request the hasher by its
255+ configuration key::
256+
257+ // src/Controller/HomepageController.php
258+ namespace App\Controller;
259+
260+ use Symfony\Component\DependencyInjection\Attribute\Target;
261+ use Symfony\Component\PasswordHasher\PasswordHasherInterface;
262+
263+ class HomepageController extends AbstractController
264+ {
265+ public function __construct(
266+ #[Target('recovery_code')]
267+ private readonly PasswordHasherInterface $passwordHasher,
268+ ) {
269+ }
270+
271+ #[Route('/')]
272+ public function index(): Response
273+ {
274+ $plaintextToken = 'some-secret-token';
275+
276+ // Note: use hash(), not hashPassword(), as we are not using a UserInterface object
277+ $hashedToken = $this->passwordHasher->hash($plaintextToken);
278+ }
279+ }
280+
281+ When injecting a specific hasher by its name, you should type-hint the generic
282+ :class: `Symfony\\ Component\\ PasswordHasher\\ PasswordHasherInterface `.
283+
229284Reset Password
230285--------------
231286
0 commit comments