2

I have to do a migration of users from an old database where the passwords are stored in MD5, while in the new application using SHA512.

My purpose is that the old users on first login in the new application must change the password but this implies you can load these users from the database with the password in MD5.

How this can be done using Symfony 2.3.3 + FOSUserBundle?

Angelo Giuffredi
  • 923
  • 3
  • 13
  • 26
  • You can read [How to create custom password encoder](http://stackoverflow.com/a/8775270/1607098) - As a side note, I don't advise you to use `sha512` for password encoding. You may want to read [How to use Bcrypt to encode password](http://stackoverflow.com/a/17073604/1607098) or its [compatibility library](https://github.com/ircmaxell/password_compat) – Touki Sep 03 '13 at 14:15
  • Is possible to load users from the same database discriminating by the type (new / old) and comparing passwords with different encodings? – Angelo Giuffredi Sep 03 '13 at 14:29
  • Just encode all your `md5` passwords present in your database. On user input, `password_verify($raw)`, if it doesn't match, try with a `password_verify(md5($raw))`. If it does, update the matching line with `password_hash($raw)` – Touki Sep 03 '13 at 14:32
  • I'm using FOSUserBundle, in which controller or class intercept the loading of users from the database? – Angelo Giuffredi Sep 03 '13 at 14:35

3 Answers3

3

You could create custom password encoder. For example:

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: { id: my_password_encoder }

Then register that service:

services:
    my_password_encoder:
        class: MyProject\DefaultBundle\Security\PasswordEncoder

and create service with following:

use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;

class PasswordEncoder extends BasePasswordEncoder
{
    public function encodePassword($raw, $salt)
    {
        return md5($raw);
    }

    public function isPasswordValid($encoded, $raw, $salt)
    {
        return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
    }
}
predic
  • 31
  • 2
0

You can add a field in the user table that say if the encoding of each user is md5 or sha512.

ybert
  • 852
  • 10
  • 18
0

You should be able to let users login as long as you set the encoder to md5 instead of sha512 in your security.yml file.

Also you probably will be using :

FOS\UserBundle\Doctrine\UserManager;
Symfony\Component\Security\Core\Encoder\EncoderFactory;

to load the users.

kratos
  • 2,465
  • 2
  • 27
  • 45