Skip to content

Commit 1327065

Browse files
committed
minor #10100 Fixed the code of the custom password authenticator example (javiereguiluz)
This PR was merged into the 2.8 branch. Discussion ---------- Fixed the code of the custom password authenticator example Fixes #4579. I used the same code given by @wouterj in #4579 (comment) Commits ------- ad726c1 Fixed the code of the custom password authenticator example
2 parents 2fdc86d + ad726c1 commit 1327065

File tree

1 file changed

+15
-1
lines changed

1 file changed

+15
-1
lines changed

security/custom_password_authenticator.rst

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ the user::
3434
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
3535
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
3636
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
37+
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
3738
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
3839
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
3940
use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -58,7 +59,20 @@ the user::
5859
throw new CustomUserMessageAuthenticationException('Invalid username or password');
5960
}
6061

61-
$isPasswordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());
62+
$currentUser = $token->getUser();
63+
64+
if ($currentUser instanceof UserInterface) {
65+
if ($currentUser->getPassword() !== $user->getPassword()) {
66+
throw new BadCredentialsException('The credentials were changed from another session.');
67+
}
68+
} else {
69+
if ('' === ($givenPassword = $token->getCredentials())) {
70+
throw new BadCredentialsException('The given password cannot be empty.');
71+
}
72+
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $givenPassword, $user->getSalt())) {
73+
throw new BadCredentialsException('The given password is invalid.');
74+
}
75+
}
6276

6377
if ($isPasswordValid) {
6478
$currentHour = date('G');

0 commit comments

Comments
 (0)