问题描述
我有一个遗留系统,其中包含md5哈希密码。我测试了这些是正确的,他们不使用盐。
security.yml
安全性:
编码器:
命名空间\ MyBundle \Entity\User:
算法:md5
providers:
entityUsers:
entity:{class:NamespaceBundle:User,property:username}
在我的User实体中,我实现了UserInterface并确保将盐设置为空字符串。
但是我得到验证失败错误。
我尝试将security.yml切换到明文并输入哈希值,系统正常工作。
当然md5应该可以正常工作吗?
同样的问题,并不得不深入代码找出原因。
您无需创建自定义编码器。
默认,Symfony中的 MessageDigestPasswordEncoder
编码器( Symfony \Component\Security\Core\Encoder\MessageDigestPasswordEncoder
) 2.5 - 也可能是所有的Symfony 2版本 - 按照预期计算原始密码的MD5散列值,使用/不使用salt,然后将MD5再次散列多次(默认情况下为5000次Symfony 2.5)。为了让事情变得更加令人兴奋,默认情况下,编码器还会对散列进行64位编码。 这两个功能都对我造成了问题。
您可以通过禁用重新哈希和/或禁用base64编码来修复问题( security.yml
,因此:
安全性:
编码器:
命名空间\\\\\\\\\\\\\\\\\\\\\' $ p>
希望能为您节省一些时间。
I have a legacy system which contains md5 hashed passwords. I have tested these to be correct and they do not use a salt.
security.yml
security:
encoders:
Namespace\MyBundle\Entity\User:
algorithm: md5
providers:
entityUsers:
entity: { class: NamespaceBundle:User, property: username }
In my User entity I have implemented UserInterface and made sure the salt is set to the empty string.
But I get a bad credentials error when trying to authenticate.
I have tried switching security.yml to plaintext and entered the hash and the system works fine.
Surely md5 should just work?
解决方案 I was having exactly the same problem and had to dig into the code to find out why.
You don't need to create a custom encoder.
By default, the MessageDigestPasswordEncoder
encoder (Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder
) in Symfony 2.5 - and possibly all Symfony 2 releases - calculates the MD5 hash of the raw password, with/without using a salt, as expected, and then re-hashes the MD5 a number of times (5000 times, by default, in Symfony 2.5). To make things that little bit more exciting, the encoder will also base64-encode the hash, by default. Both of those features were causing problems for me.
You can fix the problem(s) by disabling the re-hashing and/or disabling the base64 encoding, in security.yml
, thus:
security:
encoders:
Namespace\Of\Your\User:
algorithm: md5
encode_as_base64: false
iterations: 0
Hope that saves you some time.
这篇关于在旧版用户的symfony2 security.yml中使用MD5的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!