From ad726c1cf0e1a20910c7600ece1f0d2567f7897e Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 19 Jul 2018 20:08:59 +0200 Subject: [PATCH] Fixed the code of the custom password authenticator example --- security/custom_password_authenticator.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/security/custom_password_authenticator.rst b/security/custom_password_authenticator.rst index 2acbe5337a2..ee81bb9bf4d 100644 --- a/security/custom_password_authenticator.rst +++ b/security/custom_password_authenticator.rst @@ -34,6 +34,7 @@ the user:: use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; + use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\User\UserProviderInterface; @@ -58,7 +59,20 @@ the user:: throw new CustomUserMessageAuthenticationException('Invalid username or password'); } - $isPasswordValid = $this->encoder->isPasswordValid($user, $token->getCredentials()); + $currentUser = $token->getUser(); + + if ($currentUser instanceof UserInterface) { + if ($currentUser->getPassword() !== $user->getPassword()) { + throw new BadCredentialsException('The credentials were changed from another session.'); + } + } else { + if ('' === ($givenPassword = $token->getCredentials())) { + throw new BadCredentialsException('The given password cannot be empty.'); + } + if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $givenPassword, $user->getSalt())) { + throw new BadCredentialsException('The given password is invalid.'); + } + } if ($isPasswordValid) { $currentHour = date('G');