Flag of Ukraine
SymfonyCasts stands united with the people of Ukraine
TRACK

Symfony 5 >

COURSE

Symfony 5 Security: Authenticators >

CHAPTER

Hashing Plain Passwords & PasswordCredentials

Buy Access to Course
Next Chapter

Challenge #1 of 1

Q: 

I've created a custom authenticator and need to check to make sure the user's password is correct. Here is the authenticate() method:

public function authenticate(Request $request): PassportInterface
{
    $email = $request->request->get('email');
    $password = $request->request->get('password');

    return new Passport(
        new UserBadge($email),
        new PasswordCredentials($password)
    );
}

Will this correctly validate the user's password?

a)

Yes. You pass the plain-text submitted password to PasswordCredentials and then you are guaranteed that some other process will check to make sure the password is correct (if it is not, authentication will fail).

b)

Maybe. This is correct, but if your password_hashers configuration is not correct, then nothing will validate the submitted password.

c)

No. This simply passes the plain-text password to PasswordCredentials, but it fails to actually check that it is valid!

Rewatch Video
userVoice