Scroll down to the script below, click on any sentence (including terminal blocks!) to jump to that spot in the video!Cool, got it! Show me the script!
This Chapter isn't quite ready yet
Rest assured, the gnomes are hard at work on completing this video
Let's keep things simple. In the beginning we allowed us to log in with any password are you just were not actually checking the user's password yet and in fact in the database, if you look at your user class, our users don't have a password yet. I just have id, email roles and first name. So let's finally add a password for our users. How do you terminal or a been consult, make entity. We're going to update the user and add a new field called password. Well, it'd be string to 55. Doesn't need to be that long, but that's fine. And can it be known? The database, we'll say no, we'll make our. All of our users will have passwords and that's it. No, it's an updated user dot php, but it did not generate the gip password method because we already had that before. We'll check that out in a second, but first run had been council make colon migration.
We'll move over
looking, looking the migrations directory, open that up and yes, this looks perfect. Alter table, user ad password, close that loop. Go back and run bin Console doctrine. Migrations migrate.
So when the user class, we now have a password field and all the way at the bottom we have these set password method. Let me get password method. We already had this from before for when we implemented user interface and so far it's just been blank because our users haven't needed a password. So now we will return this Arrow password. Now just to be clear, password here is not going to be the plain text password. This will be a salted and encoded password that we store in the database. In fact, this method below get salt. The whole purpose. Whenever you salt and Hash a password, you actually need to store two things in the database. You need to install the encoded password and you also need to install save the salt, the, uh,
the salt value that was used to encode the password. Now in reality, back in before we used to put these in two different columns, you have to have a password column and then we'd have a salt column. Fortunately, most modern encoders don't need assault because they store it right inside of the encoded password. The point is I'm going to keep get soft blank, say not needed when using the crypt or are gone. These are the. These are the names of two and court encoders and you are going to use one of these two encoders, so leave gets soft blank. Now it's tail symphony, which encoding algorithm you're going to use. You're going to go back to security. That Yam on Adam. One more key here called encoders below. That will put the name of our user class, APP, entity user, and below that you're going to an algorithm and set this to be crypt.
Actually, there's two options here. There's B crypt and there's another one called Argon to to I. The Argon to I encoder is actually a little bit more secure than the secret algorithm. However, you need to have php seven point two in order for this to be available. There's also another. There's also, there are ways to install it. I'm on versions below seven point two and if you really, if you need extra security, I recommend looking at the Argon to encoder and making it work, but if you can't be crypt should work just fine. There was one other config below that so you might want to look into and that's called cost. If you have a high security system and you might want to set this cost to a higher number, you can do some research until what that means for your application. So thanks to this config symphony is now going to be able to encrypt plain text passwords like when we are creating a new user and also check whether a submitted password is valid like when a user logs in. So the first thing we need to do is in that fixture is user fixture. We now need to give all of our users a password
to encode the password. Simply has no surprise is a service. To do this, move over and run bin Console, debug auto wiring.
I'll search this for password and Yep, there we go. One match password in co, user password encoder interface. This is what you'll use to encrypt and check passwords in your fixture file use, add a constructor. Then type in a user password encoder interface. I'll retype the and hit tab to autocomplete Anant Avenue statement. I'll call this password encoder. Hit enter initialize fields to create that property and set it. Then down below. Super easy user aerosept password, but we're not setting the plain text password here. We're gonna. Say this Arrow Password, encoder Arrow encode password. This has two arguments. You need to pass it the user object, so I'll pass it user and the password that you want to encode will make all of our passwords the same, which will be engaged, engaged. The reason we need to pass the user object as the first argument is that the password and connor will use that to figure out what algorithm we're using behind the scenes. All right, let's try that. Move over and let reload your fixtures with bin Console doctrine fixtures load, yes, and you might notice your user fixture takes a little bit longer began because it actually takes some time to encode the password. When I finished this run bin Console doctrine query sql, select star from user. Oh, awesome. Cool. Check this out.
Good. Now see the encoded password on every field. Like I mentioned, the salt is actually contained right inside that string are. The last step is that inside of our login form authenticator in check credentials, we actually need to check if the password is valid and this is really easy because we already know the name of the service which is responsive for encoding and check and passwords user password encoder interface on your constructor. Add one more argument user password encoder interface. We call this password encoder. Then I'll hit enter to initialize that field and then down at the bottom background check credentials or return this arrow. This Arrow Password encoder Arrow is password valid. In this, we're going to pass to the user object again and the raw password in. Remember we're storing the wrong password on a password key of our credentials, so we'll pass this credentials password. Perfect. Alright, let's try guys move over and once again all this put food is the password and this time it fails. Yes, try engage as the password and it works. Nailed it.