Symfony2 $ user-> setPassword()将密码更新为纯文本[DataFixtures + FOSUserBundle]

Question

我正在尝试使用一些User对象预先填充数据库,但是当我调用$user->setPassword('some-password');然后保存用户对象时,字符串'some-password'直接存储在数据库中,而不是散列+ salted密码.

我的DataFixture类:

// Acme/SecurityBundle/DataFixtures/ORM/LoadUserData.php
<?php

namespace Acme\SecurityBundle\DataFixtures\ORM;

use Doctrine\Common\DataFixtures\FixtureInterface;
use Doctrine\Common\Persistence\ObjectManager;

use Acme\SecurityBundle\Entity\User;

class LoadUserData implements FixtureInterface
{
    public function load(ObjectManager $manager)
    {
        $userAdmin = new User();
        $userAdmin->setUsername('System');
        $userAdmin->setEmail('system@example.com');
        $userAdmin->setPassword('test');

        $manager->persist($userAdmin);
        $manager->flush();
    }
}

以及相关的数据库输出:

id  username    email               salt                                password
1   System      system@example.com  3f92m2tqa2kg8cookg84s4sow80880g     test

Answer 1

由于您使用的是FOSUserBundle,因此您可以使用它UserManager来执行此操作.我会使用这段代码(假设你已经$this->container设置):

public function load(ObjectManager $manager)
{
    $userManager = $this->container->get('fos_user.user_manager');

    $userAdmin = $userManager->createUser();

    $userAdmin->setUsername('System');
    $userAdmin->setEmail('system@example.com');
    $userAdmin->setPlainPassword('test');
    $userAdmin->setEnabled(true);

    $userManager->updateUser($userAdmin, true);
}

Answer 2

请改为调用setPlainPassword.

<?php

namespace Acme\SecurityBundle\DataFixtures\ORM;

use Doctrine\Common\DataFixtures\FixtureInterface;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Doctrine\Common\Persistence\ObjectManager;

use Acme\SecurityBundle\Entity\User;

class LoadUserData implements FixtureInterface, ContainerAwareInterface
{
    private $container;

    public function setContainer(ContainerInterface $container = null)
    {
        $this->container = $container;
    }

    public function load(ObjectManager $manager)
    {

        $userAdmin = new User();

        $userAdmin->setUsername('System');
        $userAdmin->setEmail('system@example.com');            
        $userAdmin->setPlainPassword('test');
        $userAdmin->setRoles(array('ROLE_SUPER_ADMIN'));

        $manager->persist($userAdmin);
        $manager->flush();
    }
}

Answer 3

四行代码就完成了.它将为您处理一切:

        $userManager = $this->container->get('fos_user.user_manager');
        $user->setPlainPassword($password);
        $userManager->updatePassword($user);  

Answer 4

这对我有用

  public function load(ObjectManager $manager){
    $userAdmin = new User();
    $userAdmin->setUsername('admin');
    $userAdmin->setPlainPassword('admin');
    $userAdmin->setEmail('admin@gmail.com');
    $userAdmin->setEnabled(true);

    $manager->persist($userAdmin);
    $manager->flush();
  }

请注意设置密码时的区别.查询您找到的数据库

id  username    username_canonical  email              email_canonical  enabled salt                            password    
  2 admin       admin               admin@gmail.com    admin@gmail.com  1       4gm0bx6jzocgksw0wws8kck04kg40o8 m2ZyJM2+oBIzt/NZdnOX4nFvjV/SWTU1qJqe6dWZ0UwLF5gB8N...