Symfony – awkward Password Length violation on partial User entity update through a form containing no password field

In Symfony 5.1 project I have a form that indents to partially update User entity records (some fields except of the password and email).
The form is generated with a FormBuilder class – a sub-class that extends UserType class, with "password" removed from the builder:

class UserProfileSubType extends UserType {
public function buildForm(FormBuilderInterface $builder, array $options) {
    parent::buildForm($builder, $options);
    
    $builder->remove('email')
            ->remove('password');
}

Thanks to that the HTML form generated in Twig template does not contain "password" field.

But, the form actually fails validation due to "Password cannot be longer than 20 characters". Indeed I have this assertion in the User entity:

 * @AssertLength(
 *      max = 20,
 *      maxMessage = "Password cannot be longer than {{ limit }} characters."
 * )

The point is that a hashed password is indeed longer then 20 chars. e.g.:
$argon2id$v=19$m=65536,t=4,p=1$c21aeTNTbmsNL3dsaT3Y4RQ$E1B0bBI/SPjpIOItOFN2xs1d131YWTtDCw79n4fXJE

When, for testing purposes, I modified the length assertion to max = 100, the problem is gone (worked around) as the hashed password length is 97 chars. Nevertheless, why the form is validated against the password length at all?

Is there any way to avoid the form validation error with lower value of password max length value?

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *