Symfony 4.4 Can’t migrate password hash to new algorithm

I recently upgraded a symfony application to 4.4 with a MySQL database.
I followed Symfony manual instructions to migrate the passwords hash of the database (https://symfony.com/doc/4.4/security/password_migration.html)
But when I try to login an old account, I have an Invalid Credentials error, more specifically

Authentication failed because "AppSecurityLoginFormAuthenticator::checkCredentials()" did not return true.

The password hash before upgrading was done with this function

$utilisateur->setMdp(password_hash($data['p'], PASSWORD_BCRYPT)

This is my security.yaml file

security:
    encoders:
        legacy:
            algorithm: bcrypt

        AppEntityUtilisateur:
            algorithm: auto
            migrate_from:
                - legacy

the UserRepository

class UtilisateurRepository extends EntityRepository implements PasswordUpgraderInterface
{

    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
    {
        // set the new encoded password on the User object
        $user->setMdp($newEncodedPassword);

        // execute the queries on the database
        $this->getEntityManager()->flush($user);
    }
}

and LoginFormAuthenticator (symfony’s generated)

public function getCredentials(Request $request)
    {
        $credentials = [
            'email' => $request->request->get('email'),
            'password' => $request->request->get('password'),
            'csrf_token' => $request->request->get('_csrf_token'),
        ];
        $request->getSession()->set(
            Security::LAST_USERNAME,
            $credentials['email']
        );

        return $credentials


public function checkCredentials($credentials, UserInterface $user)
    {
        return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
    }

    /**
     * Used to upgrade (rehash) the user's password automatically over time.
     */
    public function getPassword($credentials): ?string
    {
        return $credentials['password'];
    }

So what am I missing??? Thanks for your help !

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *