Symfony 4.4 Can’t migrate password hash to new algorithm

I recently upgraded a symfony application to 4.4 with a MySQL database.
I followed Symfony manual instructions to migrate the passwords hash of the database (
But when I try to login an old account, I have an Invalid Credentials error, more specifically

Authentication failed because "AppSecurityLoginFormAuthenticator::checkCredentials()" did not return true.

The password hash before upgrading was done with this function

$utilisateur->setMdp(password_hash($data['p'], PASSWORD_BCRYPT)

This is my security.yaml file

            algorithm: bcrypt

            algorithm: auto
                - legacy

the UserRepository

class UtilisateurRepository extends EntityRepository implements PasswordUpgraderInterface

    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
        // set the new encoded password on the User object

        // execute the queries on the database

and LoginFormAuthenticator (symfony’s generated)

public function getCredentials(Request $request)
        $credentials = [
            'email' => $request->request->get('email'),
            'password' => $request->request->get('password'),
            'csrf_token' => $request->request->get('_csrf_token'),

        return $credentials

public function checkCredentials($credentials, UserInterface $user)
        return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);

     * Used to upgrade (rehash) the user's password automatically over time.
    public function getPassword($credentials): ?string
        return $credentials['password'];

So what am I missing??? Thanks for your help !

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *