Symfony2 $user->setPassword() updates password as plain text [DataFixtures + FOSUserBundle]

php doctrine symfony fosuserbundle

39,031

Solution 1

Since you are using FOSUserBundle, you can use UserManager to do this. I would use this code (assuming you have $this->container set):

public function load(ObjectManager $manager)
{
    $userManager = $this->container->get('fos_user.user_manager');

    $userAdmin = $userManager->createUser();

    $userAdmin->setUsername('System');
    $userAdmin->setEmail('[email protected]');
    $userAdmin->setPlainPassword('test');
    $userAdmin->setEnabled(true);

    $userManager->updateUser($userAdmin, true);
}

Solution 2

Call setPlainPassword instead.

<?php

namespace Acme\SecurityBundle\DataFixtures\ORM;

use Doctrine\Common\DataFixtures\FixtureInterface;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Doctrine\Common\Persistence\ObjectManager;

use Acme\SecurityBundle\Entity\User;

class LoadUserData implements FixtureInterface, ContainerAwareInterface
{
    private $container;

    public function setContainer(ContainerInterface $container = null)
    {
        $this->container = $container;
    }

    public function load(ObjectManager $manager)
    {

        $userAdmin = new User();

        $userAdmin->setUsername('System');
        $userAdmin->setEmail('[email protected]');            
        $userAdmin->setPlainPassword('test');
        $userAdmin->setRoles(array('ROLE_SUPER_ADMIN'));

        $manager->persist($userAdmin);
        $manager->flush();
    }
}

Solution 3

Four lines of code and you are done. It will handle everything for you:

        $userManager = $this->container->get('fos_user.user_manager');
        $user->setPlainPassword($password);
        $userManager->updatePassword($user);

Solution 4

This worked for me

  public function load(ObjectManager $manager){
    $userAdmin = new User();
    $userAdmin->setUsername('admin');
    $userAdmin->setPlainPassword('admin');
    $userAdmin->setEmail('[email protected]');
    $userAdmin->setEnabled(true);

    $manager->persist($userAdmin);
    $manager->flush();
  }

Note the difference when setting the password. Querying the database you find

id  username    username_canonical  email              email_canonical  enabled salt                            password    
  2 admin       admin               [email protected]    [email protected]  1       4gm0bx6jzocgksw0wws8kck04kg40o8 m2ZyJM2+oBIzt/NZdnOX4nFvjV/SWTU1qJqe6dWZ0UwLF5gB8N...

Solution 5

$userAdmin->setUsername('System');
$userAdmin->setEmail('[email protected]');
$userAdmin->setPlainPassword('test');
$userAdmin->setEnabled(true);

setPlainPassword works for me.

View more solutions

39,031

Rodney Folz

Updated on December 22, 2020

Comments

Rodney Folz over 3 years

I'm trying to pre-populate a database with some User objects, but when I call $user->setPassword('some-password'); and then save the user object, the string 'some-password' is stored directly in the database, instead of the hashed+salted password.

My DataFixture class:

// Acme/SecurityBundle/DataFixtures/ORM/LoadUserData.php
<?php

namespace Acme\SecurityBundle\DataFixtures\ORM;

use Doctrine\Common\DataFixtures\FixtureInterface;
use Doctrine\Common\Persistence\ObjectManager;

use Acme\SecurityBundle\Entity\User;

class LoadUserData implements FixtureInterface
{
    public function load(ObjectManager $manager)
    {
        $userAdmin = new User();
        $userAdmin->setUsername('System');
        $userAdmin->setEmail('[email protected]');
        $userAdmin->setPassword('test');

        $manager->persist($userAdmin);
        $manager->flush();
    }
}

And the relevant database output:

id  username    email               salt                                password
1   System      [email protected]  3f92m2tqa2kg8cookg84s4sow80880g     test

Rodney Folz over 12 years

Thanks for the UserManager tip!
JavierIEH over 11 years

I cant call the "get" method on "this" object when I try to build the fixtures onto the DB: PHP Fatal error: Call to undefined method [...]/UserFixtures::get()
nealio82 over 11 years

@JavierIEH You need to implement ContainerAwareInterface and ContainerInterface in your fixtures class. See 'using the container in the fixtures' here: raw.github.com/doctrine/DoctrineFixturesBundle/master/Resour‌ces/…. Anton Babenko, can you modify your answer to show this please?
Anton Babenko over 11 years

I believe this is what @RodneyFolz has described in his answer already.
thorinkor about 11 years

This is NOT an answer to YOUR QUESTION - it's just a workaround by using the FOSUserBundle. The correct answer is written down under by Rodney Folz...
Ascherer almost 11 years

not so fast @thorinkor. There is a tag for FOSUserBundle, it would appear that this IS in fact an answer for HIS question. Nor is this a workaround, but the actual suggested solution.
Athlan almost 10 years

Please watch out while updating. Then the user manager is usefull. stackoverflow.com/a/9200996/1815881
Athlan almost 10 years

Please watch out while updating. Then the user manager is usefull. stackoverflow.com/a/9200996/1815881
Alireza almost 8 years

I had the problem with updating password field during reset password and your solution just fixed it, thanks