DefaultPasswordHasher generating different hash for the same value

后端未结

关注

 1  1759

春和景丽

I have a password stored at database hashed with DefaultPasswordHasher at add action.

I have another action for change the pas

相关标签:

1条回答

抹茶落季

2020-12-10 17:59

That is the way bcrypt works. Bcrypt is a stronger password hashing algorithm that will generate different hashes for the same value depending on the current system entropy, but that is able to compare if the original string can be hashed to an already hashed password.

To solve your problem use the check() function instead of the hash() function:

 ->add('current_password', 'custom', [
        'rule' => function($value, $context){
            $user = $this->get($context['data']['id']);
            if ($user) {
                if ((new DefaultPasswordHasher)->check($value, $user->password)) {
                    return true;
                }
            }
            return false;
        },
        'message' => 'Você não confirmou a sua senha atual corretamente'

0 讨论(0)