Implement change password in Symfony2
Since Symfony 2.3 you can easily use UserPassword
validation constraint.
Acme\UserBundle\Form\Model\ChangePassword.php
namespace Acme\UserBundle\Form\Model;use Symfony\Component\Security\Core\Validator\Constraints as SecurityAssert;use Symfony\Component\Validator\Constraints as Assert;class ChangePassword{ /** * @SecurityAssert\UserPassword( * message = "Wrong value for your current password" * ) */ protected $oldPassword; /** * @Assert\Length( * min = 6, * minMessage = "Password should be at least 6 chars long" * ) */ protected $newPassword;}
Acme\UserBundle\Form\ChangePasswordType.php
namespace Acme\UserBundle\Form;use Symfony\Component\Form\AbstractType;use Symfony\Component\Form\FormBuilderInterface;use Symfony\Component\OptionsResolver\OptionsResolverInterface;class ChangePasswordType extends AbstractType{ public function buildForm(FormBuilderInterface $builder, array $options) { $builder->add('oldPassword', 'password'); $builder->add('newPassword', 'repeated', array( 'type' => 'password', 'invalid_message' => 'The password fields must match.', 'required' => true, 'first_options' => array('label' => 'Password'), 'second_options' => array('label' => 'Repeat Password'), )); } public function setDefaultOptions(OptionsResolverInterface $resolver) { $resolver->setDefaults(array( 'data_class' => 'Acme\UserBundle\Form\Model\ChangePassword', )); } public function getName() { return 'change_passwd'; }}
Acme\UserBundle\Controller\DemoController.php
namespace Acme\UserBundle\Controller;use Symfony\Bundle\FrameworkBundle\Controller\Controller;use Symfony\Component\HttpFoundation\Request;use Acme\UserBundle\Form\ChangePasswordType;use Acme\UserBundle\Form\Model\ChangePassword;class DemoController extends Controller{ public function changePasswdAction(Request $request) { $changePasswordModel = new ChangePassword(); $form = $this->createForm(new ChangePasswordType(), $changePasswordModel); $form->handleRequest($request); if ($form->isSubmitted() && $form->isValid()) { // perform some action, // such as encoding with MessageDigestPasswordEncoder and persist return $this->redirect($this->generateUrl('change_passwd_success')); } return $this->render('AcmeUserBundle:Demo:changePasswd.html.twig', array( 'form' => $form->createView(), )); }}
You have to either create another model with two fields:
- one for the current password;
- and the other for the new one.
Or add a non-persisted property to your user model like the FOSUserBundle does (see the plainPassword
property).
So once you checked both current and new password are valid, you encode the new password and replace the old one with it.
Just add this to your form type:
$builder->add('oldPlainPassword', \Symfony\Component\Form\Extension\Core\Type\PasswordType::class, array( 'constraints' => array( new \Symfony\Component\Security\Core\Validator\Constraints\UserPassword(), ), 'mapped' => false, 'required' => true, 'label' => 'Current Password',));