Implement change password in Symfony2

Since Symfony 2.3 you can easily use UserPassword validation constraint.

Acme\UserBundle\Form\Model\ChangePassword.php

namespace Acme\UserBundle\Form\Model;use Symfony\Component\Security\Core\Validator\Constraints as SecurityAssert;use Symfony\Component\Validator\Constraints as Assert;class ChangePassword{    /**     * @SecurityAssert\UserPassword(     *     message = "Wrong value for your current password"     * )     */     protected $oldPassword;    /**     * @Assert\Length(     *     min = 6,     *     minMessage = "Password should be at least 6 chars long"     * )     */     protected $newPassword;}

Acme\UserBundle\Form\ChangePasswordType.php

namespace Acme\UserBundle\Form;use Symfony\Component\Form\AbstractType;use Symfony\Component\Form\FormBuilderInterface;use Symfony\Component\OptionsResolver\OptionsResolverInterface;class ChangePasswordType extends AbstractType{    public function buildForm(FormBuilderInterface $builder, array $options)    {        $builder->add('oldPassword', 'password');        $builder->add('newPassword', 'repeated', array(            'type' => 'password',            'invalid_message' => 'The password fields must match.',            'required' => true,            'first_options'  => array('label' => 'Password'),            'second_options' => array('label' => 'Repeat Password'),        ));    }    public function setDefaultOptions(OptionsResolverInterface $resolver)    {        $resolver->setDefaults(array(            'data_class' => 'Acme\UserBundle\Form\Model\ChangePassword',        ));    }    public function getName()    {        return 'change_passwd';    }}

Acme\UserBundle\Controller\DemoController.php

namespace Acme\UserBundle\Controller;use Symfony\Bundle\FrameworkBundle\Controller\Controller;use Symfony\Component\HttpFoundation\Request;use Acme\UserBundle\Form\ChangePasswordType;use Acme\UserBundle\Form\Model\ChangePassword;class DemoController extends Controller{    public function changePasswdAction(Request $request)    {      $changePasswordModel = new ChangePassword();      $form = $this->createForm(new ChangePasswordType(), $changePasswordModel);      $form->handleRequest($request);      if ($form->isSubmitted() && $form->isValid()) {          // perform some action,          // such as encoding with MessageDigestPasswordEncoder and persist          return $this->redirect($this->generateUrl('change_passwd_success'));      }      return $this->render('AcmeUserBundle:Demo:changePasswd.html.twig', array(          'form' => $form->createView(),      ));          }}

You have to either create another model with two fields:

• one for the current password;
• and the other for the new one.

Or add a non-persisted property to your user model like the FOSUserBundle does (see the plainPassword property).

So once you checked both current and new password are valid, you encode the new password and replace the old one with it.

Just add this to your form type:

$builder->add('oldPlainPassword', \Symfony\Component\Form\Extension\Core\Type\PasswordType::class, array(    'constraints' => array(        new \Symfony\Component\Security\Core\Validator\Constraints\UserPassword(),    ),    'mapped' => false,    'required' => true,    'label' => 'Current Password',));