Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

FOSUserBundle password validation

I'm attempting to override the current validation for passwords in FOSUserBundle. I've tried a few options, but I still can't find the solution.

To increase the password's MinLength, I created a validation.yml with:

# src/Acme/UserBundle/Resources/config/validation.yml
Acme\UserBundle\Entity\User:
    properties:
        username:
            - MinLength: { limit: 3, message: "Your username must have at least {{ limit }} characters." }
            - MaxLength: { limit: 255, message: "The username is too long" }
            - NotBlank: { message: "Please enter a username"}       

        plainPassword:
            - NotBlank: { message: "Please enter a password"}
            - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups [Registration,Profile]}
                - MaxLength: { limit: 255, message: "The password is too long" }

Acme\UserBundle\Form\Model\ChangePassword:
  properties:  
      new:
          - NotBlank: { message: "Please enter a new password", groups [ChangePassword]}
          - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups [ChangePassword]}
          - MaxLength: { limit: 255, message: "The password is too long", groups [ChangePassword]}  

Acme\UserBundle\Form\Model\ResetPassword:
        new:
            - NotBlank: { message: "Please enter a new password", groups [ResetPassword]}
            - MinLength: { limit: 8, message: "Your new password must have at least {{ limit }} characters.", groups [ResetPassword]}
            - MaxLength: { limit: 255, message: "The new password is too long", groups [ResetPassword]}

This is working for me fine on /register, but on /change-password the default min length validation from FOSUserBundle is taking ownership.

To state my question more clearly, what is the correct way to set the MinLength for the password in FOSUserBundle to ensure it's validated everywhere?

In addition, what's the correct approach with FOSUserBundle to verify within ChangePassword that oldpassword != newpassword?

like image 838
MadManMonty Avatar asked Feb 08 '12 23:02

MadManMonty


2 Answers

validation.yml should be in the same bundle that overwrites the FOS user entity

Instead of Acme you should use FOS and you should only need one validation set.

# src/Acme/UserBundle/Resources/config/validation.yml
FOS\UserBundle\Model\User:
   properties:
      username:
        - MinLength: { limit: 3, message: "Your username must have at least {{ limit }} characters." }
        - MaxLength: { limit: 255, message: "The username is too long" }
        - NotBlank: { message: "Please enter a username"}       

      plainPassword:
        - NotBlank: { message: "Please enter a password", groups:[Registration, ResetPassword, ChangePassword] }
        - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups:[Registration, ResetPassword, ChangePassword] }
        - MaxLength: { limit: 255, message: "The password is too long", groups:[Registration, ResetPassword, ChangePassword] }

When in trouble, go to the source: https://github.com/FriendsOfSymfony/FOSUserBundle/issues/987

like image 138
pfisher Avatar answered Nov 02 '22 11:11

pfisher


You can use the Validation Groups

http://symfony.com/doc/2.0/book/validation.html#validation-groups

like image 33
anthofremion Avatar answered Nov 02 '22 10:11

anthofremion