Sf Guard Password Bundle Laravel Package

Getting Started

Minimal Setup

1. Installation Add the bundle to your composer.json:

   composer require easytek/sf-guard-password-bundle
   

   Register the bundle in config/bundles.php:

   return [
       // ...
       Easytek\SfGuardPasswordBundle\EasytekSfGuardPasswordBundle::class => ['all' => true],
   ];
   

2. Configuration Add the encoder to your config/packages/security.yaml:

   security:
       encoders:
           Symfony\Component\Security\Core\User\User:
               algorithm: sf_guard_password
   

3. First Use Case Migrate existing sfGuardUser passwords from a Symfony 1.x app:

   use Easytek\SfGuardPasswordBundle\Encoder\SfGuardPasswordEncoder;
   
   $encoder = new SfGuardPasswordEncoder();
   $hashedPassword = $encoder->encodePassword('plain_password', $user->getSalt());
   

Implementation Patterns

Password Migration Workflow

1. Extract Data Fetch sfGuardUser records from your old database (e.g., via Doctrine or raw SQL):

   $users = $entityManager->getRepository(User::class)->findAll();
   

2. Transform & Store Re-hash passwords and update the new user entity:

   foreach ($users as $user) {
       $user->setPassword($encoder->encodePassword($user->getPlainPassword(), $user->getSalt()));
       $entityManager->flush();
   }
   

3. Security Integration Use the encoder in your UserProvider:

   public function loadUserByUsername($username) {
       $user = $this->findUser($username);
       if (!$user) {
           throw new UsernameNotFoundException();
       }
       return $user;
   }
   

Legacy System Integration

• Hybrid Auth: Use the encoder for legacy auth while gradually migrating to Symfony’s native security.
• API Gateways: Decouple auth logic by reusing sfGuard hashes in a stateless API.

Gotchas and Tips

Pitfalls

1. Algorithm Mismatch The bundle only supports sfGuard’s legacy hashing (not Symfony’s native algorithms). Avoid mixing encoders.

2. Salt Handling sfGuard uses a fixed-length salt (32 chars). Ensure your User entity includes:

   /**
    * @ORM\Column(type="string", length=32)
    */
   private $salt;
   

3. Deprecated Dependencies The bundle relies on Symfony 2.3–2.7 components. Test thoroughly if using newer Symfony versions.

Debugging Tips

• Verify Hashes Compare old/new hashes manually:

  $oldHash = 'sfGuard:hashed:password';
  $newHash = $encoder->encodePassword('plain', $user->getSalt());
  var_dump(hash_equals($oldHash, $newHash)); // Should be true
  

• Log Migration Issues Track failed migrations:

  try {
      $encoder->encodePassword($plain, $salt);
  } catch (\Exception $e) {
      \Log::error("Migration failed for user {$user->id}: " . $e->getMessage());
  }
  

Extension Points

1. Custom Encoder Extend the encoder for additional logic:

   class CustomSfGuardEncoder extends SfGuardPasswordEncoder {
       public function encodePassword($raw, $salt) {
           $hash = parent::encodePassword($raw, $salt);
           return 'custom_prefix:' . $hash;
       }
   }
   

2. Batch Processing Use Symfony’s Messenger component to queue migrations for large datasets:

   $message = new MigrateUserPasswordMessage($user->id, $user->getPlainPassword(), $user->getSalt());
   $bus->dispatch($message);