Current Password always invalid #58447

danielpeci · 2024-10-03T17:05:21Z

danielpeci
Oct 3, 2024

Hey everyone,

I'm currently working on a Symfony / API Platform / React app, and I'm implementing the feature that allows users to change their passwords in the profile settings. I've developed a custom processor for password hashing (code below), and it's working well for both POST and PATCH requests.

In addition to that, I've created a custom controller to verify the user's current password before allowing the change. However, despite trying several different methods, none of them seem to be working as expected (both versions are included below).

Any insights or suggestions would be greatly appreciated!

User.php

#[ApiResource(
    operations: [
        new Get(),
        new GetCollection(),
        new Post(processor: UserPasswordHasher::class),
        new Patch(
            controller: ChangePasswordController::class,
            processor: UserPasswordHasher::class
        ),
        new Delete()
    ]
)]
class User implements UserInterface, PasswordAuthenticatedUserInterface
{

ChangePasswordController: v1
This version always returns: This value should be the user's current password

#[AsController]
class ChangePasswordController extends AbstractController
{
    public function __invoke(
        Request $request,
        UserRepository $userRepository,
        ValidatorInterface    $validator,
        UserPasswordHasherInterface $passwordHasher
    ): UserInterface|\Symfony\Component\HttpFoundation\JsonResponse|null
    {
        $user = $this->getUser();
        $oldPassword = $request->getPayload()->get('oldpassword') ?? null;

        $oldPasswordConstraint = new UserPassword();
        $errors = $validator->validate($oldPassword, $oldPasswordConstraint);

        if (count($errors) > 0) {
            $errorMessages = [];
            foreach ($errors as $error) {
                $errorMessages[] = $error->getMessage();
            }

            return $this->json([
                'errors' => $errorMessages,
            ], Response::HTTP_BAD_REQUEST);
        }

        return $user;
    }
}

ChangePasswordController: v2
Always returns Old password is incorrect

public function __invoke(
    Request $request,
    UserRepository $userRepository,
    ValidatorInterface    $validator,
    UserPasswordHasherInterface $passwordHasher
): ?UserInterface
{
    $user = $this->getUser();
    $oldPassword = $request->getPayload()->get('oldpassword') ?? null;
    dd($passwordHasher->isPasswordValid($user, $oldPassword )); //Always False


    if (!$oldPassword) {
        throw new BadRequestHttpException('Old password is required.');
    }

    if (!$passwordHasher->isPasswordValid($user, $oldPassword)) {
        throw new BadRequestHttpException('Old password is incorrect.');
    }

    return $user;
}

Processor (API Platform relevant)

    /**
     * @param User $data
     */
    public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): User
    {
        if (!$data->getPassword()) {
            return $this->processor->process($data, $operation, $uriVariables, $context);
        }

        $hashedPassword = $this->passwordHasher->hashPassword(
            $data,
            $data->getPassword()
        );
        $data->setPassword($hashedPassword);
        $data->eraseCredentials();

        return $this->processor->process($data, $operation, $uriVariables, $context);
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Current Password always invalid #58447

{{title}}

Replies: 0 comments

Select a reply

Current Password always invalid #58447

danielpeci Oct 3, 2024

Replies: 0 comments

danielpeci
Oct 3, 2024