[symfony-users] Re: Security - UserProvider with Web Service - Get the password

[Filipe La Ruina]

I got the same problem.
I have to curl an service passing username and password. It will return me a 
cookie corresponding to the user session.
Any thoughts on how to do that?

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: Security - UserProvider with Web Service - Get the password

[Arturo Sevilla]

Hi,

loadUserByUsername() is not used to check the password. The password is 
checked once you get the user in memory by comparing the hashes (or 
plaintext if no encoder is used).

You will need to implement the web service so you could return the user by 
its username, and configure Symfony so that it checks the password with the 
correct hashing algorithm that is stored in the user object.

Think of loadUserByUsername() as if you were executing a SELECT * FROM User 
WHERE username = $username, and then you check that the hashes coincide 
through PHP.

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en