/** * {@inheritdoc} */ protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token) { if (!($presentedPassword = (string) $token->getCredentials())) { throw new BadCredentialsException('Bad credentials'); } if (!$this->passwordEncoder->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) { throw new BadCredentialsException('Bad credentials'); } }
/** * {@inheritdoc} */ protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token) { $user = $token->getUser(); if ($user instanceof AccountInterface) { if ($account->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!($presentedPassword = (string) $token->getCredentials())) { throw new BadCredentialsException('Bad credentials'); } if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) { throw new BadCredentialsException('Bad credentials'); } } }
public function testEraseCredentials() { $token = new UsernamePasswordToken('foo', 'bar'); $token->eraseCredentials(); $this->assertEquals('', $token->getCredentials()); }