1
votes

i am using symfony 2 to build a web platform for my company. Recently, i have changed the validation rule inside my User entity by adding the following code:

/**
* @Assert\Regex(
*     pattern="/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,127}$/",
*     message="edit.personnal_info.udpate.message.password_info_regex",
*     groups={"registration"}
* )
*/
protected $plainPassword;

After this change, all my old created users can't login anymore. Just new users, with valid password can get connected.

I don't want to change all old passwords. So, if there is a way to skip validation rules while login, it will be OK.

Ps: i'm using FOSUserBundle.

1
You will need to specify the validation group to use while logging in: symfony.com/doc/current/form/validation_groups.html Gave up using FOSUserBundle a long time ago so I cannot provide more details. - Cerad
Are you sure you only changed the validation rule for registration? This rule has nothing to login. - Kamil Adryjanek
Yes @KamilAdryjanek, i'm sure because it works when i remove the Assert annotation - Jemmoudi
Ok, wchich version of FOSUserBundle are you using? - Kamil Adryjanek

1 Answers

0
votes

Solution if your issue is that old users used shorter passwords and you want to support them until next password change

Instead of adding this constrain to entity you could add it to your registration and change password forms

public function buildForm(FormBuilderInterface $builder, array $options)
{
    $builder
        ->add('plainPassword', PasswordType::class, [
            'constraints' => [
                new Regex([
                    'pattern' => '/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,127}$/'
                ]),
                new NotBlank()
            ]
        ]);
}

this way you can enforce new password policy for new users without breaking logic for old users.