Development

#5799 (sfDoctrineGuardUser doctrine:build-all-reload hashes sfGuardUsers passwords twice)

You must first sign up to be able to contribute.

Ticket #5799 (closed defect: wontfix)

Opened 2 years ago

Last modified 1 year ago

sfDoctrineGuardUser doctrine:build-all-reload hashes sfGuardUsers passwords twice

Reported by: wowo Assigned to: Jonathan.Wage
Priority: minor Milestone:
Component: sfDoctrineGuardPlugin Version: 1.2.5
Keywords: data-dump, data-load, double hashed passwords Cc:
Qualification: Unreviewed

Description

When I create database dump 

symfony doctrine:data-dump frontend data.yml

it dumps hashed passwords into users records in the data/fixtures/data.yml file. But when I'm loading this into db again 

symfony doctrine:build-all-reload frontend --force

it hashes users password second time, during load, so those passwords are useless. When passwords in the dump file are in the plain text, everything goes okay, and I can login with this password to the backend.

I'm using symfony 1.1.4 on PHP 5.2.5 (Ubuntu 8.10), and latest sfDoctrineGuardUser from SVN

Change History

02/05/09 15:22:59 changed by wowo

  • version changed from 1.2.4 to 1.1.4.

02/13/09 13:48:58 changed by wowo

  • version changed from 1.1.4 to 1.2.4.

In symfony 1.2.4 I've got the same issue

02/26/09 21:26:03 changed by Jonathan.Wage

  • status changed from new to closed.
  • resolution set to invalid.

This is expected. The dumping of data goes through the orm, and the importing goes through the orm. So since the orm can alter data on the way in and out of the orm this is expected. The dump feature is not meant to be a backup/import tool. It is only meant for you to generate from existing data in the database and then hand maintain after that.

04/15/09 11:13:18 changed by tmarly

  • status changed from closed to reopened.
  • version changed from 1.2.4 to 1.2.5.
  • resolution deleted.

Well, I disagree with this conception and statement (no offense :)

If the loaded data will not be the same as the one that have been dumped in the fixture, it can be dangerous, we will never know if we can use fixtures or not.

To me, the solution is quiet obvious: the PluginsfGuardUser?->setPassword() should not make any encryption. The encryption should be done in another method (like encryptPassword()), then the result be passed to the regular setter setPassword().

04/15/09 14:59:34 changed by Jonathan.Wage

  • status changed from reopened to closed.
  • resolution set to invalid.

Dumping data and then re-importing is not what the data fixtures tool are for. The dump exists to help you get started. So the idea is you generate them and then modify/tweak them to be what you want. Then you use those fixtures to populate your project with test data. It is not a backup and restore tool.

05/19/09 17:05:21 changed by Jorge Pereira

  • status changed from closed to reopened.
  • resolution deleted.

Hi,

I see you state that "this is not a backup and restore tool", and I can't help but wonder, why not? If it's a useful method to make a backup, why shouldn't it? Bear in mind that people don't always use things as they were meant to, which should actually be seen as a compliment! :)

Again, if you can't reload a dump file, what's the point in there being a dump feature?

I'm guessing you don't meant to literally have "dump" features (pun intended) :), so can you please can consider improving this so that it's actually a bit more useful?

05/19/09 17:13:04 changed by Jonathan.Wage

  • status changed from reopened to closed.
  • resolution set to wontfix.

Because you need to use your dbms to do backup and restores. Not through yaml and Doctrine objects. Doing a backup and restore of a database through this would be so incredible slow it would be impossible to work with. Anyways, the dump feature is meant solely to help you get started with writing your data fixtures for your project.

Backup and restores are too important to use an abstraction layer. You need to use your dbms function for backup and restores.

05/19/09 17:25:44 changed by Jorge Pereira

You're right, and I didn't meant to imply "propper" backup/restore. It's just that while you're developing and need to dump test data across developers the fixtures are a really nice way to do so. And it's a pain that on every dump/restore the logins stop working.

Very quick fix (don't kick me please)

file: lib/model/doctrine/sfDoctrineGuardPlugin/sfGuardUser.class.php 

class sfGuardUser extends PluginsfGuardUser
{
  public function setPassword($password)
  {
    if (strlen($password) == 40)
    {
      return $this->_set('password', $password);
    }

    return parent::setPassword($password);
  }
}

The Sensio Labs Network

Since 1998, Sensio Labs has been promoting the Open-Source software movement by providing quality web application development, training, consulting.
Sensio Labs also supports several large Open-Source projects.

Open-Source Products

Services

> More