first commit

bundles/KupShop/UserBundle/EventSubscriber/RehashLegacyPasswordSubscriber.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace KupShop\UserBundle\EventSubscriber;
+
+use KupShop\UserBundle\Security\User;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\EventDispatcher\GenericEvent;
+use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
+use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
+use Symfony\Component\Security\Http\SecurityEvents;
+
+class RehashLegacyPasswordSubscriber implements EventSubscriberInterface
+{
+    use \DatabaseCommunication;
+
+    /** @var string */
+    private $rawPasswordForRehash;
+
+    public function __construct(private PasswordHasherFactoryInterface $hasherFactory)
+    {
+    }
+
+    /**
+     * @return array The event names to listen to
+     */
+    public static function getSubscribedEvents()
+    {
+        return [
+            'kupshop.legacy_user_password' => 'storePasswordForRehash',
+            SecurityEvents::INTERACTIVE_LOGIN => [
+                ['handleRehash', 300],
+            ],
+        ];
+    }
+
+    public function storePasswordForRehash(GenericEvent $rawPassword)
+    {
+        $this->rawPasswordForRehash = $rawPassword->getSubject();
+    }
+
+    public function handleRehash(InteractiveLoginEvent $event)
+    {
+        // this method will be triggered after each login, continue only if there is a legacy password
+        if (!$this->rawPasswordForRehash) {
+            return;
+        }
+
+        // get the logged in user
+        /** @var $user User */
+        $user = $event->getAuthenticationToken()->getUser();
+
+        // load a correct password encoder
+        $encoder = $this->hasherFactory->getPasswordHasher($user);
+
+        // rehash
+        $newPassword = $encoder->hash($this->rawPasswordForRehash);
+
+        $this->updateSQL('users', ['passw' => $newPassword], ['id' => $user->getID()]);
+    }
+}