@@ -119,14 +119,41 @@ Upgrade the Password
119119
120120Upon successful login, the Security system checks whether a better algorithm
121121is available to hash the user's password. If it is, it'll hash the correct
122- password using the new hash. You can enable this behavior by implementing how
123- this newly hashed password should be stored:
122+ password using the new hash. If you use a Guard authenticator, you first need to
123+ `provide the original password to the Security system <Provide the Password when using Guards >`_.
124+
125+ You can enable the upgrade behavior by implementing how this newly hashed
126+ password should be stored:
124127
125128* `When using Doctrine's entity user provider <Upgrade the Password when using Doctrine >`_
126129* `When using a custom user provider <Upgrade the Password when using a custom User Provider >`_
127130
128131After this, you're done and passwords are always hashed as secure as possible!
129132
133+ Provide the Password when using Guard
134+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135+
136+ When you're using a custom :doc: `guard authenticator </security/guard_authentication >`,
137+ you need to implement :class: `Symfony\\ Component\\ Security\\ Guard\\ PasswordAuthenticatedInterface `.
138+ This interface defines a ``getPassword() `` method that returns the password
139+ for this login request. This password is used in the migration process::
140+
141+ // src/Security/CustomAuthenticator.php
142+ namespace App\Security;
143+
144+ use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
145+ // ...
146+
147+ class CustomAuthenticator extends AbstractGuardAuthenticator implements PasswordAuthenticatedInterface
148+ {
149+ // ...
150+
151+ public function getPassword($credentials): ?string
152+ {
153+ return $credentials['password'];
154+ }
155+ }
156+
130157Upgrade the Password when using Doctrine
131158~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
132159
0 commit comments