ed58a402b0
- Add non-persisted plainPassword field to User entity (write-only via API) - Remove direct write access to password field - Update UserPasswordHasherProcessor to hash from plainPassword - Update frontend DTO and UserDrawer component Ticket: T-009 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
42 lines
1.2 KiB
PHP
42 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\State;
|
|
|
|
use ApiPlatform\Metadata\Operation;
|
|
use ApiPlatform\State\ProcessorInterface;
|
|
use App\Entity\User;
|
|
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
|
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
|
|
|
/**
|
|
* @implements ProcessorInterface<User, User>
|
|
*/
|
|
final readonly class UserPasswordHasherProcessor implements ProcessorInterface
|
|
{
|
|
/**
|
|
* @param ProcessorInterface<User, User> $persistProcessor
|
|
*/
|
|
public function __construct(
|
|
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
|
|
private ProcessorInterface $persistProcessor,
|
|
private UserPasswordHasherInterface $passwordHasher,
|
|
) {}
|
|
|
|
/**
|
|
* @param User $data
|
|
*/
|
|
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
|
|
{
|
|
$plainPassword = $data->getPlainPassword();
|
|
|
|
if (null !== $plainPassword && '' !== $plainPassword) {
|
|
$data->setPassword($this->passwordHasher->hashPassword($data, $plainPassword));
|
|
$data->setPlainPassword(null);
|
|
}
|
|
|
|
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
|
}
|
|
}
|