How to encrypt password in Magento 2?
https://magento.stackexchange.com/questions/152297
-
05-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm working on a manufacturer extension. I added a password field to the form in admin side. How to encrypt that password to save it to the DB.
In Magento 1 we encrypt it this way:
Mage::getModel('core/encryption')->encrypt($data['password'])
How to do the same on Magento 2?
Solution 2
I searched a little and found out that magento2 uses EncryptorInterface class to encrypt and decrypt the password.
You can use it this way:
use Magento\Framework\Encryption\EncryptorInterface as Encryptor;
in the construct function :
$this->encryptor = $encryptor;
then call encrypt function to encrypt:
$encrypt = $this->encryptor->encrypt($password);
and to decrypt:
$decrypt = $this->encryptor->decrypt($password);
OTHER TIPS
Firstly my usual comment would be, do not encrypt a password!
- Encryption = A two-way process, scrambling and then unscrambling data at a later date.
- Hashing = A one-way process, create an encrypted looking string from a given input.
Hashing is not encryption, once you have something hashed it cannot be unhashed. Think of it like this you can md5 hash the entire contents of "Harry Potter and the Philosopher's Stone" and end up with a 32 character string, there is no way to get from that 32 characters back to the full book.
Hashing is usually preferable when storing passwords as it means you don't actually ever store the password but merely the result of its hash meaning if you're ever compromised your users can feel a little safer about the whole ordeal.
Anyway, to encrypt data
use \Magento\Framework\Encryption\EncryptorInterface
$encrypt = $this->encryptor->encrypt($data);
$decrypt = $this->encryptor->decrypt($data);
To hash a password
use \Magento\Framework\Encryption\EncryptorInterface
$hash = $this->encryptor->hash($password);
#Hash is persisted in the database when you next login use
#provided password variable and compare with stored hash
$bool = $this->encryptor->validateHash($password, $hash);
For more thorough example usage of password, hashing have a look a
Magento\Customer\Model\Customer::setPasswordMagento\Customer\Model\Customer::validatePassword
Here is my working script, creating hashed and/or encrypted passwords from cleartext passwords:
<?php
// create a "tools" directory inside the "pub" directory and copy this script into pub/tools
require '../../app/bootstrap.php';
if (php_sapi_name() !== 'cli' && isset($_GET['pass'])) {
define('PASS', $_GET['pass']);
} elseif (php_sapi_name() !== 'cli') {
die('Please add the password you want to hash / encrypt as a pass parameter (?pass=myB1rthDate)');
} elseif (!isset($argv[1])) {
die('Please add the password you want to hash / encrypt enclosed IN DOUBLE QUOTES as a parameter.' . PHP_EOL);
} else {
define('PASS', $argv[1]);
}
class MyEncryptor extends \Magento\Framework\App\Http implements \Magento\Framework\AppInterface
{
private $encryptor;
public function __construct(
\Magento\Framework\App\State $state,
\Magento\Framework\Encryption\EncryptorInterface $encryptor,
\Magento\Framework\App\Response\Http $response
) {
$this->_response = $response;
$this->encryptor = $encryptor;
$state->setAreaCode('adminhtml');
}
function launch()
{
echo 'Hashed value: ' . $this->encryptor->hash(PASS) . PHP_EOL;
echo 'Encrypted value: ' . $this->encryptor->encrypt(PASS) . PHP_EOL;
return $this->_response;
}
}
$bootstrap = \Magento\Framework\App\Bootstrap::create(BP, $_SERVER);
$app = $bootstrap->createApplication('MyEncryptor');
$bootstrap->run($app);
Run it like this from the cli:
php ./encryptPassword.php "myCleartextPassword"
This script should not be used on a server, because it requires the password as a command line argument, which is then stored in the cli history.
I want to use it for writing credentials directly encrypted into the magento database during deployments.
