* public registration

* remove WSSE implementation
* add oAuth2 implementation

33 files changed, 551 insertions, 528 deletions

diff --git a/app/AppKernel.php b/app/AppKernel.php
index 08e14b8f..6f8c3a6d 100644
--- a/app/AppKernel.php
+++ b/app/AppKernel.php
@@ -26,6 +26,7 @@ class AppKernel extends Kernel
             new Wallabag\ApiBundle\WallabagApiBundle(),
             new Bazinga\Bundle\HateoasBundle\BazingaHateoasBundle(),
             new Lexik\Bundle\FormFilterBundle\LexikFormFilterBundle(),
+            new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
         );
 
         if (in_array($this->getEnvironment(), array('dev', 'test'))) {
diff --git a/app/config/config.yml b/app/config/config.yml
index f623ab23..adf68d6c 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -157,3 +157,17 @@ fos_user:
     db_driver: orm
     firewall_name: main
     user_class: Wallabag\CoreBundle\Entity\User
+    registration:
+        form:
+            type: wallabag_user_registration
+        confirmation:
+            enabled: true
+
+fos_oauth_server:
+    db_driver:           orm
+    client_class:        Wallabag\ApiBundle\Entity\Client
+    access_token_class:  Wallabag\ApiBundle\Entity\AccessToken
+    refresh_token_class: Wallabag\ApiBundle\Entity\RefreshToken
+    auth_code_class:     Wallabag\ApiBundle\Entity\AuthCode
+    service:
+        user_provider: fos_user.user_manager
diff --git a/app/config/config_prod.yml b/app/config/config_prod.yml
index c45f0fa6..342837a0 100644
--- a/app/config/config_prod.yml
+++ b/app/config/config_prod.yml
@@ -17,11 +17,6 @@ monolog:
             type:         fingers_crossed
             action_level: error
             handler:      nested
-        wsse:
-            type: stream
-            path: %kernel.logs_dir%/%kernel.environment%.wsse.log
-            level: error
-            channels: [wsse]
         nested:
             type:  stream
             path:  "%kernel.logs_dir%/%kernel.environment%.log"
diff --git a/app/config/routing.yml b/app/config/routing.yml
index e8bf08a5..dabb48fa 100644
--- a/app/config/routing.yml
+++ b/app/config/routing.yml
@@ -30,3 +30,9 @@ homepage:
     defaults:  { _controller: WallabagCoreBundle:Entry:showUnread, page : 1 }
     requirements:
         page:  \d+
+
+fos_user:
+    resource: "@FOSUserBundle/Resources/config/routing/all.xml"
+
+fos_oauth_server_token:
+    resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml"
diff --git a/app/config/security.yml b/app/config/security.yml
index 98846656..6533a430 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -1,9 +1,6 @@
 security:
     encoders:
-        Wallabag\CoreBundle\Entity\User:
-            algorithm:        sha1
-            encode_as_base64: false
-            iterations:       1
+        FOS\UserBundle\Model\UserInterface: sha512
 
     role_hierarchy:
         ROLE_ADMIN:       ROLE_USER
@@ -18,11 +15,15 @@ security:
     # the main part of the security, where you can set up firewalls
     # for specific sections of your app
     firewalls:
-        wsse_secured:
-            pattern:      /api/.*
-            wsse:         true
-            stateless:    true
-            anonymous:    true
+        oauth_token:
+            pattern: ^/oauth/v2/token
+            security: false
+        api:
+            pattern: /api/.*
+            fos_oauth: true
+            stateless: true
+            anonymous: false
+
         login_firewall:
             pattern:    ^/login$
             anonymous:  ~
@@ -45,9 +46,9 @@ security:
                 target: /
 
     access_control:
-        - { path: ^/api/salt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/forgot-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/, roles: ROLE_USER }
diff --git a/app/config/services.yml b/app/config/services.yml
index 965bc319..ff6a582b 100644
--- a/app/config/services.yml
+++ b/app/config/services.yml
@@ -1,9 +1,4 @@
-# Learn more about services, parameters and containers at
-# http://symfony.com/doc/current/book/service_container.html
 parameters:
-    security.authentication.provider.dao.class: Wallabag\CoreBundle\Security\Authentication\Provider\WallabagAuthenticationProvider
-    security.encoder.digest.class: Wallabag\CoreBundle\Security\Authentication\Encoder\WallabagPasswordEncoder
-    security.validator.user_password.class: Wallabag\CoreBundle\Security\Validator\WallabagUserPasswordValidator
     lexik_form_filter.get_filter.doctrine_orm.class: Wallabag\CoreBundle\Event\Subscriber\CustomDoctrineORMSubscriber
 
 services:
diff --git a/composer.json b/composer.json
index babe9356..22cb277c 100644
--- a/composer.json
+++ b/composer.json
@@ -53,7 +53,8 @@
         "pagerfanta/pagerfanta": "~1.0.3",
         "lexik/form-filter-bundle": "~4.0",
         "j0k3r/graby": "~1.0",
-        "friendsofsymfony/user-bundle": "dev-master"
+        "friendsofsymfony/user-bundle": "dev-master",
+        "friendsofsymfony/oauth-server-bundle": "^1.4@dev"
     },
     "require-dev": {
         "doctrine/doctrine-fixtures-bundle": "~2.2.0",
diff --git a/composer.lock b/composer.lock
index 370d8ddd..606c3678 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1,10 +1,10 @@
 {
     "_readme": [
         "This file locks the dependencies of your project to a known state",
-        "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "350d05d95be50b6d93e8a046f784e00c",
+    "hash": "7c1f2c88df608eb6e1b4bc7c5ed24acc",
     "packages": [
         {
             "name": "doctrine/annotations",
@@ -859,6 +859,129 @@
             "time": "2014-05-20 12:10:12"
         },
         {
+            "name": "friendsofsymfony/oauth-server-bundle",
+            "version": "1.4.2",
+            "target-dir": "FOS/OAuthServerBundle",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/FriendsOfSymfony/FOSOAuthServerBundle.git",
+                "reference": "9e15c229eff547443d686445d629e9356ab0672e"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSOAuthServerBundle/zipball/9e15c229eff547443d686445d629e9356ab0672e",
+                "reference": "9e15c229eff547443d686445d629e9356ab0672e",
+                "shasum": ""
+            },
+            "require": {
+                "friendsofsymfony/oauth2-php": "~1.1.0",
+                "php": ">=5.3.3",
+                "symfony/framework-bundle": "~2.1",
+                "symfony/security-bundle": "~2.1"
+            },
+            "require-dev": {
+                "doctrine/doctrine-bundle": "~1.0",
+                "doctrine/mongodb-odm": "1.0.*@dev",
+                "doctrine/orm": ">=2.2,<2.5-dev",
+                "symfony/class-loader": "~2.1",
+                "symfony/yaml": "~2.1",
+                "willdurand/propel-typehintable-behavior": "1.0.*"
+            },
+            "suggest": {
+                "doctrine/doctrine-bundle": "*",
+                "doctrine/mongodb-odm-bundle": "*",
+                "propel/propel-bundle": "If you want to use Propel with Symfony2, then you will have to install the PropelBundle",
+                "willdurand/propel-typehintable-behavior": "The Typehintable behavior is useful to add type hints on generated methods, to be compliant with interfaces"
+            },
+            "type": "symfony-bundle",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.4-dev"
+                }
+            },
+            "autoload": {
+                "psr-0": {
+                    "FOS\\OAuthServerBundle": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Arnaud Le Blanc",
+                    "email": "arnaud.lb@gmail.com"
+                },
+                {
+                    "name": "FriendsOfSymfony Community",
+                    "homepage": "https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/contributors"
+                }
+            ],
+            "description": "Symfony2 OAuth Server Bundle",
+            "homepage": "http://friendsofsymfony.github.com",
+            "keywords": [
+                "oauth",
+                "oauth2",
+                "server"
+            ],
+            "time": "2014-10-31 13:44:14"
+        },
+        {
+            "name": "friendsofsymfony/oauth2-php",
+            "version": "1.1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/FriendsOfSymfony/oauth2-php.git",
+                "reference": "23e76537c4a02e666ab4ba5abe67a69a886a0310"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/FriendsOfSymfony/oauth2-php/zipball/23e76537c4a02e666ab4ba5abe67a69a886a0310",
+                "reference": "23e76537c4a02e666ab4ba5abe67a69a886a0310",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.2",
+                "symfony/http-foundation": "~2.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "~4.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "OAuth2\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Arnaud Le Blanc",
+                    "email": "arnaud.lb@gmail.com"
+                },
+                {
+                    "name": "FriendsOfSymfony Community",
+                    "homepage": "https://github.com/FriendsOfSymfony/oauth2-php/contributors"
+                }
+            ],
+            "description": "OAuth2 library",
+            "homepage": "https://github.com/FriendsOfSymfony/oauth2-php",
+            "keywords": [
+                "oauth",
+                "oauth2"
+            ],
+            "time": "2014-11-03 10:21:20"
+        },
+        {
             "name": "friendsofsymfony/rest-bundle",
             "version": "1.7.1",
             "target-dir": "FOS/RestBundle",
@@ -2787,12 +2910,12 @@
             "version": "v2.7.0",
             "source": {
                 "type": "git",
-                "url": "https://github.com/symfony/AsseticBundle.git",
+                "url": "https://github.com/symfony/assetic-bundle.git",
                 "reference": "3ae5c8ca3079b6e0033cc9fbfb6500e2bc964da5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/AsseticBundle/zipball/3ae5c8ca3079b6e0033cc9fbfb6500e2bc964da5",
+                "url": "https://api.github.com/repos/symfony/assetic-bundle/zipball/3ae5c8ca3079b6e0033cc9fbfb6500e2bc964da5",
                 "reference": "3ae5c8ca3079b6e0033cc9fbfb6500e2bc964da5",
                 "shasum": ""
             },
@@ -2857,12 +2980,12 @@
             "version": "v2.7.1",
             "source": {
                 "type": "git",
-                "url": "https://github.com/symfony/MonologBundle.git",
+                "url": "https://github.com/symfony/monolog-bundle.git",
                 "reference": "9320b6863404c70ebe111e9040dab96f251de7ac"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/MonologBundle/zipball/9320b6863404c70ebe111e9040dab96f251de7ac",
+                "url": "https://api.github.com/repos/symfony/monolog-bundle/zipball/9320b6863404c70ebe111e9040dab96f251de7ac",
                 "reference": "9320b6863404c70ebe111e9040dab96f251de7ac",
                 "shasum": ""
             },
@@ -2916,12 +3039,12 @@
             "version": "v2.3.8",
             "source": {
                 "type": "git",
-                "url": "https://github.com/symfony/SwiftmailerBundle.git",
+                "url": "https://github.com/symfony/swiftmailer-bundle.git",
                 "reference": "970b13d01871207e81d17b17ddda025e7e21e797"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/SwiftmailerBundle/zipball/970b13d01871207e81d17b17ddda025e7e21e797",
+                "url": "https://api.github.com/repos/symfony/swiftmailer-bundle/zipball/970b13d01871207e81d17b17ddda025e7e21e797",
                 "reference": "970b13d01871207e81d17b17ddda025e7e21e797",
                 "shasum": ""
             },
@@ -2970,20 +3093,20 @@
         },
         {
             "name": "symfony/symfony",
-            "version": "v2.7.5",
+            "version": "v2.7.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/symfony.git",
-                "reference": "619528a274647cffc1792063c3ea04c4fa8266a0"
+                "reference": "1fdf23fe28876844b887b0e1935c9adda43ee645"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/symfony/zipball/619528a274647cffc1792063c3ea04c4fa8266a0",
-                "reference": "619528a274647cffc1792063c3ea04c4fa8266a0",
+                "url": "https://api.github.com/repos/symfony/symfony/zipball/1fdf23fe28876844b887b0e1935c9adda43ee645",
+                "reference": "1fdf23fe28876844b887b0e1935c9adda43ee645",
                 "shasum": ""
             },
             "require": {
-                "doctrine/common": "~2.4",
+                "doctrine/common": "~2.3",
                 "php": ">=5.3.9",
                 "psr/log": "~1.0",
                 "twig/twig": "~1.20|~2.0"
@@ -3036,9 +3159,9 @@
             },
             "require-dev": {
                 "doctrine/data-fixtures": "1.0.*",
-                "doctrine/dbal": "~2.4",
+                "doctrine/dbal": "~2.2",
                 "doctrine/doctrine-bundle": "~1.2",
-                "doctrine/orm": "~2.4,>=2.4.5",
+                "doctrine/orm": "~2.2,>=2.2.3",
                 "egulias/email-validator": "~1.2",
                 "ircmaxell/password-compat": "~1.0",
                 "monolog/monolog": "~1.11",
@@ -3088,7 +3211,7 @@
             "keywords": [
                 "framework"
             ],
-            "time": "2015-09-25 11:16:52"
+            "time": "2015-09-08 14:26:39"
         },
         {
             "name": "tecnickcom/tcpdf",
@@ -4488,7 +4611,8 @@
     "aliases": [],
     "minimum-stability": "dev",
     "stability-flags": {
-        "friendsofsymfony/user-bundle": 20
+        "friendsofsymfony/user-bundle": 20,
+        "friendsofsymfony/oauth-server-bundle": 20
     },
     "prefer-stable": true,
     "prefer-lowest": false,
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 349229f3..284dbb25 100644
--- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -2,8 +2,8 @@
 
 namespace Wallabag\ApiBundle\Controller;
 
+use FOS\RestBundle\Controller\FOSRestController;
 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
-use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Wallabag\CoreBundle\Entity\Entry;
@@ -11,7 +11,7 @@ use Wallabag\CoreBundle\Entity\Tag;
 use Hateoas\Configuration\Route;
 use Hateoas\Representation\Factory\PagerfantaFactory;
 
-class WallabagRestController extends Controller
+class WallabagRestController extends FOSRestController
 {
     /**
      * @param Entry  $entry
@@ -39,31 +39,6 @@ class WallabagRestController extends Controller
     }
 
     /**
-     * Retrieve salt for a giver user.
-     *
-     * @ApiDoc(
-     *       parameters={
-     *          {"name"="username", "dataType"="string", "required"=true, "description"="username"}
-     *       }
-     * )
-     *
-     * @return array
-     */
-    public function getSaltAction($username)
-    {
-        $user = $this
-            ->getDoctrine()
-            ->getRepository('WallabagCoreBundle:User')
-            ->findOneByUsername($username);
-
-        if (is_null($user)) {
-            throw $this->createNotFoundException();
-        }
-
-        return array($user->getSalt() ?: null);
-    }
-
-    /**
      * Retrieve all entries. It could be filtered by many options.
      *
      * @ApiDoc(
@@ -122,7 +97,7 @@ class WallabagRestController extends Controller
      */
     public function getEntryAction(Entry $entry)
     {
-        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
@@ -184,7 +159,7 @@ class WallabagRestController extends Controller
      */
     public function patchEntriesAction(Entry $entry, Request $request)
     {
-        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($entry->getUser()->getId());
 
         $title = $request->request->get('title');
         $isArchived = $request->request->get('is_archived');
@@ -228,7 +203,7 @@ class WallabagRestController extends Controller
      */
     public function deleteEntriesAction(Entry $entry)
     {
-        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($entry->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
         $em->remove($entry);
@@ -250,7 +225,7 @@ class WallabagRestController extends Controller
      */
     public function getEntriesTagsAction(Entry $entry)
     {
-        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
 
@@ -271,7 +246,7 @@ class WallabagRestController extends Controller
      */
     public function postEntriesTagsAction(Request $request, Entry $entry)
     {
-        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($entry->getUser()->getId());
 
         $tags = $request->request->get('tags', '');
         if (!empty($tags)) {
@@ -299,7 +274,7 @@ class WallabagRestController extends Controller
      */
     public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
     {
-        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($entry->getUser()->getId());
 
         $entry->removeTag($tag);
         $em = $this->getDoctrine()->getManager();
@@ -334,7 +309,7 @@ class WallabagRestController extends Controller
      */
     public function deleteTagAction(Tag $tag)
     {
-        $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId());
+        $this->validateUserAccess($tag->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
         $em->remove($tag);
@@ -350,12 +325,12 @@ class WallabagRestController extends Controller
      * If not, throw exception. It means a user try to access information from an other user.
      *
      * @param int $requestUserId User id from the requested source
-     * @param int $currentUserId User id from the retrieved source
      */
-    private function validateUserAccess($requestUserId, $currentUserId)
+    private function validateUserAccess($requestUserId)
     {
-        if ($requestUserId != $currentUserId) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId);
+        $user = $this->get('security.context')->getToken()->getUser();
+        if ($requestUserId != $user->getId()) {
+            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
         }
     }
 
diff --git a/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php b/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php
deleted file mode 100644
index 402eb869..00000000
--- a/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-namespace Wallabag\ApiBundle\DependencyInjection\Security\Factory;
-
-use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Reference;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
-use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
-
-class WsseFactory implements SecurityFactoryInterface
-{
-    public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
-    {
-        $providerId = 'security.authentication.provider.wsse.'.$id;
-        $container
-            ->setDefinition($providerId, new DefinitionDecorator('wsse.security.authentication.provider'))
-            ->replaceArgument(0, new Reference($userProvider))
-        ;
-
-        $listenerId = 'security.authentication.listener.wsse.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('wsse.security.authentication.listener'));
-
-        return array($providerId, $listenerId, $defaultEntryPoint);
-    }
-
-    public function getPosition()
-    {
-        return 'pre_auth';
-    }
-
-    public function getKey()
-    {
-        return 'wsse';
-    }
-
-    public function addConfiguration(NodeDefinition $node)
-    {
-    }
-}
diff --git a/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php b/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php
index c5cc204e..a147e7ef 100644
--- a/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php
+++ b/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php
@@ -13,9 +13,6 @@ class WallabagApiExtension extends Extension
     {
         $configuration = new Configuration();
         $config = $this->processConfiguration($configuration, $configs);
-
-        $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
-        $loader->load('services.yml');
     }
 
     public function getAlias()
diff --git a/src/Wallabag/ApiBundle/Entity/AccessToken.php b/src/Wallabag/ApiBundle/Entity/AccessToken.php
new file mode 100644
index 00000000..d6cf0af5
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Entity/AccessToken.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Wallabag\ApiBundle\Entity;
+
+use FOS\OAuthServerBundle\Entity\AccessToken as BaseAccessToken;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * @ORM\Table("oauth2_access_tokens")
+ * @ORM\Entity
+ */
+class AccessToken extends BaseAccessToken
+{
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    protected $id;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="Client")
+     * @ORM\JoinColumn(nullable=false)
+     */
+    protected $client;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="Wallabag\CoreBundle\Entity\User")
+     */
+    protected $user;
+}
diff --git a/src/Wallabag/ApiBundle/Entity/AuthCode.php b/src/Wallabag/ApiBundle/Entity/AuthCode.php
new file mode 100644
index 00000000..7873d97d
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Entity/AuthCode.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Wallabag\ApiBundle\Entity;
+
+use FOS\OAuthServerBundle\Entity\AuthCode as BaseAuthCode;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * @ORM\Table("oauth2_auth_codes")
+ * @ORM\Entity
+ */
+class AuthCode extends BaseAuthCode
+{
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    protected $id;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="Client")
+     * @ORM\JoinColumn(nullable=false)
+     */
+    protected $client;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="Wallabag\CoreBundle\Entity\User")
+     */
+    protected $user;
+}
diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php
new file mode 100644
index 00000000..d449870a
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Entity/Client.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Wallabag\ApiBundle\Entity;
+
+use FOS\OAuthServerBundle\Entity\Client as BaseClient;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * @ORM\Table("oauth2_clients")
+ * @ORM\Entity
+ */
+class Client extends BaseClient
+{
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    protected $id;
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
+}
diff --git a/src/Wallabag/ApiBundle/Entity/RefreshToken.php b/src/Wallabag/ApiBundle/Entity/RefreshToken.php
new file mode 100644
index 00000000..74c564b7
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Entity/RefreshToken.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Wallabag\ApiBundle\Entity;
+
+use FOS\OAuthServerBundle\Entity\RefreshToken as BaseRefreshToken;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * @ORM\Table("oauth2_refresh_tokens")
+ * @ORM\Entity
+ */
+class RefreshToken extends BaseRefreshToken
+{
+    /**
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    protected $id;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="Client")
+     * @ORM\JoinColumn(nullable=false)
+     */
+    protected $client;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="Wallabag\CoreBundle\Entity\User")
+     */
+    protected $user;
+}
diff --git a/src/Wallabag/ApiBundle/Resources/config/services.yml b/src/Wallabag/ApiBundle/Resources/config/services.yml
deleted file mode 100644
index 6854a444..00000000
--- a/src/Wallabag/ApiBundle/Resources/config/services.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-services:
-    wsse.security.authentication.provider:
-        class: Wallabag\ApiBundle\Security\Authentication\Provider\WsseProvider
-        public: false
-        arguments: ['', '%kernel.cache_dir%/security/nonces']
-
-    wsse.security.authentication.listener:
-        class: Wallabag\ApiBundle\Security\Firewall\WsseListener
-        public: false
-        tags:
-            - { name: monolog.logger, channel: wsse }
-        arguments: ['@security.context', '@security.authentication.manager', '@logger']
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php
deleted file mode 100644
index 9bf8b377..00000000
--- a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php
+++ /dev/null
@@ -1,79 +0,0 @@
-<?php
-
-namespace Wallabag\ApiBundle\Security\Authentication\Provider;
-
-use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
-use Symfony\Component\Security\Core\User\UserProviderInterface;
-use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Exception\NonceExpiredException;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Wallabag\ApiBundle\Security\Authentication\Token\WsseUserToken;
-
-class WsseProvider implements AuthenticationProviderInterface
-{
-    private $userProvider;
-    private $cacheDir;
-
-    public function __construct(UserProviderInterface $userProvider, $cacheDir)
-    {
-        $this->userProvider = $userProvider;
-        $this->cacheDir = $cacheDir;
-
-        // If cache directory does not exist we create it
-        if (!is_dir($this->cacheDir)) {
-            mkdir($this->cacheDir, 0777, true);
-        }
-    }
-
-    public function authenticate(TokenInterface $token)
-    {
-        $user = $this->userProvider->loadUserByUsername($token->getUsername());
-
-        if (!$user) {
-            throw new AuthenticationException('Bad credentials. Did you forgot your username?');
-        }
-
-        if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
-            $authenticatedToken = new WsseUserToken($user->getRoles());
-            $authenticatedToken->setUser($user);
-
-            return $authenticatedToken;
-        }
-
-        throw new AuthenticationException('The WSSE authentication failed.');
-    }
-
-    protected function validateDigest($digest, $nonce, $created, $secret)
-    {
-        // Check created time is not in the future
-        if (strtotime($created) > time()) {
-            throw new AuthenticationException('Back to the future...');
-        }
-
-        // Expire timestamp after 5 minutes
-        if (time() - strtotime($created) > 300) {
-            throw new AuthenticationException('Too late for this timestamp... Watch your watch.');
-        }
-
-        // Validate nonce is unique within 5 minutes
-        if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
-            throw new NonceExpiredException('Previously used nonce detected');
-        }
-
-        file_put_contents($this->cacheDir.'/'.$nonce, time());
-
-        // Validate Secret
-        $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
-
-        if ($digest !== $expected) {
-            throw new AuthenticationException('Bad credentials ! Digest is not as expected.');
-        }
-
-        return $digest === $expected;
-    }
-
-    public function supports(TokenInterface $token)
-    {
-        return $token instanceof WsseUserToken;
-    }
-}
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php
deleted file mode 100644
index e6d30224..00000000
--- a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-
-namespace Wallabag\ApiBundle\Security\Authentication\Token;
-
-use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
-
-class WsseUserToken extends AbstractToken
-{
-    public $created;
-    public $digest;
-    public $nonce;
-
-    public function __construct(array $roles = array())
-    {
-        parent::__construct($roles);
-
-        $this->setAuthenticated(count($roles) > 0);
-    }
-
-    public function getCredentials()
-    {
-        return '';
-    }
-}
diff --git a/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php b/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php
deleted file mode 100644
index 2fcbe014..00000000
--- a/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php
+++ /dev/null
@@ -1,62 +0,0 @@
-<?php
-
-namespace Wallabag\ApiBundle\Security\Firewall;
-
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Symfony\Component\Security\Http\Firewall\ListenerInterface;
-use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\SecurityContextInterface;
-use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
-use Wallabag\ApiBundle\Security\Authentication\Token\WsseUserToken;
-use Psr\Log\LoggerInterface;
-
-class WsseListener implements ListenerInterface
-{
-    protected $securityContext;
-    protected $authenticationManager;
-    protected $logger;
-
-    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
-    {
-        $this->securityContext = $securityContext;
-        $this->authenticationManager = $authenticationManager;
-        $this->logger = $logger;
-    }
-
-    public function handle(GetResponseEvent $event)
-    {
-        $request = $event->getRequest();
-
-        $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
-        if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
-            return;
-        }
-
-        $token = new WsseUserToken();
-        $token->setUser($matches[1]);
-
-        $token->digest = $matches[2];
-        $token->nonce = $matches[3];
-        $token->created = $matches[4];
-
-        try {
-            $authToken = $this->authenticationManager->authenticate($token);
-
-            $this->securityContext->setToken($authToken);
-
-            return;
-        } catch (AuthenticationException $failed) {
-            $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
-            $this->logger->err($failedMessage);
-
-            // Deny authentication with a '403 Forbidden' HTTP response
-            $response = new Response();
-            $response->setStatusCode(403);
-            $response->setContent($failedMessage);
-            $event->setResponse($response);
-
-            return;
-        }
-    }
-}
diff --git a/src/Wallabag/ApiBundle/Tests/AbstractControllerTest.php b/src/Wallabag/ApiBundle/Tests/AbstractControllerTest.php
new file mode 100644
index 00000000..119889b3
--- /dev/null
+++ b/src/Wallabag/ApiBundle/Tests/AbstractControllerTest.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace Wallabag\ApiBundle\Tests;
+
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\BrowserKit\Cookie;
+
+abstract class AbstractControllerTest extends WebTestCase
+{
+    /**
+     * @var Client
+     */
+    protected $client = null;
+
+    public function setUp()
+    {
+        $this->client = $this->createAuthorizedClient();
+    }
+
+    /**
+     * @return Client
+     */
+    protected function createAuthorizedClient()
+    {
+        $client = static::createClient();
+        $container = $client->getContainer();
+
+        $session = $container->get('session');
+        /** @var $userManager \FOS\UserBundle\Doctrine\UserManager */
+        $userManager = $container->get('fos_user.user_manager');
+        /** @var $loginManager \FOS\UserBundle\Security\LoginManager */
+        $loginManager = $container->get('fos_user.security.login_manager');
+        $firewallName = $container->getParameter('fos_user.firewall_name');
+
+        $user = $userManager->findUserBy(array('username' => 'admin'));
+        $loginManager->loginUser($firewallName, $user);
+
+        // save the login token into the session and put it in a cookie
+        $container->get('session')->set('_security_'.$firewallName,
+            serialize($container->get('security.context')->getToken()));
+        $container->get('session')->save();
+        $client->getCookieJar()->set(new Cookie($session->getName(), $session->getId()));
+
+        return $client;
+    }
+}
diff --git a/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php
index 7ae54b57..bc7ef489 100644
--- a/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php
+++ b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php
@@ -2,99 +2,15 @@
 
 namespace Wallabag\ApiBundle\Tests\Controller;
 
-use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Wallabag\ApiBundle\Tests\AbstractControllerTest;
 
-class WallabagRestControllerTest extends WebTestCase
+class WallabagRestControllerTest extends AbstractControllerTest
 {
     protected static $salt;
 
-    /**
-     * Grab the salt once and store it to be available for all tests.
-     */
-    public static function setUpBeforeClass()
-    {
-        $client = self::createClient();
-
-        $user = $client->getContainer()
-            ->get('doctrine.orm.entity_manager')
-            ->getRepository('WallabagCoreBundle:User')
-            ->findOneByUsername('admin');
-
-        self::$salt = $user->getSalt();
-    }
-
-    /**
-     * Generate HTTP headers for authenticate user on API.
-     *
-     * @param string $username
-     * @param string $password
-     *
-     * @return array
-     */
-    private function generateHeaders($username, $password)
-    {
-        $encryptedPassword = sha1($password.$username.self::$salt);
-        $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
-
-        $now = new \DateTime('now', new \DateTimeZone('UTC'));
-        $created = (string) $now->format('Y-m-d\TH:i:s\Z');
-        $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));
-
-        return array(
-            'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
-            'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
-        );
-    }
-
-    public function testGetSalt()
-    {
-        $client = $this->createClient();
-        $client->request('GET', '/api/salts/admin.json');
-
-        $user = $client->getContainer()
-            ->get('doctrine.orm.entity_manager')
-            ->getRepository('WallabagCoreBundle:User')
-            ->findOneByUsername('admin');
-
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
-
-        $content = json_decode($client->getResponse()->getContent(), true);
-
-        $this->assertArrayHasKey(0, $content);
-        $this->assertEquals($user->getSalt(), $content[0]);
-
-        $client->request('GET', '/api/salts/notfound.json');
-        $this->assertEquals(404, $client->getResponse()->getStatusCode());
-    }
-
-    public function testWithBadHeaders()
-    {
-        $client = $this->createClient();
-
-        $entry = $client->getContainer()
-            ->get('doctrine.orm.entity_manager')
-            ->getRepository('WallabagCoreBundle:Entry')
-            ->findOneByIsArchived(false);
-
-        if (!$entry) {
-            $this->markTestSkipped('No content found in db.');
-        }
-
-        $badHeaders = array(
-            'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
-            'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
-        );
-
-        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
-        $this->assertEquals(403, $client->getResponse()->getStatusCode());
-    }
-
     public function testGetOneEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->findOneBy(array('user' => 1, 'isArchived' => false));
@@ -103,18 +19,17 @@ class WallabagRestControllerTest extends WebTestCase
             $this->markTestSkipped('No content found in db.');
         }
 
-        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
+        $this->client->request('GET', '/api/entries/'.$entry->getId().'.json');
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
-
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertEquals($entry->getTitle(), $content['title']);
         $this->assertEquals($entry->getUrl(), $content['url']);
         $this->assertCount(count($entry->getTags()), $content['tags']);
 
         $this->assertTrue(
-            $client->getResponse()->headers->contains(
+            $this->client->getResponse()->headers->contains(
                 'Content-Type',
                 'application/json'
             )
@@ -123,10 +38,7 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testGetOneEntryWrongUser()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->findOneBy(array('user' => 2, 'isArchived' => false));
@@ -135,21 +47,18 @@ class WallabagRestControllerTest extends WebTestCase
             $this->markTestSkipped('No content found in db.');
         }
 
-        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
+        $this->client->request('GET', '/api/entries/'.$entry->getId().'.json');
 
-        $this->assertEquals(403, $client->getResponse()->getStatusCode());
+        $this->assertEquals(403, $this->client->getResponse()->getStatusCode());
     }
 
     public function testGetEntries()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $client->request('GET', '/api/entries', array(), array(), $headers);
+        $this->client->request('GET', '/api/entries');
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertGreaterThanOrEqual(1, count($content));
         $this->assertNotEmpty($content['_embedded']['items']);
@@ -158,7 +67,7 @@ class WallabagRestControllerTest extends WebTestCase
         $this->assertGreaterThanOrEqual(1, $content['pages']);
 
         $this->assertTrue(
-            $client->getResponse()->headers->contains(
+            $this->client->getResponse()->headers->contains(
                 'Content-Type',
                 'application/json'
             )
@@ -167,14 +76,11 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testGetStarredEntries()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
+        $this->client->request('GET', '/api/entries', array('star' => 1, 'sort' => 'updated'));
 
-        $client->request('GET', '/api/entries', array('star' => 1, 'sort' => 'updated'), array(), $headers);
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
-
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertGreaterThanOrEqual(1, count($content));
         $this->assertNotEmpty($content['_embedded']['items']);
@@ -183,7 +89,7 @@ class WallabagRestControllerTest extends WebTestCase
         $this->assertGreaterThanOrEqual(1, $content['pages']);
 
         $this->assertTrue(
-            $client->getResponse()->headers->contains(
+            $this->client->getResponse()->headers->contains(
                 'Content-Type',
                 'application/json'
             )
@@ -192,14 +98,11 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testGetArchiveEntries()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $client->request('GET', '/api/entries', array('archive' => 1), array(), $headers);
+        $this->client->request('GET', '/api/entries', array('archive' => 1));
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertGreaterThanOrEqual(1, count($content));
         $this->assertNotEmpty($content['_embedded']['items']);
@@ -208,7 +111,7 @@ class WallabagRestControllerTest extends WebTestCase
         $this->assertGreaterThanOrEqual(1, $content['pages']);
 
         $this->assertTrue(
-            $client->getResponse()->headers->contains(
+            $this->client->getResponse()->headers->contains(
                 'Content-Type',
                 'application/json'
             )
@@ -217,10 +120,7 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testDeleteEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->findOneByUser(1);
@@ -229,36 +129,31 @@ class WallabagRestControllerTest extends WebTestCase
             $this->markTestSkipped('No content found in db.');
         }
 
-        $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
+        $this->client->request('DELETE', '/api/entries/'.$entry->getId().'.json');
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertEquals($entry->getTitle(), $content['title']);
         $this->assertEquals($entry->getUrl(), $content['url']);
 
         // We'll try to delete this entry again
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
+        $this->client->request('DELETE', '/api/entries/'.$entry->getId().'.json');
 
-        $this->assertEquals(404, $client->getResponse()->getStatusCode());
+        $this->assertEquals(404, $this->client->getResponse()->getStatusCode());
     }
 
     public function testPostEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $client->request('POST', '/api/entries.json', array(
+        $this->client->request('POST', '/api/entries.json', array(
             'url' => 'http://www.lemonde.fr/pixels/article/2015/03/28/plongee-dans-l-univers-d-ingress-le-jeu-de-google-aux-frontieres-du-reel_4601155_4408996.html',
             'tags' => 'google',
-        ), array(), $headers);
+        ));
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertGreaterThan(0, $content['id']);
         $this->assertEquals('http://www.lemonde.fr/pixels/article/2015/03/28/plongee-dans-l-univers-d-ingress-le-jeu-de-google-aux-frontieres-du-reel_4601155_4408996.html', $content['url']);
@@ -269,10 +164,7 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testPatchEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->findOneByUser(1);
@@ -284,16 +176,16 @@ class WallabagRestControllerTest extends WebTestCase
         // hydrate the tags relations
         $nbTags = count($entry->getTags());
 
-        $client->request('PATCH', '/api/entries/'.$entry->getId().'.json', array(
+        $this->client->request('PATCH', '/api/entries/'.$entry->getId().'.json', array(
             'title' => 'New awesome title',
             'tags' => 'new tag '.uniqid(),
             'star' => true,
             'archive' => false,
-        ), array(), $headers);
+        ));
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertEquals($entry->getId(), $content['id']);
         $this->assertEquals($entry->getUrl(), $content['url']);
@@ -303,10 +195,7 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testGetTagsEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->findOneWithTags(1);
@@ -322,17 +211,14 @@ class WallabagRestControllerTest extends WebTestCase
             $tags[] = array('id' => $tag->getId(), 'label' => $tag->getLabel());
         }
 
-        $client->request('GET', '/api/entries/'.$entry->getId().'/tags', array(), array(), $headers);
+        $this->client->request('GET', '/api/entries/'.$entry->getId().'/tags');
 
-        $this->assertEquals(json_encode($tags, JSON_HEX_QUOT), $client->getResponse()->getContent());
+        $this->assertEquals(json_encode($tags, JSON_HEX_QUOT), $this->client->getResponse()->getContent());
     }
 
     public function testPostTagsOnEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->findOneByUser(1);
@@ -345,16 +231,16 @@ class WallabagRestControllerTest extends WebTestCase
 
         $newTags = 'tag1,tag2,tag3';
 
-        $client->request('POST', '/api/entries/'.$entry->getId().'/tags', array('tags' => $newTags), array(), $headers);
+        $this->client->request('POST', '/api/entries/'.$entry->getId().'/tags', array('tags' => $newTags));
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertArrayHasKey('tags', $content);
         $this->assertEquals($nbTags + 3, count($content['tags']));
 
-        $entryDB = $client->getContainer()
+        $entryDB = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
             ->find($entry->getId());
@@ -369,15 +255,13 @@ class WallabagRestControllerTest extends WebTestCase
         }
     }
 
-    public function testDeleteOneTagEntrie()
+    public function testDeleteOneTagEntry()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $entry = $client->getContainer()
+        $entry = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
             ->getRepository('WallabagCoreBundle:Entry')
-            ->findOneByUser(1);
+            ->findOneWithTags(1);
+        $entry = $entry[0];
 
         if (!$entry) {
             $this->markTestSkipped('No content found in db.');
@@ -387,11 +271,11 @@ class WallabagRestControllerTest extends WebTestCase
         $nbTags = count($entry->getTags());
         $tag = $entry->getTags()[0];
 
-        $client->request('DELETE', '/api/entries/'.$entry->getId().'/tags/'.$tag->getId().'.json', array(), array(), $headers);
+        $this->client->request('DELETE', '/api/entries/'.$entry->getId().'/tags/'.$tag->getId().'.json');
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertArrayHasKey('tags', $content);
         $this->assertEquals($nbTags - 1, count($content['tags']));
@@ -399,14 +283,11 @@ class WallabagRestControllerTest extends WebTestCase
 
     public function testGetUserTags()
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $client->request('GET', '/api/tags.json', array(), array(), $headers);
+        $this->client->request('GET', '/api/tags.json');
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertGreaterThan(0, $content);
         $this->assertArrayHasKey('id', $content[0]);
@@ -420,14 +301,11 @@ class WallabagRestControllerTest extends WebTestCase
      */
     public function testDeleteUserTag($tag)
     {
-        $client = $this->createClient();
-        $headers = $this->generateHeaders('admin', 'mypassword');
-
-        $client->request('DELETE', '/api/tags/'.$tag['id'].'.json', array(), array(), $headers);
+        $this->client->request('DELETE', '/api/tags/'.$tag['id'].'.json');
 
-        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
 
-        $content = json_decode($client->getResponse()->getContent(), true);
+        $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertArrayHasKey('label', $content);
         $this->assertEquals($tag['label'], $content['label']);
diff --git a/src/Wallabag/ApiBundle/WallabagApiBundle.php b/src/Wallabag/ApiBundle/WallabagApiBundle.php
index 2484f277..19d887ab 100644
--- a/src/Wallabag/ApiBundle/WallabagApiBundle.php
+++ b/src/Wallabag/ApiBundle/WallabagApiBundle.php
@@ -3,16 +3,7 @@
 namespace Wallabag\ApiBundle;
 
 use Symfony\Component\HttpKernel\Bundle\Bundle;
-use Wallabag\ApiBundle\DependencyInjection\Security\Factory\WsseFactory;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
 
 class WallabagApiBundle extends Bundle
 {
-    public function build(ContainerBuilder $container)
-    {
-        parent::build($container);
-
-        $extension = $container->getExtension('security');
-        $extension->addSecurityListenerFactory(new WsseFactory());
-    }
 }
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 5affdee8..27c323b7 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -25,6 +25,7 @@ class ConfigController extends Controller
     {
         $em = $this->getDoctrine()->getManager();
         $config = $this->getConfig();
+        $userManager = $this->container->get('fos_user.user_manager');
         $user = $this->getUser();
 
         // handle basic config detail (this form is defined as a service)
@@ -52,9 +53,8 @@ class ConfigController extends Controller
         $pwdForm->handleRequest($request);
 
         if ($pwdForm->isValid()) {
-            $user->setPassword($pwdForm->get('new_password')->getData());
-            $em->persist($user);
-            $em->flush();
+            $user->setPlainPassword($pwdForm->get('new_password')->getData());
+            $userManager->updateUser($user, true);
 
             $this->get('session')->getFlashBag()->add(
                 'notice',
@@ -69,8 +69,7 @@ class ConfigController extends Controller
         $userForm->handleRequest($request);
 
         if ($userForm->isValid()) {
-            $em->persist($user);
-            $em->flush();
+            $userManager->updateUser($user, true);
 
             $this->get('session')->getFlashBag()->add(
                 'notice',
@@ -97,14 +96,14 @@ class ConfigController extends Controller
         }
 
         // handle adding new user
-        $newUser = new User();
+        $newUser = $userManager->createUser();
         // enable created user by default
         $newUser->setEnabled(true);
         $newUserForm = $this->createForm(new NewUserType(), $newUser, array('validation_groups' => array('Profile')));
         $newUserForm->handleRequest($request);
 
-        if ($newUserForm->isValid()) {
-            $em->persist($newUser);
+        if ($newUserForm->isValid() && $this->get('security.authorization_checker')->isGranted('ROLE_SUPER_ADMIN')) {
+            $userManager->updateUser($newUser, true);
 
             $config = new Config($newUser);
             $config->setTheme($this->container->getParameter('theme'));
diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
index 4ef53329..811451da 100644
--- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
+++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
@@ -18,8 +18,9 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
         $userAdmin->setName('Big boss');
         $userAdmin->setEmail('bigboss@wallabag.org');
         $userAdmin->setUsername('admin');
-        $userAdmin->setPassword('mypassword');
+        $userAdmin->setPlainPassword('mypassword');
         $userAdmin->setEnabled(true);
+        $userAdmin->addRole('ROLE_SUPER_ADMIN');
 
         $manager->persist($userAdmin);
 
@@ -29,7 +30,7 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
         $bobUser->setName('Bobby');
         $bobUser->setEmail('bobby@wallabag.org');
         $bobUser->setUsername('bob');
-        $bobUser->setPassword('mypassword');
+        $bobUser->setPlainPassword('mypassword');
         $bobUser->setEnabled(true);
 
         $manager->persist($bobUser);
diff --git a/src/Wallabag/CoreBundle/Entity/User.php b/src/Wallabag/CoreBundle/Entity/User.php
index a6002352..ae2902a3 100644
--- a/src/Wallabag/CoreBundle/Entity/User.php
+++ b/src/Wallabag/CoreBundle/Entity/User.php
@@ -6,7 +6,6 @@ use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\ORM\Mapping as ORM;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Security\Core\User\AdvancedUserInterface;
 use JMS\Serializer\Annotation\ExclusionPolicy;
 use JMS\Serializer\Annotation\Expose;
 use FOS\UserBundle\Model\User as BaseUser;
@@ -22,7 +21,7 @@ use FOS\UserBundle\Model\User as BaseUser;
  * @UniqueEntity("email")
  * @UniqueEntity("username")
  */
-class User extends BaseUser implements AdvancedUserInterface, \Serializable
+class User extends BaseUser
 {
     /**
      * @var int
@@ -75,6 +74,7 @@ class User extends BaseUser implements AdvancedUserInterface, \Serializable
         parent::__construct();
         $this->entries = new ArrayCollection();
         $this->tags = new ArrayCollection();
+        $this->roles = array('ROLE_USER');
     }
 
     /**
@@ -91,24 +91,6 @@ class User extends BaseUser implements AdvancedUserInterface, \Serializable
     }
 
     /**
-     * Set password.
-     *
-     * @param string $password
-     *
-     * @return User
-     */
-    public function setPassword($password)
-    {
-        if (!$password && 0 === strlen($password)) {
-            return;
-        }
-
-        $this->password = sha1($password.$this->getUsername().$this->getSalt());
-
-        return $this;
-    }
-
-    /**
      * Set name.
      *
      * @param string $name
diff --git a/src/Wallabag/CoreBundle/EventListener/AuthenticationListener.php b/src/Wallabag/CoreBundle/EventListener/AuthenticationListener.php
new file mode 100644
index 00000000..7c2826ec
--- /dev/null
+++ b/src/Wallabag/CoreBundle/EventListener/AuthenticationListener.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Wallabag\CoreBundle\EventListener;
+
+use FOS\UserBundle\FOSUserEvents;
+use Symfony\Component\DependencyInjection\Container;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use FOS\UserBundle\Event\FilterUserResponseEvent;
+use Wallabag\CoreBundle\Entity\Config;
+
+class AuthenticationListener implements EventSubscriberInterface
+{
+    private $em;
+    private $container;
+
+    public function __construct(Container $container, $em)
+    {
+        $this->container = $container;
+        $this->em = $em;
+    }
+
+    public static function getSubscribedEvents()
+    {
+        return array(
+            FOSUserEvents::REGISTRATION_CONFIRMED => 'authenticate',
+        );
+    }
+
+    public function authenticate(FilterUserResponseEvent $event, $eventName = null, EventDispatcherInterface $eventDispatcher = null)
+    {
+        if (!$event->getUser()->isEnabled()) {
+            return;
+        }
+
+        $config = new Config($event->getUser());
+        $config->setTheme($this->container->getParameter('theme'));
+        $config->setItemsPerPage($this->container->getParameter('items_on_page'));
+        $config->setRssLimit($this->container->getParameter('rss_limit'));
+        $config->setLanguage($this->container->getParameter('language'));
+        $this->em->persist($config);
+        $this->em->flush();
+    }
+}
diff --git a/src/Wallabag/CoreBundle/Form/Type/NewUserType.php b/src/Wallabag/CoreBundle/Form/Type/NewUserType.php
index 985cb55b..ea7bb7ae 100644
--- a/src/Wallabag/CoreBundle/Form/Type/NewUserType.php
+++ b/src/Wallabag/CoreBundle/Form/Type/NewUserType.php
@@ -13,7 +13,8 @@ class NewUserType extends AbstractType
     {
         $builder
             ->add('username', 'text', array('required' => true))
-            ->add('password', 'password', array(
+            ->add('plainPassword', 'repeated', array(
+                'type' => 'password',
                 'constraints' => array(
                     new Constraints\Length(array(
                         'min' => 8,
diff --git a/src/Wallabag/CoreBundle/Form/Type/RegistrationType.php b/src/Wallabag/CoreBundle/Form/Type/RegistrationType.php
new file mode 100644
index 00000000..47d4f341
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Form/Type/RegistrationType.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Wallabag\CoreBundle\Form\Type;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\FormBuilderInterface;
+
+class RegistrationType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder->add('name');
+    }
+
+    public function getParent()
+    {
+        return 'fos_user_registration';
+    }
+
+    public function getName()
+    {
+        return 'wallabag_user_registration';
+    }
+}
diff --git a/src/Wallabag/CoreBundle/Resources/config/services.yml b/src/Wallabag/CoreBundle/Resources/config/services.yml
index 3beb5d0e..96ea482a 100644
--- a/src/Wallabag/CoreBundle/Resources/config/services.yml
+++ b/src/Wallabag/CoreBundle/Resources/config/services.yml
@@ -13,6 +13,11 @@ services:
         tags:
             - { name: form.type, alias: config }
 
+    wallabag_core.form.registration:
+        class: Wallabag\CoreBundle\Form\Type\RegistrationType
+        tags:
+            - { name: form.type, alias: wallabag_user_registration }
+
     wallabag_core.form.type.forgot_password:
         class: Wallabag\CoreBundle\Form\Type\ForgotPasswordType
         arguments:
@@ -40,3 +45,9 @@ services:
         class: Wallabag\CoreBundle\Helper\ContentProxy
         arguments:
             - @wallabag_core.graby
+
+    wallabag_core.registration_confirmed:
+        class: Wallabag\CoreBundle\EventListener\AuthenticationListener
+        arguments: [@service_container, @doctrine.orm.entity_manager]
+        tags:
+            - { name: kernel.event_subscriber }
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
index c90bb2e3..64305b16 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
@@ -135,6 +135,7 @@
         {{ form_rest(form.pwd) }}
     </form>
 
+    {% if is_granted('ROLE_SUPER_ADMIN') %}
     <h2>{% trans %}Add a user{% endtrans %}</h2>
 
     <form action="{{ path('config') }}" method="post" {{ form_enctype(form.new_user) }}>
@@ -150,9 +151,17 @@
 
         <fieldset class="w500p inline">
             <div class="row">
-                {{ form_label(form.new_user.password) }}
-                {{ form_errors(form.new_user.password) }}
-                {{ form_widget(form.new_user.password) }}
+                {{ form_label(form.new_user.plainPassword.first) }}
+                {{ form_errors(form.new_user.plainPassword.first) }}
+                {{ form_widget(form.new_user.plainPassword.first) }}
+            </div>
+        </fieldset>
+
+        <fieldset class="w500p inline">
+            <div class="row">
+                {{ form_label(form.new_user.plainPassword.second) }}
+                {{ form_errors(form.new_user.plainPassword.second) }}
+                {{ form_widget(form.new_user.plainPassword.second) }}
             </div>
         </fieldset>
 
@@ -165,5 +174,6 @@
         </fieldset>
 
         {{ form_rest(form.new_user) }}
+        {% endif %}
     </form>
 {% endblock %}
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
index 0ff21f22..0d8e9f24 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
@@ -15,7 +15,9 @@
                         <li class="tab col s3"><a href="#set2">{% trans %}RSS{% endtrans %}</a></li>
                         <li class="tab col s3"><a href="#set3">{% trans %}User information{% endtrans %}</a></li>
                         <li class="tab col s3"><a href="#set4">{% trans %}Password{% endtrans %}</a></li>
+                        {% if is_granted('ROLE_SUPER_ADMIN') %}
                         <li class="tab col s3"><a href="#set5">{% trans %}Add a user{% endtrans %}</a></li>
+                        {% endif %}
                         </ul>
                     </div>
 
@@ -175,7 +177,7 @@
                         </form>
                     </div>
 
-
+                    {% if is_granted('ROLE_SUPER_ADMIN') %}
                     <div id="set5" class="col s12">
                         <form action="{{ path('config') }}#set5" method="post" {{ form_enctype(form.new_user) }}>
                             {{ form_errors(form.new_user) }}
@@ -190,9 +192,17 @@
 
                             <div class="row">
                                 <div class="input-field col s12">
-                                    {{ form_label(form.new_user.password) }}
-                                    {{ form_errors(form.new_user.password) }}
-                                    {{ form_widget(form.new_user.password) }}
+                                    {{ form_label(form.new_user.plainPassword.first) }}
+                                    {{ form_errors(form.new_user.plainPassword.first) }}
+                                    {{ form_widget(form.new_user.plainPassword.first) }}
+                                </div>
+                            </div>
+
+                            <div class="row">
+                                <div class="input-field col s12">
+                                    {{ form_label(form.new_user.plainPassword.second) }}
+                                    {{ form_errors(form.new_user.plainPassword.second) }}
+                                    {{ form_widget(form.new_user.plainPassword.second) }}
                                 </div>
                             </div>
 
@@ -211,6 +221,7 @@
 
                         </form>
                     </div>
+                    {% endif %}
                 </div>
 
             </div>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Security/login.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Security/login.html.twig
index 4eb6d2b8..10f380fe 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Security/login.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Security/login.html.twig
@@ -49,6 +49,7 @@
                             {% trans %}Login{% endtrans %}
                             <i class="mdi-content-send right"></i>
                         </button>
+                        <a href="{{ path('fos_user_registration_register') }}">{% trans %}Register{% endtrans %}</a>
                     </div>
                 </form>
             </div>
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
index 3407fc5e..708a07b1 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
@@ -258,7 +258,8 @@ class ConfigControllerTest extends WallabagCoreTestCase
             array(
                 array(
                     'new_user[username]' => '',
-                    'new_user[password]' => '',
+                    'new_user[plainPassword][first]' => '',
+                    'new_user[plainPassword][second]' => '',
                     'new_user[email]' => '',
                 ),
                 'Please enter a username',
@@ -266,7 +267,8 @@ class ConfigControllerTest extends WallabagCoreTestCase
             array(
                 array(
                     'new_user[username]' => 'a',
-                    'new_user[password]' => 'mypassword',
+                    'new_user[plainPassword][first]' => 'mypassword',
+                    'new_user[plainPassword][second]' => 'mypassword',
                     'new_user[email]' => '',
                 ),
                 'The username is too short',
@@ -274,7 +276,8 @@ class ConfigControllerTest extends WallabagCoreTestCase
             array(
                 array(
                     'new_user[username]' => 'wallace',
-                    'new_user[password]' => 'mypassword',
+                    'new_user[plainPassword][first]' => 'mypassword',
+                    'new_user[plainPassword][second]' => 'mypassword',
                     'new_user[email]' => 'test',
                 ),
                 'The email is not valid',
@@ -282,11 +285,21 @@ class ConfigControllerTest extends WallabagCoreTestCase
             array(
                 array(
                     'new_user[username]' => 'admin',
-                    'new_user[password]' => 'wallacewallace',
+                    'new_user[plainPassword][first]' => 'wallacewallace',
+                    'new_user[plainPassword][second]' => 'wallacewallace',
                     'new_user[email]' => 'wallace@wallace.me',
                 ),
                 'The username is already used',
             ),
+            array(
+                array(
+                    'new_user[username]' => 'wallace',
+                    'new_user[plainPassword][first]' => 'mypassword1',
+                    'new_user[plainPassword][second]' => 'mypassword2',
+                    'new_user[email]' => 'wallace@wallace.me',
+                ),
+                'This value is not valid',
+            ),
         );
     }
 
@@ -325,7 +338,8 @@ class ConfigControllerTest extends WallabagCoreTestCase
 
         $data = array(
             'new_user[username]' => 'wallace',
-            'new_user[password]' => 'wallace1',
+            'new_user[plainPassword][first]' => 'wallace1',
+            'new_user[plainPassword][second]' => 'wallace1',
             'new_user[email]' => 'wallace@wallace.me',
         );