NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commit28f7961

committed

[Security] Add NativePasswordEncoder

1 parent278a7ec commit28f7961Copy full SHA for 28f7961

File tree

16 files changed

+314

-39

lines changed

UPGRADE-4.3.md
src/Symfony
- Bundle/SecurityBundle
  - CHANGELOG.md
  - DependencyInjection
    - MainConfiguration.php
    - SecurityExtension.php
  - Tests/DependencyInjection
    - CompleteConfigurationTest.php
    - Fixtures
      - php
        container1.php
        sodium_encoder.php
      - xml
        container1.xml
        sodium_encoder.xml
      - yml
        container1.yml
        sodium_encoder.yml
- Component/Security
  - CHANGELOG.md
  - Core
    - Encoder
    - Tests/Encoder
      - NativePasswordEncoderTest.php

16 files changed

+314

-39

lines changed

`‎UPGRADE-4.3.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ Security`
`174`	`174`	`SecurityBundle`
`175`	`175`	`--------------`
`176`	`176`
`177`		-* Configuring encoders using `argon2i` as algorithm has been deprecated, use `sodium` instead.
	`177`	+* Configuring encoders using `argon2i` as algorithm has been deprecated, use `auto` instead.
`178`	`178`
`179`	`179`	`TwigBridge`
`180`	`180`	`----------`

`‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -4,11 +4,12 @@ CHANGELOG`
`4`	`4`	`4.3.0`
`5`	`5`	`-----`
`6`	`6`
	`7`	+* Added new encoder types:`auto` (recommended),`native` and`sodium`
`7`	`8`	* The normalization of the cookie names configured in the`logout.delete_cookies`
`8`	`9`	`option is deprecated and will be disabled in Symfony 5.0. This affects to cookies`
`9`	`10`	with dashes in their names. For example, starting from Symfony 5.0, the`my-cookie`
`10`	`11`	name will delete`my-cookie` (with a dash) instead of`my_cookie` (with an underscore).
`11`		-* Deprecated configuring encoders using`argon2i` as algorithm, use`sodium` instead
	`12`	+* Deprecated configuring encoders using`argon2i` as algorithm, use`auto` instead
`12`	`13`
`13`	`14`	`4.2.0`
`14`	`15`	`-----`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php‎`

Lines changed: 8 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -394,9 +394,10 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)`
`394`	`394`	`->children()`
`395`	`395`	`->arrayNode('encoders')`
`396`	`396`	`->example([`
`397`		`-'App\Entity\User1' =>'bcrypt',`
	`397`	`+'App\Entity\User1' =>'auto',`
`398`	`398`	`'App\Entity\User2' => [`
`399`		`-'algorithm' =>'bcrypt',`
	`399`	`+'algorithm' =>'auto',`
	`400`	`+'time_cost' =>8,`
`400`	`401`	`'cost' =>13,`
`401`	`402`	`],`
`402`	`403`	`])`
`@@ -416,11 +417,14 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)`
`416`	`417`	`->integerNode('cost')`
`417`	`418`	`->min(4)`
`418`	`419`	`->max(31)`
`419`		`- ->defaultValue(13)`
	`420`	`+ ->defaultNull()`
`420`	`421`	`->end()`
`421`	`422`	`->scalarNode('memory_cost')->defaultNull()->end()`
`422`	`423`	`->scalarNode('time_cost')->defaultNull()->end()`
`423`		`- ->scalarNode('threads')->defaultNull()->end()`
	`424`	`+ ->scalarNode('threads')`
	`425`	`+ ->defaultNull()`
	`426`	`+ ->setDeprecated('The "%path%.%node%" configuration key has no effect since Symfony 4.3 and will be removed in 5.0.')`
	`427`	`+ ->end()`
`424`	`428`	`->scalarNode('id')->end()`
`425`	`429`	`->end()`
`426`	`430`	`->end()`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎`

Lines changed: 21 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@`
`30`	`30`	`useSymfony\Component\HttpKernel\DependencyInjection\Extension;`
`31`	`31`	`useSymfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
`32`	`32`	`useSymfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;`
	`33`	`+useSymfony\Component\Security\Core\Encoder\NativePasswordEncoder;`
`33`	`34`	`useSymfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;`
`34`	`35`	`useSymfony\Component\Security\Core\User\UserProviderInterface;`
`35`	`36`	`useSymfony\Component\Security\Http\Controller\UserValueResolver;`
`@@ -559,20 +560,20 @@ private function createEncoder($config, ContainerBuilder $container)`
`559`	`560`	`if ('bcrypt' ===$config['algorithm']) {`
`560`	`561`	`return [`
`561`	`562`	`'class' =>'Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder',`
`562`		`-'arguments' => [$config['cost']],`
	`563`	`+'arguments' => [$config['cost'] ??13],`
`563`	`564`	`];`
`564`	`565`	`}`
`565`	`566`
`566`	`567`	`// Argon2i encoder`
`567`	`568`	`if ('argon2i' ===$config['algorithm']) {`
`568`		`- @trigger_error('Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "sodium" instead.',E_USER_DEPRECATED);`
	`569`	`+ @trigger_error('Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "auto" instead.',E_USER_DEPRECATED);`
`569`	`570`
`570`	`571`	`if (!Argon2iPasswordEncoder::isSupported()) {`
`571`	`572`	`if (\extension_loaded('sodium') && !\defined('SODIUM_CRYPTO_PWHASH_SALTBYTES')) {`
`572`		`-thrownewInvalidConfigurationException('The installed libsodium version does not have support for Argon2i. UseBcrypt instead.');`
	`573`	`+thrownewInvalidConfigurationException('The installed libsodium version does not have support for Argon2i. Use"auto" instead.');`
`573`	`574`	`}`
`574`	`575`
`575`		`-thrownewInvalidConfigurationException('Argon2i algorithm is not supported. Install the libsodium extension or useBCrypt instead.');`
	`576`	`+thrownewInvalidConfigurationException('Argon2i algorithm is not supported. Install the libsodium extension or use"auto" instead.');`
`576`	`577`	`}`
`577`	`578`
`578`	`579`	`return [`
`@@ -585,14 +586,28 @@ private function createEncoder($config, ContainerBuilder $container)`
`585`	`586`	`];`
`586`	`587`	`}`
`587`	`588`
	`589`	`+if ('native' ===$config['algorithm']) {`
	`590`	`+return [`
	`591`	`+'class' => NativePasswordEncoder::class,`
	`592`	`+'arguments' => [`
	`593`	`+$config['time_cost'],`
	`594`	`+ (($config['memory_cost'] ??0) <<10) ?:null,`
	`595`	`+$config['cost'],`
	`596`	`+ ],`
	`597`	`+ ];`
	`598`	`+ }`
	`599`	`+`
`588`	`600`	`if ('sodium' ===$config['algorithm']) {`
`589`	`601`	`if (!SodiumPasswordEncoder::isSupported()) {`
`590`		`-thrownewInvalidConfigurationException('Libsodium is not available. Install the sodium extension or useBCrypt instead.');`
	`602`	`+thrownewInvalidConfigurationException('Libsodium is not available. Install the sodium extension or use"auto" instead.');`
`591`	`603`	`}`
`592`	`604`
`593`	`605`	`return [`
`594`	`606`	`'class' => SodiumPasswordEncoder::class,`
`595`		`-'arguments' => [],`
	`607`	`+'arguments' => [`
	`608`	`+$config['time_cost'],`
	`609`	`+ (($config['memory_cost'] ??0) <<10) ?:null,`
	`610`	`+ ],`
`596`	`611`	`];`
`597`	`612`	`}`
`598`	`613`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php‎`

Lines changed: 48 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -283,7 +283,7 @@ public function testEncoders()`
`283`	`283`	`'hash_algorithm' =>'sha512',`
`284`	`284`	`'key_length' =>40,`
`285`	`285`	`'ignore_case' =>false,`
`286`		`-'cost' =>13,`
	`286`	`+'cost' =>null,`
`287`	`287`	`'memory_cost' =>null,`
`288`	`288`	`'time_cost' =>null,`
`289`	`289`	`'threads' =>null,`
`@@ -295,7 +295,7 @@ public function testEncoders()`
`295`	`295`	`'ignore_case' =>false,`
`296`	`296`	`'encode_as_base64' =>true,`
`297`	`297`	`'iterations' =>5000,`
`298`		`-'cost' =>13,`
	`298`	`+'cost' =>null,`
`299`	`299`	`'memory_cost' =>null,`
`300`	`300`	`'time_cost' =>null,`
`301`	`301`	`'threads' =>null,`
`@@ -309,6 +309,22 @@ public function testEncoders()`
`309`	`309`	`'class' =>'Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder',`
`310`	`310`	`'arguments' => [15],`
`311`	`311`	`],`
	`312`	`+'JMS\FooBundle\Entity\User7' => [`
	`313`	`+'class' =>'Symfony\Component\Security\Core\Encoder\NativePasswordEncoder',`
	`314`	`+'arguments' => [8,102400,15],`
	`315`	`+ ],`
	`316`	`+'JMS\FooBundle\Entity\User8' => [`
	`317`	`+'algorithm' =>'auto',`
	`318`	`+'hash_algorithm' =>'sha512',`
	`319`	`+'key_length' =>40,`
	`320`	`+'ignore_case' =>false,`
	`321`	`+'encode_as_base64' =>true,`
	`322`	`+'iterations' =>5000,`
	`323`	`+'cost' =>null,`
	`324`	`+'memory_cost' =>null,`
	`325`	`+'time_cost' =>null,`
	`326`	`+'threads' =>null,`
	`327`	`+ ],`
`312`	`328`	`]],$container->getDefinition('security.encoder_factory.generic')->getArguments());`
`313`	`329`	`}`
`314`	`330`
`@@ -332,7 +348,7 @@ public function testEncodersWithLibsodium()`
`332`	`348`	`'hash_algorithm' =>'sha512',`
`333`	`349`	`'key_length' =>40,`
`334`	`350`	`'ignore_case' =>false,`
`335`		`-'cost' =>13,`
	`351`	`+'cost' =>null,`
`336`	`352`	`'memory_cost' =>null,`
`337`	`353`	`'time_cost' =>null,`
`338`	`354`	`'threads' =>null,`
`@@ -344,7 +360,7 @@ public function testEncodersWithLibsodium()`
`344`	`360`	`'ignore_case' =>false,`
`345`	`361`	`'encode_as_base64' =>true,`
`346`	`362`	`'iterations' =>5000,`
`347`		`-'cost' =>13,`
	`363`	`+'cost' =>null,`
`348`	`364`	`'memory_cost' =>null,`
`349`	`365`	`'time_cost' =>null,`
`350`	`366`	`'threads' =>null,`
`@@ -360,15 +376,27 @@ public function testEncodersWithLibsodium()`
`360`	`376`	`],`
`361`	`377`	`'JMS\FooBundle\Entity\User7' => [`
`362`	`378`	`'class' =>'Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder',`
`363`		`-'arguments' => [],`
	`379`	`+'arguments' => [8,128 1024 1024],`
	`380`	`+ ],`
	`381`	`+'JMS\FooBundle\Entity\User8' => [`
	`382`	`+'algorithm' =>'auto',`
	`383`	`+'hash_algorithm' =>'sha512',`
	`384`	`+'key_length' =>40,`
	`385`	`+'ignore_case' =>false,`
	`386`	`+'encode_as_base64' =>true,`
	`387`	`+'iterations' =>5000,`
	`388`	`+'cost' =>null,`
	`389`	`+'memory_cost' =>null,`
	`390`	`+'time_cost' =>null,`
	`391`	`+'threads' =>null,`
`364`	`392`	`],`
`365`	`393`	`]],$container->getDefinition('security.encoder_factory.generic')->getArguments());`
`366`	`394`	`}`
`367`	`395`
`368`	`396`	`/**`
`369`	`397`	`* @group legacy`
`370`	`398`	`*`
`371`		`- * @expectedDeprecation Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "sodium" instead.`
	`399`	`+ * @expectedDeprecation Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "auto" instead.`
`372`	`400`	`*/`
`373`	`401`	`publicfunctiontestEncodersWithArgon2i()`
`374`	`402`	`{`
`@@ -390,7 +418,7 @@ public function testEncodersWithArgon2i()`
`390`	`418`	`'hash_algorithm' =>'sha512',`
`391`	`419`	`'key_length' =>40,`
`392`	`420`	`'ignore_case' =>false,`
`393`		`-'cost' =>13,`
	`421`	`+'cost' =>null,`
`394`	`422`	`'memory_cost' =>null,`
`395`	`423`	`'time_cost' =>null,`
`396`	`424`	`'threads' =>null,`
`@@ -402,7 +430,7 @@ public function testEncodersWithArgon2i()`
`402`	`430`	`'ignore_case' =>false,`
`403`	`431`	`'encode_as_base64' =>true,`
`404`	`432`	`'iterations' =>5000,`
`405`		`-'cost' =>13,`
	`433`	`+'cost' =>null,`
`406`	`434`	`'memory_cost' =>null,`
`407`	`435`	`'time_cost' =>null,`
`408`	`436`	`'threads' =>null,`
`@@ -420,6 +448,18 @@ public function testEncodersWithArgon2i()`
`420`	`448`	`'class' =>'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',`
`421`	`449`	`'arguments' => [256,1,2],`
`422`	`450`	`],`
	`451`	`+'JMS\FooBundle\Entity\User8' => [`
	`452`	`+'algorithm' =>'auto',`
	`453`	`+'hash_algorithm' =>'sha512',`
	`454`	`+'key_length' =>40,`
	`455`	`+'ignore_case' =>false,`
	`456`	`+'encode_as_base64' =>true,`
	`457`	`+'iterations' =>5000,`
	`458`	`+'cost' =>null,`
	`459`	`+'memory_cost' =>null,`
	`460`	`+'time_cost' =>null,`
	`461`	`+'threads' =>null,`
	`462`	`+ ],`
`423`	`463`	`]],$container->getDefinition('security.encoder_factory.generic')->getArguments());`
`424`	`464`	`}`
`425`	`465`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,15 @@`
`25`	`25`	`'algorithm' =>'bcrypt',`
`26`	`26`	`'cost' =>15,`
`27`	`27`	`],`
	`28`	`+'JMS\FooBundle\Entity\User7' => [`
	`29`	`+'algorithm' =>'native',`
	`30`	`+'time_cost' =>8,`
	`31`	`+'memory_cost' =>100,`
	`32`	`+'cost' =>15,`
	`33`	`+ ],`
	`34`	`+'JMS\FooBundle\Entity\User8' => [`
	`35`	`+'algorithm' =>'auto',`
	`36`	`+ ],`
`28`	`37`	`],`
`29`	`38`	`'providers' => [`
`30`	`39`	`'default' => [`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_encoder.php‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,8 @@`
`6`	`6`	`'encoders' => [`
`7`	`7`	`'JMS\FooBundle\Entity\User7' => [`
`8`	`8`	`'algorithm' =>'sodium',`
	`9`	`+'time_cost' =>8,`
	`10`	`+'memory_cost' =>128 *1024,`
`9`	`11`	`],`
`10`	`12`	`],`
`11`	`13`	`]);`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,10 @@`
`18`	`18`
`19`	`19`	`<encoderclass="JMS\FooBundle\Entity\User6"algorithm="bcrypt"cost="15" />`
`20`	`20`
	`21`	`+ <encoderclass="JMS\FooBundle\Entity\User7"algorithm="native"time-cost="8"memory-cost="100"cost="15" />`
	`22`	`+`
	`23`	`+ <encoderclass="JMS\FooBundle\Entity\User8"algorithm="auto" />`
	`24`	`+`
`21`	`25`	`<providername="default">`
`22`	`26`	`<memory>`
`23`	`27`	`<username="foo"password="foo"roles="ROLE_USER" />`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_encoder.xml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`</imports>`
`11`	`11`
`12`	`12`	`<sec:config>`
`13`		`- <sec:encoderclass="JMS\FooBundle\Entity\User7"algorithm="sodium" />`
	`13`	`+ <sec:encoderclass="JMS\FooBundle\Entity\User7"algorithm="sodium"time-cost="8"memory-cost="131072"/>`
`14`	`14`	`</sec:config>`
`15`	`15`
`16`	`16`	`</container>`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,13 @@ security:`
`18`	`18`	`JMS\FooBundle\Entity\User6:`
`19`	`19`	`algorithm:bcrypt`
`20`	`20`	`cost:15`
	`21`	`+JMS\FooBundle\Entity\User7:`
	`22`	`+algorithm:native`
	`23`	`+time_cost:8`
	`24`	`+memory_cost:100`
	`25`	`+cost:15`
	`26`	`+JMS\FooBundle\Entity\User8:`
	`27`	`+algorithm:auto`
`21`	`28`
`22`	`29`	`providers:`
`23`	`30`	`default:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit28f7961

File tree

16 files changed

16 files changed

`‎UPGRADE-4.3.md‎`

`‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php‎`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_encoder.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_encoder.xml‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml‎`

0 commit comments