Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit686fe0e

Browse files
author
Robin Chalas
committed
[Security] Replace Argon2*PasswordEncoder by SodiumPasswordEncoder
This reverts commitdc95a6f.
1 parent9a7a276 commit686fe0e

File tree

20 files changed

+235
-301
lines changed

20 files changed

+235
-301
lines changed

‎UPGRADE-4.3.md‎

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -151,14 +151,12 @@ Security
151151
}
152152
```
153153

154-
* Using `Argon2iPasswordEncoder` while only the `argon2id` algorithm is supported
155-
is deprecated, use `Argon2idPasswordEncoder` instead
154+
* The `Argon2iPasswordEncoder` class has been deprecated, use `SodiumPasswordEncoder` instead.
156155

157156
SecurityBundle
158157
--------------
159158

160-
* Configuring encoders using `argon2i` as algorithm while only `argon2id` is
161-
supported is deprecated, use `argon2id` instead
159+
* Configuring encoders using `argon2i` as algorithm has been deprecated, use `sodium` instead.
162160

163161
TwigBridge
164162
----------

‎UPGRADE-5.0.md‎

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -326,8 +326,7 @@ Security
326326
}
327327
```
328328

329-
* Using `Argon2iPasswordEncoder` while only the `argon2id` algorithm is supported
330-
now throws a `\LogicException`, use `Argon2idPasswordEncoder` instead
329+
* The `Argon2iPasswordEncoder` class has been removed, use `SodiumPasswordEncoder` instead.
331330

332331
SecurityBundle
333332
--------------
@@ -348,8 +347,7 @@ SecurityBundle
348347
changed to underscores.
349348
Before:`my-cookie`deleted the `my_cookie` cookie (with an underscore).
350349
After:`my-cookie`deletes the `my-cookie` cookie (with a dash).
351-
* Configuring encoders using `argon2i` as algorithm while only `argon2id` is supported
352-
now throws a `\LogicException`, use `argon2id` instead
350+
* Configuring encoders using `argon2i` as algorithm is not supported anymore, use `sodium` instead.
353351

354352
Serializer
355353
----------

‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,7 @@ CHANGELOG
88
option is deprecated and will be disabled in Symfony 5.0. This affects to cookies
99
with dashes in their names. For example, starting from Symfony 5.0, the`my-cookie`
1010
name will delete`my-cookie` (with a dash) instead of`my_cookie` (with an underscore).
11-
* Deprecated configuring encoders using`argon2i` as algorithm while only`argon2id` is supported,
12-
use`argon2id` instead
13-
11+
* Deprecated configuring encoders using`argon2i` as algorithm, use`sodium` instead
1412

1513
4.2.0
1614
-----

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎

Lines changed: 8 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,8 @@
2929
useSymfony\Component\DependencyInjection\Reference;
3030
useSymfony\Component\HttpKernel\DependencyInjection\Extension;
3131
useSymfony\Component\Security\Core\Authorization\Voter\VoterInterface;
32-
useSymfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
3332
useSymfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
33+
useSymfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
3434
useSymfony\Component\Security\Core\User\UserProviderInterface;
3535
useSymfony\Component\Security\Http\Controller\UserValueResolver;
3636
useSymfony\Component\Templating\PhpEngine;
@@ -565,14 +565,14 @@ private function createEncoder($config, ContainerBuilder $container)
565565

566566
// Argon2i encoder
567567
if ('argon2i' ===$config['algorithm']) {
568+
@trigger_error('Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "sodium" instead.',E_USER_DEPRECATED);
569+
568570
if (!Argon2iPasswordEncoder::isSupported()) {
569571
if (\extension_loaded('sodium') && !\defined('SODIUM_CRYPTO_PWHASH_SALTBYTES')) {
570572
thrownewInvalidConfigurationException('The installed libsodium version does not have support for Argon2i. Use Bcrypt instead.');
571573
}
572574

573575
thrownewInvalidConfigurationException('Argon2i algorithm is not supported. Install the libsodium extension or use BCrypt instead.');
574-
}elseif (!\defined('PASSWORD_ARGON2I') && Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
575-
@trigger_error('Configuring an encoder based on the "argon2i" algorithm while only "argon2id" is supported is deprecated since Symfony 4.3, use "argon2id" instead.',E_USER_DEPRECATED);
576576
}
577577

578578
return [
@@ -585,19 +585,14 @@ private function createEncoder($config, ContainerBuilder $container)
585585
];
586586
}
587587

588-
// Argon2id encoder
589-
if ('argon2id' ===$config['algorithm']) {
590-
if (!Argon2idPasswordEncoder::isSupported()) {
591-
thrownewInvalidConfigurationException('Argon2i algorithm is not supported. Install the libsodium extension or use BCrypt instead.');
588+
if ('sodium' ===$config['algorithm']) {
589+
if (!SodiumPasswordEncoder::isSupported()) {
590+
thrownewInvalidConfigurationException('Libsodium is not available. Install the sodium extension or use BCrypt instead.');
592591
}
593592

594593
return [
595-
'class' => Argon2idPasswordEncoder::class,
596-
'arguments' => [
597-
$config['memory_cost'],
598-
$config['time_cost'],
599-
$config['threads'],
600-
],
594+
'class' => SodiumPasswordEncoder::class,
595+
'arguments' => [],
601596
];
602597
}
603598

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php‎

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@
1818
useSymfony\Component\DependencyInjection\ContainerBuilder;
1919
useSymfony\Component\DependencyInjection\Reference;
2020
useSymfony\Component\Security\Core\Authorization\AccessDecisionManager;
21-
useSymfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
2221
useSymfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
22+
useSymfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
2323

2424
abstractclass CompleteConfigurationTestextends TestCase
2525
{
@@ -314,11 +314,11 @@ public function testEncoders()
314314

315315
publicfunctiontestEncodersWithLibsodium()
316316
{
317-
if (!Argon2iPasswordEncoder::isSupported() ||\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
318-
$this->markTestSkipped('Argon2i algorithmis notsupported.');
317+
if (!SodiumPasswordEncoder::isSupported()) {
318+
$this->markTestSkipped('Libsodiumis notavailable.');
319319
}
320320

321-
$container =$this->getContainer('argon2i_encoder');
321+
$container =$this->getContainer('sodium_encoder');
322322

323323
$this->assertEquals([[
324324
'JMS\FooBundle\Entity\User1' => [
@@ -359,19 +359,24 @@ public function testEncodersWithLibsodium()
359359
'arguments' => [15],
360360
],
361361
'JMS\FooBundle\Entity\User7' => [
362-
'class' =>'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
363-
'arguments' => [256,1,2],
362+
'class' =>'Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder',
363+
'arguments' => [],
364364
],
365365
]],$container->getDefinition('security.encoder_factory.generic')->getArguments());
366366
}
367367

368-
publicfunctiontestEncodersWithArgon2id()
368+
/**
369+
* @group legacy
370+
*
371+
* @expectedDeprecation Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "sodium" instead.
372+
*/
373+
publicfunctiontestEncodersWithArgon2i()
369374
{
370-
if (!Argon2idPasswordEncoder::isSupported()) {
375+
if (!Argon2iPasswordEncoder::isSupported()) {
371376
$this->markTestSkipped('Argon2i algorithm is not supported.');
372377
}
373378

374-
$container =$this->getContainer('argon2id_encoder');
379+
$container =$this->getContainer('argon2i_encoder');
375380

376381
$this->assertEquals([[
377382
'JMS\FooBundle\Entity\User1' => [
@@ -412,7 +417,7 @@ public function testEncodersWithArgon2id()
412417
'arguments' => [15],
413418
],
414419
'JMS\FooBundle\Entity\User7' => [
415-
'class' =>'Symfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder',
420+
'class' =>'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
416421
'arguments' => [256,1,2],
417422
],
418423
]],$container->getDefinition('security.encoder_factory.generic')->getArguments());
Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,7 @@
55
$container->loadFromExtension('security', [
66
'encoders' => [
77
'JMS\FooBundle\Entity\User7' => [
8-
'algorithm' =>'argon2id',
9-
'memory_cost' =>256,
10-
'time_cost' =>1,
11-
'threads' =>2,
8+
'algorithm' =>'sodium',
129
],
1310
],
1411
]);
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
</imports>
1111

1212
<sec:config>
13-
<sec:encoderclass="JMS\FooBundle\Entity\User7"algorithm="argon2id"memory_cost="256"time_cost="1"threads="2" />
13+
<sec:encoderclass="JMS\FooBundle\Entity\User7"algorithm="sodium" />
1414
</sec:config>
1515

1616
</container>

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2id_encoder.yml‎

Lines changed: 0 additions & 10 deletions
This file was deleted.
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
imports:
2+
-{ resource: container1.yml }
3+
4+
security:
5+
encoders:
6+
JMS\FooBundle\Entity\User7:
7+
algorithm:sodium

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/UserPasswordEncoderCommandTest.php‎

Lines changed: 25 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,11 @@
1515
useSymfony\Bundle\SecurityBundle\Command\UserPasswordEncoderCommand;
1616
useSymfony\Component\Console\ApplicationasConsoleApplication;
1717
useSymfony\Component\Console\Tester\CommandTester;
18-
useSymfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
1918
useSymfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
2019
useSymfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
2120
useSymfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
2221
useSymfony\Component\Security\Core\Encoder\Pbkdf2PasswordEncoder;
22+
useSymfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
2323

2424
/**
2525
* Tests UserPasswordEncoderCommand.
@@ -71,9 +71,12 @@ public function testEncodePasswordBcrypt()
7171
$this->assertTrue($encoder->isPasswordValid($hash,'password',null));
7272
}
7373

74+
/**
75+
* @group legacy
76+
*/
7477
publicfunctiontestEncodePasswordArgon2i()
7578
{
76-
if (!Argon2iPasswordEncoder::isSupported() || !\defined('PASSWORD_ARGON2I') && Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
79+
if (!Argon2iPasswordEncoder::isSupported()) {
7780
$this->markTestSkipped('Argon2i algorithm not available.');
7881
}
7982
$this->setupArgon2i();
@@ -87,30 +90,29 @@ public function testEncodePasswordArgon2i()
8790
$this->assertContains('Password encoding succeeded',$output);
8891

8992
$encoder =newArgon2iPasswordEncoder();
90-
preg_match('# Encoded password\s+(\$argon2i?\$[\w,=\$+\/]+={0,2})\s+#',$output,$matches);
93+
preg_match('# Encoded password\s+(\$argon2id?\$[\w,=\$+\/]+={0,2})\s+#',$output,$matches);
9194
$hash =$matches[1];
9295
$this->assertTrue($encoder->isPasswordValid($hash,'password',null));
9396
}
9497

95-
publicfunctiontestEncodePasswordArgon2id()
98+
publicfunctiontestEncodePasswordSodium()
9699
{
97-
if (!Argon2idPasswordEncoder::isSupported()) {
98-
$this->markTestSkipped('Argon2id algorithm not available.');
100+
if (!SodiumPasswordEncoder::isSupported()) {
101+
$this->markTestSkipped('Libsodium is not available.');
99102
}
100-
$this->setupArgon2id();
103+
$this->setupSodium();
101104
$this->passwordEncoderCommandTester->execute([
102105
'command' =>'security:encode-password',
103106
'password' =>'password',
104-
'user-class' =>'Custom\Class\Argon2id\User',
107+
'user-class' =>'Custom\Class\Sodium\User',
105108
], ['interactive' =>false]);
106109

107110
$output =$this->passwordEncoderCommandTester->getDisplay();
108111
$this->assertContains('Password encoding succeeded',$output);
109112

110-
$encoder =newArgon2idPasswordEncoder();
111-
preg_match('# Encoded password\s+(\$argon2id?\$[\w,=\$+\/]+={0,2})\s+#',$output,$matches);
113+
preg_match('# Encoded password\s+(\$?\$[\w,=\$+\/]+={0,2})\s+#',$output,$matches);
112114
$hash =$matches[1];
113-
$this->assertTrue($encoder->isPasswordValid($hash,'password',null));
115+
$this->assertTrue((newSodiumPasswordEncoder())->isPasswordValid($hash,'password',null));
114116
}
115117

116118
publicfunctiontestEncodePasswordPbkdf2()
@@ -173,10 +175,13 @@ public function testEncodePasswordBcryptOutput()
173175
$this->assertNotContains(' Generated salt',$this->passwordEncoderCommandTester->getDisplay());
174176
}
175177

178+
/**
179+
* @group legacy
180+
*/
176181
publicfunctiontestEncodePasswordArgon2iOutput()
177182
{
178-
if (!Argon2iPasswordEncoder::isSupported() || !\defined('PASSWORD_ARGON2I') && Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
179-
$this->markTestSkipped('Argon2id algorithm not available.');
183+
if (!Argon2iPasswordEncoder::isSupported()) {
184+
$this->markTestSkipped('Argon2i algorithm not available.');
180185
}
181186

182187
$this->setupArgon2i();
@@ -189,17 +194,17 @@ public function testEncodePasswordArgon2iOutput()
189194
$this->assertNotContains(' Generated salt',$this->passwordEncoderCommandTester->getDisplay());
190195
}
191196

192-
publicfunctiontestEncodePasswordArgon2idOutput()
197+
publicfunctiontestEncodePasswordSodiumOutput()
193198
{
194-
if (!Argon2idPasswordEncoder::isSupported()) {
195-
$this->markTestSkipped('Argon2id algorithm not available.');
199+
if (!SodiumPasswordEncoder::isSupported()) {
200+
$this->markTestSkipped('Libsodium is not available.');
196201
}
197202

198-
$this->setupArgon2id();
203+
$this->setupSodium();
199204
$this->passwordEncoderCommandTester->execute([
200205
'command' =>'security:encode-password',
201206
'password' =>'p@ssw0rd',
202-
'user-class' =>'Custom\Class\Argon2id\User',
207+
'user-class' =>'Custom\Class\Sodium\User',
203208
], ['interactive' =>false]);
204209

205210
$this->assertNotContains(' Generated salt',$this->passwordEncoderCommandTester->getDisplay());
@@ -298,10 +303,10 @@ private function setupArgon2i()
298303
$this->passwordEncoderCommandTester =newCommandTester($passwordEncoderCommand);
299304
}
300305

301-
privatefunctionsetupArgon2id()
306+
privatefunctionsetupSodium()
302307
{
303308
putenv('COLUMNS='.(119 +\strlen(PHP_EOL)));
304-
$kernel =$this->createKernel(['test_case' =>'PasswordEncode','root_config' =>'argon2id.yml']);
309+
$kernel =$this->createKernel(['test_case' =>'PasswordEncode','root_config' =>'sodium.yml']);
305310
$kernel->boot();
306311

307312
$application =newApplication($kernel);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp