NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commitc5c981c

committed

[Security] Extract password hashing from security-core - using the right naming

1 parent386555b commitc5c981cCopy full SHA for c5c981c

File tree

137 files changed

+4064

-490

lines changed

UPGRADE-5.3.md
UPGRADE-6.0.md
composer.json
src/Symfony
- Bundle
  - FrameworkBundle
    - composer.json
  - SecurityBundle
    - CHANGELOG.md
    - Command
      - UserPasswordEncoderCommand.php
    - DependencyInjection
      - MainConfiguration.php
      - SecurityExtension.php
    - Resources/config
    - Tests
      - DependencyInjection
        CompleteConfigurationTest.php
        Fixtures
        php
        argon2i_encoder.php
        argon2i_hasher.php
        bcrypt_encoder.php
        bcrypt_hasher.php
        container1.php
        legacy_encoders.php
        migrating_encoder.php
        migrating_hasher.php
        sodium_encoder.php
        sodium_hasher.php
        xml
        argon2i_encoder.xml
        argon2i_hasher.xml
        bcrypt_encoder.xml
        bcrypt_hasher.xml
        container1.xml
        legacy_encoders.xml
        migrating_encoder.xml
        migrating_hasher.xml
        sodium_encoder.xml
        sodium_hasher.xml
        yml
        argon2i_encoder.yml
        argon2i_hasher.yml
        bcrypt_encoder.yml
        bcrypt_hasher.yml
        container1.yml
        legacy_encoders.yml
        migrating_encoder.yml
        migrating_hasher.yml
        sodium_encoder.yml
        sodium_hasher.yml
      - Functional
        UserPasswordEncoderCommandTest.php
        app
        AbstractTokenCompareRoles
        config.yml
        Authenticator
        security.yml
        ClearRememberMe
        config.yml
        CsrfFormLogin
        base_config.yml
        FirewallEntryPoint
        config.yml
        Guarded
        config.yml
        JsonLogin
        config.yml
        custom_handlers.yml
        LogoutWithoutSessionInvalidation
        config.yml
        Logout
        config_access.yml
        config_cookie_clearing.yml
        RememberMeLogout
        config.yml
        StandardFormLogin
        config.yml
        invalid_ip_access_control.yml
        localized_form_failure_handler.yml
        localized_routes.yml
    - composer.json
- Component
  - PasswordHasher
  - Security
    - CHANGELOG.md
    - Core
    - Guard/Provider
      - GuardAuthenticationProvider.php
    - Http
      - EventListener
        CheckCredentialsListener.php
        PasswordMigratingListener.php
      - Tests
        Authenticator
        HttpBasicAuthenticatorTest.php
        EventListener
        CheckCredentialsListenerTest.php
        PasswordMigratingListenerTest.php
      - composer.json

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

137 files changed

+4064

-490

lines changed

`‎UPGRADE-5.3.md‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,8 +69,19 @@ PropertyInfo`
`69`	`69`	`Security`
`70`	`70`	`--------`
`71`	`71`
	`72`	+* Deprecate all classes in the`Core\Encoder\` sub-namespace, use the`PasswordHasher` component instead
`72`	`73`	* Deprecated voters that do not return a valid decision when calling the`vote` method
`73`	`74`
	`75`	`+SecurityBundle`
	`76`	`+--------------`
	`77`	`+`
	`78`	+* Deprecate`UserPasswordEncoderCommand` class and the corresponding`user:encode-password` command,
	`79`	+ use`UserPasswordHashCommand` and`user:hash-password` instead
	`80`	+* Deprecate the`security.encoder_factory.generic` service, the`security.encoder_factory` and`Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,
	`81`	+ use`security.password_hasher_factory` and`Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface` instead
	`82`	+* Deprecate the`security.user_password_encoder.generic` service, the`security.password_encoder` and the`Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
	`83`	+ use`security.user_password_hasher`,`security.password_hasher` and`Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
	`84`	`+`
`74`	`85`	`Serializer`
`75`	`86`	`----------`
`76`	`87`

`‎UPGRADE-6.0.md‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -166,6 +166,7 @@ Routing`
`166`	`166`	`Security`
`167`	`167`	`--------`
`168`	`168`
	`169`	+* Drop all classes in the`Core\Encoder\` sub-namespace, use the`PasswordHasher` component instead
`169`	`170`	* Drop support for`SessionInterface $session` as constructor argument of`SessionTokenStorage`, inject a`\Symfony\Component\HttpFoundation\RequestStack $requestStack` instead
`170`	`171`	* Drop support for`session` provided by the ServiceLocator injected in`UsageTrackingTokenStorage`, provide a`request_stack` service instead
`171`	`172`	* Make`SessionTokenStorage` throw a`SessionNotFoundException` when called outside a request context
`@@ -179,6 +180,16 @@ Security`
`179`	`180`	* Removed the`AbstractRememberMeServices::$providerKey` property in favor of`AbstractRememberMeServices::$firewallName`
`180`	`181`	*`AccessDecisionManager` now throw an exception when a voter does not return a valid decision.
`181`	`182`
	`183`	`+SecurityBundle`
	`184`	`+--------------`
	`185`	`+`
	`186`	+* Remove the`UserPasswordEncoderCommand` class and the corresponding`user:encode-password` command,
	`187`	+ use`UserPasswordHashCommand` and`user:hash-password` instead
	`188`	+* Remove the`security.encoder_factory.generic` service, the`security.encoder_factory` and`Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,
	`189`	+ use`security.password_hasher_factory` and`Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface` instead
	`190`	+* Remove the`security.user_password_encoder.generic` service, the`security.password_encoder` and the`Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
	`191`	+ use`security.user_password_hasher`,`security.password_hasher` and`Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
	`192`	`+`
`182`	`193`	`Serializer`
`183`	`194`	`----------`
`184`	`195`

`‎composer.json‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,7 @@`
`86`	`86`	`"symfony/monolog-bridge":"self.version",`
`87`	`87`	`"symfony/notifier":"self.version",`
`88`	`88`	`"symfony/options-resolver":"self.version",`
	`89`	`+"symfony/password-hasher":"self.version",`
`89`	`90`	`"symfony/process":"self.version",`
`90`	`91`	`"symfony/property-access":"self.version",`
`91`	`92`	`"symfony/property-info":"self.version",`

`‎src/Symfony/Bundle/FrameworkBundle/composer.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@`
`51`	`51`	`"symfony/messenger":"^5.2",`
`52`	`52`	`"symfony/mime":"^4.4\|^5.0",`
`53`	`53`	`"symfony/process":"^4.4\|^5.0",`
`54`		`-"symfony/security-bundle":"^5.2",`
	`54`	`+"symfony/security-bundle":"^5.3",`
`55`	`55`	`"symfony/serializer":"^5.2",`
`56`	`56`	`"symfony/stopwatch":"^4.4\|^5.0",`
`57`	`57`	`"symfony/string":"^5.0",`

`‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,16 @@`
`1`	`1`	`CHANGELOG`
`2`	`2`	`=========`
`3`	`3`
	`4`	`+5.3`
	`5`	`+---`
	`6`	`+`
	`7`	+* Deprecate`UserPasswordEncoderCommand` class and the corresponding`user:encode-password` command,
	`8`	+ use`UserPasswordHashCommand` and`user:hash-password` instead
	`9`	+* Deprecate the`security.encoder_factory.generic` service, the`security.encoder_factory` and`Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,
	`10`	+ use`security.password_hasher_factory` and`Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface` instead
	`11`	+* Deprecate the`security.user_password_encoder.generic` service, the`security.password_encoder` and the`Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
	`12`	+ use`security.user_password_hasher`,`security.password_hasher` and`Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
	`13`	`+`
`4`	`14`	`5.2.0`
`5`	`15`	`-----`
`6`	`16`

`‎src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`useSymfony\Component\Console\Output\OutputInterface;`
`22`	`22`	`useSymfony\Component\Console\Question\Question;`
`23`	`23`	`useSymfony\Component\Console\Style\SymfonyStyle;`
	`24`	`+useSymfony\Component\PasswordHasher\Command\UserPasswordHashCommand;`
`24`	`25`	`useSymfony\Component\Security\Core\Encoder\EncoderFactoryInterface;`
`25`	`26`	`useSymfony\Component\Security\Core\Encoder\SelfSaltingEncoderInterface;`
`26`	`27`
`@@ -30,6 +31,8 @@`
`30`	`31`	`* @author Sarah Khalil <mkhalil.sarah@gmail.com>`
`31`	`32`	`*`
`32`	`33`	`* @final`
	`34`	`+ *`
	`35`	`+ * @deprecated since Symfony 5.3, use {@link UserPasswordHashCommand} instead`
`33`	`36`	`*/`
`34`	`37`	`class UserPasswordEncoderCommandextends Command`
`35`	`38`	`{`
`@@ -107,6 +110,8 @@ protected function execute(InputInterface $input, OutputInterface $output): int`
`107`	`110`	`$io =newSymfonyStyle($input,$output);`
`108`	`111`	`$errorIo =$outputinstanceof ConsoleOutputInterface ?newSymfonyStyle($input,$output->getErrorOutput()) :$io;`
`109`	`112`
	`113`	`+$errorIo->caution('The use of the "security:encode-password" command is deprecated since version 5.3 and will be removed in 6.0. Use "security:hash-password" instead.');`
	`114`	`+`
`110`	`115`	`$input->isInteractive() ?$errorIo->title('Symfony Password Encoder Utility') :$errorIo->newLine();`
`111`	`116`
`112`	`117`	`$password =$input->getArgument('password');`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php‎`

Lines changed: 69 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,23 @@ public function getConfigTreeBuilder()`
`65`	`65`	`return$v;`
`66`	`66`	`})`
`67`	`67`	`->end()`
	`68`	`+ ->beforeNormalization()`
	`69`	`+ ->ifTrue(function ($v) {`
	`70`	`+if ($v['encoders'] ??false) {`
	`71`	`+trigger_deprecation('symfony/security-bundle','5.3','The child node "encoders" at path "security" is deprecated, use "password_hashers" instead.');`
	`72`	`+`
	`73`	`+returntrue;`
	`74`	`+ }`
	`75`	`+`
	`76`	`+return$v['password_hashers'] ??false;`
	`77`	`+ })`
	`78`	`+ ->then(function ($v) {`
	`79`	`+$v['password_hashers'] =array_merge($v['password_hashers'] ?? [],$v['encoders'] ?? []);`
	`80`	`+$v['encoders'] =$v['password_hashers'];`
	`81`	`+`
	`82`	`+return$v;`
	`83`	`+ })`
	`84`	`+ ->end()`
`68`	`85`	`->children()`
`69`	`86`	`->scalarNode('access_denied_url')->defaultNull()->example('/foo/error403')->end()`
`70`	`87`	`->enumNode('session_fixation_strategy')`
`@@ -94,6 +111,7 @@ public function getConfigTreeBuilder()`
`94`	`111`	`;`
`95`	`112`
`96`	`113`	`$this->addEncodersSection($rootNode);`
	`114`	`+$this->addPasswordHashersSection($rootNode);`
`97`	`115`	`$this->addProvidersSection($rootNode);`
`98`	`116`	`$this->addFirewallsSection($rootNode,$this->factories);`
`99`	`117`	`$this->addAccessControlSection($rootNode);`
`@@ -401,6 +419,57 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)`
`401`	`419`	`;`
`402`	`420`	`}`
`403`	`421`
	`422`	`+privatefunctionaddPasswordHashersSection(ArrayNodeDefinition$rootNode)`
	`423`	`+ {`
	`424`	`+$rootNode`
	`425`	`+ ->fixXmlConfig('password_hasher')`
	`426`	`+ ->children()`
	`427`	`+ ->arrayNode('password_hashers')`
	`428`	`+ ->example([`
	`429`	`+'App\Entity\User1' =>'auto',`
	`430`	`+'App\Entity\User2' => [`
	`431`	`+'algorithm' =>'auto',`
	`432`	`+'time_cost' =>8,`
	`433`	`+'cost' =>13,`
	`434`	`+ ],`
	`435`	`+ ])`
	`436`	`+ ->requiresAtLeastOneElement()`
	`437`	`+ ->useAttributeAsKey('class')`
	`438`	`+ ->prototype('array')`
	`439`	`+ ->canBeUnset()`
	`440`	`+ ->performNoDeepMerging()`
	`441`	`+ ->beforeNormalization()->ifString()->then(function ($v) {return ['algorithm' =>$v]; })->end()`
	`442`	`+ ->children()`
	`443`	`+ ->scalarNode('algorithm')`
	`444`	`+ ->cannotBeEmpty()`
	`445`	`+ ->validate()`
	`446`	`+ ->ifTrue(function ($v) {return !\is_string($v); })`
	`447`	`+ ->thenInvalid('You must provide a string value.')`
	`448`	`+ ->end()`
	`449`	`+ ->end()`
	`450`	`+ ->arrayNode('migrate_from')`
	`451`	`+ ->prototype('scalar')->end()`
	`452`	`+ ->beforeNormalization()->castToArray()->end()`
	`453`	`+ ->end()`
	`454`	`+ ->scalarNode('hash_algorithm')->info('Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms.')->defaultValue('sha512')->end()`
	`455`	`+ ->scalarNode('key_length')->defaultValue(40)->end()`
	`456`	`+ ->booleanNode('ignore_case')->defaultFalse()->end()`
	`457`	`+ ->booleanNode('encode_as_base64')->defaultTrue()->end()`
	`458`	`+ ->scalarNode('iterations')->defaultValue(5000)->end()`
	`459`	`+ ->integerNode('cost')`
	`460`	`+ ->min(4)`
	`461`	`+ ->max(31)`
	`462`	`+ ->defaultNull()`
	`463`	`+ ->end()`
	`464`	`+ ->scalarNode('memory_cost')->defaultNull()->end()`
	`465`	`+ ->scalarNode('time_cost')->defaultNull()->end()`
	`466`	`+ ->scalarNode('id')->end()`
	`467`	`+ ->end()`
	`468`	`+ ->end()`
	`469`	`+ ->end()`
	`470`	`+ ->end();`
	`471`	`+ }`
	`472`	`+`
`404`	`473`	`privatefunctiongetAccessDecisionStrategies()`
`405`	`474`	`{`
`406`	`475`	`$strategies = [`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitc5c981c

File tree

137 files changed

Some content is hidden

137 files changed

`‎UPGRADE-5.3.md‎`

`‎UPGRADE-6.0.md‎`

`‎composer.json‎`

`‎src/Symfony/Bundle/FrameworkBundle/composer.json‎`

`‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎`

`‎src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php‎`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php‎`

0 commit comments