Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Validator] Make API endpoint for NotCompromisedPasswordValidator configurable#31060
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
[Validator] Make API endpoint for NotCompromisedPasswordValidator configurable#31060
Uh oh!
There was an error while loading.Please reload this page.
Conversation
xelan commentedApr 10, 2019
I'll create the Doc PR if the rest is ok. |
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
xelan commentedApr 10, 2019
Thank you very much for your fast review and constructive feedback,@stof. I've integrated the changes you requested. |
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
thanks
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
nicolas-grekas commentedApr 11, 2019
What do you all think of |
xelan commentedApr 11, 2019
Would also be possible, however I think NotCompromisedPasswordValidator is better concerning the responsiblity of the validator. It uses a blacklist of hashes for known compromised passwords. |
xelan commentedApr 12, 2019 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
An initial prototype of my HIBP-compatible password compromisation check server, based on a simple program to chunk the source data in buckets and some Apache 2.4 rewrite rules, is available here:https://github.com/xelan/sphynx Feedback is welcome 😄 |
xelan commentedApr 15, 2019
The requested changes concerning constant naming and documentation are incorporated. I'm still not sure about the section configuration |
stof commentedApr 15, 2019
Well, I think in this case, having the info on the field is important to explain what will be the effect of disabling the validator (it won't prevent you to use the constraint, but will disable the validation) |
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
xelan commentedApr 15, 2019
Adapted, thanks for the feedback 😄 |
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
(with one minor comment)
src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
fabpot commentedMay 6, 2019
Thank you@xelan. |
…rdValidator configurable (xelan)This PR was squashed before being merged into the 4.3-dev branch (closes#31060).Discussion----------[Validator] Make API endpoint for NotCompromisedPasswordValidator configurable| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | yes| BC breaks? | yes, but acceptable [1]| Deprecations? | no [1]| Tests pass? | yes| Fixed tickets |#30871,#31054| License | MIT| Doc PR | symfony/symfony-docs#... (TODO)Makes the API endpoint for the `NotCompromisedPasswordValidator` configurable. The endpoint includes the placeholder which will be replaced with the first digits of the password hash for k-anonymity.The endpoint can either be set via constructor injection of the validator if the component is used standalone, or via the framework configuration of symfony/framework-bundle.[1] As discussed in#31054, the validator is not in a stable release yet, therefore the BC break is considered acceptable. No deprecation / BC layer is necessary.Commits-------f6a80c2 [Validator] Make API endpoint for NotCompromisedPasswordValidator configurable
…ssword constraint (javiereguiluz)This PR was squashed before being merged into the master branch (closes#11527).Discussion----------Updated the configuration reference for NotCompromisedPassword constraintDocuments the changes made insymfony/symfony#31060Commits-------f5b081e Updated the configuration reference for NotCompromisedPassword constraint
… (ogizanagi)This PR was merged into the 4.3 branch.Discussion----------Fix `validation.not_compromised_password` option defaultReflectingsymfony/symfony#31060 changes in the docs.Commits-------35925da Fix `validation.not_compromised_password` option default
Makes the API endpoint for the
NotCompromisedPasswordValidatorconfigurable. The endpoint includes the placeholder which will be replaced with the first digits of the password hash for k-anonymity.The endpoint can either be set via constructor injection of the validator if the component is used standalone, or via the framework configuration of symfony/framework-bundle.
[1] As discussed in#31054, the validator is not in a stable release yet, therefore the BC break is considered acceptable. No deprecation / BC layer is necessary.