Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Form] Skip password hashing on empty password#49459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
nicolas-grekas merged 1 commit intosymfony:6.2fromSeb33300:form-empty-password
Feb 21, 2023

Conversation

@Seb33300
Copy link
Contributor

@Seb33300Seb33300 commentedFeb 21, 2023
edited
Loading

QA
Branch?6.2
Bug fix?yes
New feature?no
Deprecations?no
TicketsN/A
LicenseMIT
Doc PRN/A

When using the newhash_property_path option to hash password submitted by forms, we should skip hashing if the submitted password is empty.

  • Because empty passwords are not allowed and saving an empty password hash will prevent the user to login his account:

    $presentedPassword =$badge->getPassword();
    if ('' ===$presentedPassword) {
    thrownewBadCredentialsException('The presented password cannot be empty.');
    }

  • Because a common use case when creating a user profile form is to ignore the "new password" input if it's left blank.


$form =$this->factory
->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType',$user)
->add('plainPassword','Symfony\Component\Form\Extension\Core\Type\PasswordType', [

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

let's use ::class even if some other test cases don't

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Done


publicfunctionregisterPassword(FormEvent$event)
{
if ('' ===$event->getData()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should we account fornull too?

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Done

@nicolas-grekas
Copy link
Member

Thank you@Seb33300.

@nicolas-grekasnicolas-grekas merged commit49092e3 intosymfony:6.2Feb 21, 2023
@fabpotfabpot mentioned this pull requestFeb 28, 2023
@Seb33300Seb33300 deleted the form-empty-password branchSeptember 27, 2023 08:37
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@xabbuhxabbuhxabbuh left review comments

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@ycerutoycerutoAwaiting requested review from ycerutoyceruto is a code owner

Assignees

No one assigned

Projects

None yet

Milestone

6.2

Development

Successfully merging this pull request may close these issues.

4 participants

@Seb33300@nicolas-grekas@xabbuh@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp