Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[SecurityBundle] register alias for argument for password hasher#60371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
lyrixx wants to merge1 commit intosymfony:7.4
base:7.4
Choose a base branch
Loading
fromlyrixx:security-password-hasher

Conversation

lyrixx
Copy link
Member

@lyrixxlyrixx commentedMay 7, 2025
edited
Loading

QA
Branch?7.3
Bug fix?no
New feature?yes
Deprecations?no
Issues
LicenseMIT

This is a new feature, but I want to gather feedback before finishing the PR (meta + doc + test)

I need to hash some sensitive data in my database (2FA recovery code).
They are not tied to a specific class. So I need a "raw hasher".

ATM, I'm able to write:

security:password_hashers:Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:'auto'recovery_code:auto

But to get it, I need to write:

publicfunction homepage(PasswordHasherFactoryInterface$p):Response    {$password ='password';$hash =$p->getPasswordHasher('recovery_code')->hash($password);dd($hash);

There is an extra steps here (low of demeter...)

With this PR, I propose an alternative:

class HomepageControllerextends AbstractController{publicfunction__construct(        #[Target('recovery_code')]privatereadonlyPasswordHasherInterface$passwordHasher,    ) {    }    #[Route('/')]publicfunction index():Response    {dd($this->passwordHasher->hash('aaa'));

DX is extra smooth. If I forgot theTarget Attribute:

image

chalasr reacted with heart emoji
@lyrixxlyrixxforce-pushed thesecurity-password-hasher branch from2216356 to576f604CompareMay 14, 2025 09:10
@lyrixx
Copy link
MemberAuthor

@nicolas-grekas I addressed your comments, added tests, and updated CHANGELOG.md

@lyrixxlyrixxforce-pushed thesecurity-password-hasher branch from576f604 to9b50bc9CompareMay 14, 2025 09:11
@lyrixxlyrixxforce-pushed thesecurity-password-hasher branch from9b50bc9 toc6051e3CompareMay 14, 2025 09:38
Copy link
Member

@chalasrchalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Great 👍

@fabpotfabpot modified the milestones:7.3,7.4May 26, 2025
7.4
---

* Register alias for argument for password hasher when the key is not a class name
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Let's be more explicit and maybe give an example. Without any context, I don't understand what it means.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@fabpotfabpotfabpot requested changes

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@chalasrchalasrchalasr approved these changes

Assignees
No one assigned
Projects
None yet
Milestone
7.4
Development

Successfully merging this pull request may close these issues.

5 participants
@lyrixx@fabpot@nicolas-grekas@chalasr@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp