From c0fc45682ad49b825dfe017716956b09ddf2b81a Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 31 May 2019 11:10:50 +0200 Subject: [PATCH] [Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords --- .../Security/Core/Encoder/SodiumPasswordEncoder.php | 5 +++++ .../Core/Tests/Encoder/SodiumPasswordEncoderTest.php | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php index 96fbdca173..e9bd6a63c9 100644 --- a/src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php +++ b/src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php @@ -84,6 +84,11 @@ final class SodiumPasswordEncoder implements PasswordEncoderInterface, SelfSalti return false; } + if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) { + // Accept validating BCrypt passwords for seamless migrations + return password_verify($raw, $encoded); + } + if (\function_exists('sodium_crypto_pwhash_str_verify')) { return \sodium_crypto_pwhash_str_verify($encoded, $raw); } diff --git a/src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php b/src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php index fe9e5db0eb..84c8b4849e 100644 --- a/src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php @@ -31,6 +31,12 @@ class SodiumPasswordEncoderTest extends TestCase $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null)); } + public function testBCryptValidation() + { + $encoder = new SodiumPasswordEncoder(); + $this->assertTrue($encoder->isPasswordValid('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null)); + } + /** * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException */