diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #34802 [Security] Check UserInterface::getPassword is not null before calling needsRehash (dbrekelmans)

Browse Source 
This PR was squashed before being merged into the 4.4 branch (closes #34802).

Discussion
----------

[Security] Check UserInterface::getPassword is not null before calling needsRehash

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

`Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface::needsRehash()` expects a string as the input argument. In some cases `Symfony\Component\Security\Core\User\UserInterface::getPassword()` is used as the input argument, but this function can return `null` resulting in a potential type error.

Commits
-------

8e4cf497cd [Security] Check UserInterface::getPassword is not null before calling needsRehash
This commit is contained in:
Robin Chalas 2019-12-06 21:37:23 +01:00
commit 215dca45e8
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Component/Security/Core/Encoder/UserPasswordEncoder.php
View File

@ -56,6 +56,10 @@ class UserPasswordEncoder implements UserPasswordEncoderInterface
*/
public function needsRehash(UserInterface $user): bool
{
if (null === $user->getPassword()) {
return false;
}
$encoder = $this->encoderFactory->getEncoder($user);
return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword());