bug #34738 [SecurityBundle] Passwords are not encoded when algorithm set to "true" (nieuwenhuisen)
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Passwords are not encoded when algorithm set to "true"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #34725
| License | MIT
| Doc PR | -
If the algorithm is set to `true`, password will be encode as plain password.
```
security:
encoders:
App\User\User:
algorithm: true
```
The reason for this is the not strict comparison of php switches.
```
switch ($config['algorithm']) {
case 'plaintext':
}
```
`true == 'plaintext'` is `true`, so the first case is hit. My first solution was to cast the algorithm to a string, to prevent this. After some feedback I have catch this problem earlier and does not allow true as valid value to the algorithm option.
Ps. This is my first PR for Symfony, any feedback is welcome :-)!
Commits
-------
83a5517c01
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
This commit is contained in:
commit
59126e0f9c
@ -421,7 +421,13 @@ class MainConfiguration implements ConfigurationInterface
|
||||
->performNoDeepMerging()
|
||||
->beforeNormalization()->ifString()->then(function ($v) { return ['algorithm' => $v]; })->end()
|
||||
->children()
|
||||
->scalarNode('algorithm')->cannotBeEmpty()->end()
|
||||
->scalarNode('algorithm')
|
||||
->cannotBeEmpty()
|
||||
->validate()
|
||||
->ifTrue(function ($v) { return !\is_string($v); })
|
||||
->thenInvalid('You must provide a string value.')
|
||||
->end()
|
||||
->end()
|
||||
->scalarNode('hash_algorithm')->info('Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms.')->defaultValue('sha512')->end()
|
||||
->scalarNode('key_length')->defaultValue(40)->end()
|
||||
->booleanNode('ignore_case')->defaultFalse()->end()
|
||||
|
Reference in New Issue
Block a user