[Security] Allow run-time configuration of hash algo
This commit is contained in:
Nicolas Grekas
parent
c3ec1c2946
commit
7903a46dfa
@ -493,15 +493,8 @@ class SecurityExtension extends Extension
|
||||
);
|
||||
}
|
||||
|
||||
// message digest encoder
|
||||
return array(
|
||||
'class' => 'Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder',
|
||||
'arguments' => array(
|
||||
$config['algorithm'],
|
||||
$config['encode_as_base64'],
|
||||
$config['iterations'],
|
||||
),
|
||||
);
|
||||
// run-time configured encoder
|
||||
return $config;
|
||||
}
|
||||
|
||||
// Parses user providers and returns an array of their ids
|
||||
|
||||
@ -191,12 +191,22 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
|
||||
'arguments' => array(false),
|
||||
),
|
||||
'JMS\FooBundle\Entity\User2' => array(
|
||||
'class' => 'Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder',
|
||||
'arguments' => array('sha1', false, 5),
|
||||
'algorithm' => 'sha1',
|
||||
'encode_as_base64' => false,
|
||||
'iterations' => 5,
|
||||
'hash_algorithm' => 'sha512',
|
||||
'key_length' => 40,
|
||||
'ignore_case' => false,
|
||||
'cost' => 13,
|
||||
),
|
||||
'JMS\FooBundle\Entity\User3' => array(
|
||||
'class' => 'Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder',
|
||||
'arguments' => array('md5', true, 5000),
|
||||
'algorithm' => 'md5',
|
||||
'hash_algorithm' => 'sha512',
|
||||
'key_length' => 40,
|
||||
'ignore_case' => false,
|
||||
'encode_as_base64' => true,
|
||||
'iterations' => 5000,
|
||||
'cost' => 13,
|
||||
),
|
||||
'JMS\FooBundle\Entity\User4' => new Reference('security.encoder.foo'),
|
||||
'JMS\FooBundle\Entity\User5' => array(
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
],
|
||||
"require": {
|
||||
"php": ">=5.5.9",
|
||||
"symfony/security": "~3.1,>=3.1.2",
|
||||
"symfony/security": "~3.2",
|
||||
"symfony/http-kernel": "~3.1",
|
||||
"symfony/polyfill-php70": "~1.0"
|
||||
},
|
||||
|
||||
@ -69,6 +69,9 @@ class EncoderFactory implements EncoderFactoryInterface
|
||||
*/
|
||||
private function createEncoder(array $config)
|
||||
{
|
||||
if (isset($config['algorithm'])) {
|
||||
$config = $this->getEncoderConfigFromAlgorithm($config);
|
||||
}
|
||||
if (!isset($config['class'])) {
|
||||
throw new \InvalidArgumentException(sprintf('"class" must be set in %s.', json_encode($config)));
|
||||
}
|
||||
@ -80,4 +83,41 @@ class EncoderFactory implements EncoderFactoryInterface
|
||||
|
||||
return $reflection->newInstanceArgs($config['arguments']);
|
||||
}
|
||||
|
||||
private function getEncoderConfigFromAlgorithm($config)
|
||||
{
|
||||
switch ($config['algorithm']) {
|
||||
case 'plaintext':
|
||||
return array(
|
||||
'class' => PlaintextPasswordEncoder::class,
|
||||
'arguments' => array($config['ignore_case']),
|
||||
);
|
||||
|
||||
case 'pbkdf2':
|
||||
return array(
|
||||
'class' => Pbkdf2PasswordEncoder::class,
|
||||
'arguments' => array(
|
||||
$config['hash_algorithm'],
|
||||
$config['encode_as_base64'],
|
||||
$config['iterations'],
|
||||
$config['key_length'],
|
||||
),
|
||||
);
|
||||
|
||||
case 'bcrypt':
|
||||
return array(
|
||||
'class' => BCryptPasswordEncoder::class,
|
||||
'arguments' => array($config['cost']),
|
||||
);
|
||||
}
|
||||
|
||||
return array(
|
||||
'class' => MessageDigestPasswordEncoder::class,
|
||||
'arguments' => array(
|
||||
$config['algorithm'],
|
||||
$config['encode_as_base64'],
|
||||
$config['iterations'],
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user