diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Fix some broken BC layers

Browse Source
This commit is contained in:
Robin Chalas 2021-02-16 17:55:35 +01:00
parent 4d91b8f5c2
commit 79de1da6ca
3 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Component/Security/Core/Encoder/UserPasswordEncoderInterface.php
View File

@ -11,10 +11,10 @@
namespace Symfony\Component\Security\Core\Encoder;
trigger_deprecation('symfony/security-core', '5.3', sprintf('The "%s" interface is deprecated, use "%s" on hasher implementations that deal with salts instead.', UserPasswordEncoderInterface::class, UserPasswordHasherInterface::class));
trigger_deprecation('symfony/security-core', '5.3', sprintf('The "%s" interface is deprecated, use "%s" instead.', UserPasswordEncoderInterface::class, UserPasswordHasherInterface::class));
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* UserPasswordEncoderInterface is the interface for the password encoder service.

7
src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
View File

@ -11,9 +11,9 @@
namespace Symfony\Component\Security\Guard\Provider;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AuthenticationExpiredException;
@ -27,7 +27,6 @@ use Symfony\Component\Security\Guard\AuthenticatorInterface;
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
/**
* Responsible for accepting the PreAuthenticationGuardToken and calling
@ -130,8 +129,8 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
throw new BadCredentialsException(sprintf('Authentication failed because "%s::checkCredentials()" did not return true.', get_debug_type($guardAuthenticator)));
}
if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordHasher && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && method_exists($this->passwordHasher, 'needsRehash') && $this->passwordHasher->needsRehash($user)) {
if ($this->passwordHasher instanceof PasswordEncoderInterface) {
if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordHasher && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && $this->passwordHasher->needsRehash($user)) {
if ($this->passwordHasher instanceof UserPasswordEncoderInterface) {
// @deprecated since Symfony 5.3
$this->userProvider->upgradePassword($user, $this->passwordHasher->encodePassword($user, $password));
} else {

7
src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
View File

@ -12,15 +12,14 @@
namespace Symfony\Component\Security\Http\EventListener;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
use Symfony\Component\PasswordHasher\PasswordHasherInterface;
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
/**
* @author Wouter de Jong <wouter@wouterj.nl>
@ -82,7 +81,7 @@ class PasswordMigratingListener implements EventSubscriberInterface
}
}
$passwordUpgrader->upgradePassword($user, $passwordHasher->hash($plaintextPassword, $user->getSalt()));
$passwordUpgrader->upgradePassword($user, $passwordHasher instanceof PasswordHasherInterface ? $passwordHasher->hash($plaintextPassword, $user->getSalt()) : $passwordHasher->encodePassword($plaintextPassword, $user->getSalt()));
}
public static function getSubscribedEvents(): array