Merge branch '2.2' into 2.3
* 2.2: bumped Symfony version to 2.2.10 updated VERSION for 2.2.9 update CONTRIBUTORS for 2.2.9 updated CHANGELOG for 2.2.9 [Security] limited the password length passed to encoders assets:install command should mirror .dotfiles (.htaccess) PoFileDumper - PO headers removed whitespaces Conflicts: src/Symfony/Component/HttpKernel/Kernel.php src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
This commit is contained in:
commit
e7df974ab8
|
@ -7,6 +7,24 @@ in 2.2 minor versions.
|
|||
To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
|
||||
To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.2.0...v2.2.1
|
||||
|
||||
* 2.2.9 (2013-10-10)
|
||||
|
||||
* [Security] limited the password length passed to encoders
|
||||
* bug #9237 [FrameworkBundle] assets:install command should mirror .dotfiles (.htaccess) (FineWolf)
|
||||
* bug #9223 [Translator] PoFileDumper - PO headers (Padam87)
|
||||
* bug #9257 [Process] Fix 9182 : random failure on pipes tests (romainneutron)
|
||||
* bug #9222 [Bridge] [Propel1] Fixed guessed relations (ClementGautier)
|
||||
* bug #9214 [FramworkBundle] Check event listener services are not abstract (lyrixx)
|
||||
* bug #9207 [HttpKernel] Check for lock existence before unlinking (ollietb)
|
||||
* bug #9184 Fixed cache warmup of paths which contain back-slashes (fabpot)
|
||||
* bug #9192 [Form] remove MinCount and MaxCount constraints in ValidatorTypeGuesser (franek)
|
||||
* bug #9190 Fix: duplicate usage of Symfony\Component\HttpFoundation\Response (realsim)
|
||||
* bug #9188 [Form] add support for Length and Range constraint in ValidatorTypeGuesser (franek)
|
||||
* bug #8809 [Form] enforce correct timezone (Burgov)
|
||||
* bug #9169 Fixed client insulation when using the terminable event (fabpot)
|
||||
* bug #9154 Fix problem with Windows file links (backslash in JavaScript string) (fabpot)
|
||||
* bug #9103 [HttpFoundation] Header `HTTP_X_FORWARDED_PROTO` can contain various values (stloyd)
|
||||
|
||||
* 2.2.8 (2013-09-25)
|
||||
|
||||
* same as 2.2.7
|
||||
|
|
|
@ -19,9 +19,9 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Joseph Bielawski (stloyd)
|
||||
- Jeremy Mikola (jmikola)
|
||||
- Jean-François Simon (jfsimon)
|
||||
- Jakub Zalas (jakubzalas)
|
||||
- Igor Wiedler (igorw)
|
||||
- Benjamin Eberlei (beberlei)
|
||||
- Jakub Zalas (jakubzalas)
|
||||
- Hugo Hamon (hhamon)
|
||||
- Martin Hasoň (hason)
|
||||
- Eriksen Costa (eriksencosta)
|
||||
|
@ -40,11 +40,11 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Florin Patan (florinpatan)
|
||||
- Konstantin Kudryashov (everzet)
|
||||
- Saša Stamenković (umpirsky)
|
||||
- Grégoire Pineau (lyrixx)
|
||||
- Arnaud Le Blanc (arnaud-lb)
|
||||
- Eric Clemmons (ericclemmons)
|
||||
- Dariusz Górecki (canni)
|
||||
- Henrik Westphal (snc)
|
||||
- Grégoire Pineau (lyrixx)
|
||||
- Deni
|
||||
- Andrej Hudec (pulzarraider)
|
||||
- Marc Weistroff (futurecat)
|
||||
|
@ -55,9 +55,9 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Lee McDermott
|
||||
- Brandon Turner
|
||||
- Daniel Holmes (dholmes)
|
||||
- Bart van den Burg (burgov)
|
||||
- Brikou Carré (brikou)
|
||||
- John Wards (johnwards)
|
||||
- Bart van den Burg (burgov)
|
||||
- Antoine Hérault (herzult)
|
||||
- Toni Uebernickel (havvg)
|
||||
- Christian Raue
|
||||
|
@ -76,17 +76,18 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Richard Miller (mr_r_miller)
|
||||
- Jacob Dreesen (jdreesen)
|
||||
- Richard Shank (iampersistent)
|
||||
- Robert Schönthal (digitalkaoz)
|
||||
- Sebastian Hörl (blogsh)
|
||||
- David Buchmann (dbu)
|
||||
- Gábor Egyed (1ed)
|
||||
- Wouter De Jong (wouterj)
|
||||
- Juti Noppornpitak
|
||||
- Robert Schönthal (digitalkaoz)
|
||||
- Adrien Brault (adrienbrault)
|
||||
- Felix Labrecque
|
||||
- Jérémie Augustin (jaugustin)
|
||||
- Michał Pipa (michal.pipa)
|
||||
- Gordon Franke (gimler)
|
||||
- Daniel Gomes (danielcsgomes)
|
||||
- Jérémie Augustin (jaugustin)
|
||||
- Tigran Azatyan (tigranazatyan)
|
||||
- Pierre Minnieur (pminnieur)
|
||||
- Larry Garfield (crell)
|
||||
|
@ -94,7 +95,6 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Jonathan Ingram (jonathaningram)
|
||||
- Sebastiaan Stok (sstok)
|
||||
- Helmer Aaviksoo
|
||||
- Adrien Brault (adrienbrault)
|
||||
- Javier Eguiluz (javier.eguiluz)
|
||||
- Matthieu Ouellette-Vachon (maoueh)
|
||||
- Amal Raghav (kertz)
|
||||
|
@ -106,6 +106,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Julien Brochet (mewt)
|
||||
- Rafael Dohms (rdohms)
|
||||
- Dennis Benkert (denderello)
|
||||
- Eric GELOEN (gelo)
|
||||
- Benjamin Dulau (dbenjamin)
|
||||
- Andreas Hucks (meandmymonkey)
|
||||
- Noel Guilbert (noel)
|
||||
|
@ -120,7 +121,6 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Dominique Bongiraud
|
||||
- Leszek Prabucki (l3l0)
|
||||
- Danny Berger (dpb587)
|
||||
- Eric GELOEN (gelo)
|
||||
- Dustin Whittle (dustinwhittle)
|
||||
- jeff
|
||||
- Clemens Tolboom
|
||||
|
@ -151,6 +151,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- geoffrey
|
||||
- Wodor Wodorski
|
||||
- Elnur Abdurrakhimov (elnur)
|
||||
- Robert Kiss (kepten)
|
||||
- Matthew Lewinski (lewinski)
|
||||
- Kim Hemsø Rasmussen
|
||||
- Dirk Pahl (dirkaholic)
|
||||
|
@ -166,6 +167,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Matthias Pigulla (mpdude)
|
||||
- sun (sun)
|
||||
- Manuel Kiessling (manuelkiessling)
|
||||
- Christian Flothmann (xabbuh)
|
||||
- Sergey Linnik
|
||||
- Bertrand Zuchuat (garfield-fr)
|
||||
- Grégoire Paris (greg0ire)
|
||||
|
@ -188,17 +190,16 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Niklas Fiekas
|
||||
- Konstantin Myakshin (koc)
|
||||
- Erin Millard
|
||||
- Robert Kiss (kepten)
|
||||
- Manuel Reinhard (sprain)
|
||||
- Francesco Levorato
|
||||
- Vitaliy Zakharov (zakharovvi)
|
||||
- Michele Orselli (orso)
|
||||
- Tom Van Looy (tvlooy)
|
||||
- Brouznouf
|
||||
- Pierre-Yves LEBECQ (pylebecq)
|
||||
- Kristen Gilden (kgilden)
|
||||
- hossein zolfi (ocean)
|
||||
- Philipp Kräutli (pkraeutli)
|
||||
- Christian Flothmann (xabbuh)
|
||||
- Greg Thornton (xdissent)
|
||||
- Atsuhiro KUBO (iteman)
|
||||
- Lars Strojny
|
||||
|
@ -208,6 +209,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Markus Lanthaler (lanthaler)
|
||||
- Jérôme Vieilledent (lolautruche)
|
||||
- realmfoo
|
||||
- Leevi Graham (leevigraham)
|
||||
- Pavel Volokitin (pvolok)
|
||||
- Tobias Naumann
|
||||
- Ismael Ambrosi (iambrosi)
|
||||
|
@ -239,6 +241,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Antonio J. García Lagar (ajgarlag)
|
||||
- Olivier Dolbeau (odolbeau)
|
||||
- alquerci
|
||||
- Christian Gärtner (dagardner)
|
||||
- Asier Illarramendi (doup)
|
||||
- Javier López (loalf)
|
||||
- Chris Heng (gigablah)
|
||||
|
@ -251,7 +254,6 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Filippo Tessarotto
|
||||
- Mark Sonnabaum
|
||||
- Adam Harvey
|
||||
- Pierre-Yves LEBECQ (pylebecq)
|
||||
- Laurent Bachelier (laurentb)
|
||||
- Fabrice Bernhard (fabriceb)
|
||||
- Fabian Lange (codingfabian)
|
||||
|
@ -280,7 +282,6 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Nils Adermann (naderman)
|
||||
- Gábor Fási
|
||||
- Benjamin Leveque (benji07)
|
||||
- Leevi Graham
|
||||
- Luis Cordova (cordoval)
|
||||
- Michaël Perrin (michael.perrin)
|
||||
- sasezaki
|
||||
|
@ -315,6 +316,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Markus Bachmann (baachi)
|
||||
- aubx
|
||||
- Max Rath (drak3)
|
||||
- Stéphane Escandell (sescandell)
|
||||
- Sinan Eldem
|
||||
- DerManoMann
|
||||
- Nahuel Cuesta (ncuesta)
|
||||
|
@ -338,7 +340,9 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- umpirski
|
||||
- Antoine Corcy
|
||||
- cedric lombardot (cedriclombardot)
|
||||
- franek (franek)
|
||||
- John Kary (johnkary)
|
||||
- François-Xavier de Guillebon (de-gui_f)
|
||||
- Hossein Bukhamsin
|
||||
- Oleg Zinchenko (cystbear)
|
||||
- Diego Saint Esteben (dii3g0)
|
||||
|
@ -408,7 +412,6 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Matt Robinson (inanimatt)
|
||||
- Aleksey Podskrebyshev
|
||||
- Bob den Otter (bopp)
|
||||
- Christian Gärtner (dagardner)
|
||||
- David Marín Carreño (davefx)
|
||||
- Jörn Lang (j.lang)
|
||||
- julien pauli (jpauli)
|
||||
|
@ -420,6 +423,8 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Derek ROTH
|
||||
- Shin Ohno (ganchiku)
|
||||
- Drew Butler (nodrew)
|
||||
- Sarah Khalil (saro0h)
|
||||
- Timothée Barray (tyx)
|
||||
- Christian Morgan
|
||||
- Alexander Miehe (engerim)
|
||||
- giulio de donato (liuggio)
|
||||
|
@ -454,6 +459,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- xaav
|
||||
- Mahmoud Mostafa (mahmoud)
|
||||
- Juti Noppornpitak
|
||||
- Radosław Benkel
|
||||
- Mei Gwilym
|
||||
- ttomor
|
||||
- Luciano Mammino (loige)
|
||||
|
@ -479,9 +485,9 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Lin Clark
|
||||
- Troy McCabe
|
||||
- Ville Mattila
|
||||
- Sescandell (sescandell)
|
||||
- Ben Davies
|
||||
- Max Beutel
|
||||
- Piotr Antosik (antek88)
|
||||
- Artem Lopata
|
||||
- Marcos Quesada (marcos_quesada)
|
||||
- Dan Finnie
|
||||
|
@ -515,12 +521,14 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Neil Katin
|
||||
- peter
|
||||
- Gustavo Adrian
|
||||
- Clément Gautier (clementgautier)
|
||||
- Brooks Boyd
|
||||
- Roger Webb
|
||||
- Nicolas Fabre (nfabre)
|
||||
- Raul Rodriguez (raul782)
|
||||
- Felicitus
|
||||
- Paul Matthews
|
||||
- Juan Traverso
|
||||
- Philipp Strube
|
||||
- Christian Sciberras
|
||||
- Clement Herreman (clemherreman)
|
||||
|
@ -563,7 +571,6 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Lance McNearney
|
||||
- Alberto Pirovano (geezmo)
|
||||
- Martin Pärtel
|
||||
- François-Xavier de Guillebon (de-gui_f)
|
||||
- Xavier Briand (xavierbriand)
|
||||
- Evan Kaufman
|
||||
- Romain Geissler
|
||||
|
@ -612,6 +619,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Nicolas Badey (nico-b)
|
||||
- Gunnar Lium
|
||||
- povilas
|
||||
- Alessandro Tagliapietra (alex88)
|
||||
- Tiago Garcia (tiagojsag)
|
||||
- Lars Strojny
|
||||
- Bouke Haarsma
|
||||
|
@ -621,6 +629,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Przemysław Piechota (kibao)
|
||||
- Tom Adam (tomadam)
|
||||
- Francisco Facioni (fran6co)
|
||||
- Povilas S. (povilas)
|
||||
- Paweł Wacławczyk (pwc)
|
||||
- Eric Caron
|
||||
- 2manypeople
|
||||
|
@ -640,6 +649,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Thomas Chmielowiec
|
||||
- František Bereň
|
||||
- Christoph Nissle (derstoffel)
|
||||
- Nicolas Tallefourtané (nicolab)
|
||||
- Benjamin Zikarsky
|
||||
- jjanvier
|
||||
- Romain Dorgueil
|
||||
|
@ -751,6 +761,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Daniele Cesarini (ijanki)
|
||||
- Simon CONSTANS (kosssi)
|
||||
- Mauricio Lopez (sanctuary29)
|
||||
- Tobias Weinert (tweini)
|
||||
- Wotre
|
||||
- goohib
|
||||
- Xavier HAUSHERR
|
||||
|
@ -766,11 +777,13 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Vyacheslav Slinko
|
||||
- Johannes
|
||||
- Jörg Rühl
|
||||
- wesleyh
|
||||
- patrick-mcdougle
|
||||
- Daniel Basten
|
||||
- Giacomo Gallico
|
||||
- Steve Müller
|
||||
- andreabreu98
|
||||
- Thomas Schulz
|
||||
- Michael Schneider
|
||||
- Jerome Tamarelle
|
||||
- xanido
|
||||
|
@ -783,6 +796,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- vlechemin
|
||||
- Brian Corrigan
|
||||
- Skorney
|
||||
- datibbaw
|
||||
- André Neves
|
||||
- Norbert Orzechowicz
|
||||
- Pierre-Louis LAUNAY
|
||||
|
@ -843,6 +857,7 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Martin Ledgard (le6o)
|
||||
- Matthieu Moquet (mattketmo)
|
||||
- Matt Drollette (mdrollette)
|
||||
- ollie harridge (ollietb)
|
||||
- Florent CAILHOL (ooflorent)
|
||||
- Petr Jaroš (petajaros)
|
||||
- Philipp Hoffmann (philipphoffmann)
|
||||
|
@ -850,19 +865,18 @@ Symfony2 is the result of the work of many people who made the code better
|
|||
- Daniel Perez Pinazo (pitiflautico)
|
||||
- Rich Sage (richsage)
|
||||
- Ruud Kamphuis (ruudk)
|
||||
- Sarah Khalil (saro0h)
|
||||
- scourgen hung (scourgen)
|
||||
- Sebastian Busch (sebu)
|
||||
- Andrea Giuliano (shark)
|
||||
- Julien Sanchez (sumbobyboys)
|
||||
- Markus Tacker (tacker)
|
||||
- Tyler Stroud (tystr)
|
||||
- Timothée Barray (tyx)
|
||||
- Víctor Mateo (victormateo)
|
||||
- Eugene Babushkin (warl)
|
||||
- Florent Cailhol
|
||||
- craigmarvelley
|
||||
- Stano Turza
|
||||
- simpson
|
||||
- Teo
|
||||
- drublic
|
||||
- Andreas Streichardt
|
||||
|
|
|
@ -103,7 +103,7 @@ EOT
|
|||
} else {
|
||||
$filesystem->mkdir($targetDir, 0777);
|
||||
// We use a custom iterator to ignore VCS files
|
||||
$filesystem->mirror($originDir, $targetDir, Finder::create()->in($originDir));
|
||||
$filesystem->mirror($originDir, $targetDir, Finder::create()->ignoreDotFiles(false)->in($originDir));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
namespace Symfony\Component\Security\Core\Encoder;
|
||||
|
||||
use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
|
||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||
|
||||
/**
|
||||
* @author Elnur Abdurrakhimov <elnur@elnur.pro>
|
||||
|
@ -64,6 +65,10 @@ class BCryptPasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function encodePassword($raw, $salt)
|
||||
{
|
||||
if ($this->isPasswordTooLong($raw)) {
|
||||
throw new BadCredentialsException('Invalid password.');
|
||||
}
|
||||
|
||||
$options = array('cost' => $this->cost);
|
||||
|
||||
if ($salt) {
|
||||
|
@ -78,6 +83,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function isPasswordValid($encoded, $raw, $salt)
|
||||
{
|
||||
return password_verify($raw, $encoded);
|
||||
return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -20,6 +20,8 @@ use Symfony\Component\Security\Core\Util\StringUtils;
|
|||
*/
|
||||
abstract class BasePasswordEncoder implements PasswordEncoderInterface
|
||||
{
|
||||
const MAX_PASSWORD_LENGTH = 4096;
|
||||
|
||||
/**
|
||||
* Demerges a merge password and salt string.
|
||||
*
|
||||
|
@ -83,4 +85,14 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface
|
|||
{
|
||||
return StringUtils::equals($password1, $password2);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the password is too long.
|
||||
*
|
||||
* @return Boolean true if the password is too long, false otherwise
|
||||
*/
|
||||
protected function isPasswordTooLong($password)
|
||||
{
|
||||
return strlen($password) > self::MAX_PASSWORD_LENGTH;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
|
||||
namespace Symfony\Component\Security\Core\Encoder;
|
||||
|
||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||
|
||||
/**
|
||||
* MessageDigestPasswordEncoder uses a message digest algorithm.
|
||||
*
|
||||
|
@ -41,6 +43,10 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function encodePassword($raw, $salt)
|
||||
{
|
||||
if ($this->isPasswordTooLong($raw)) {
|
||||
throw new BadCredentialsException('Invalid password.');
|
||||
}
|
||||
|
||||
if (!in_array($this->algorithm, hash_algos(), true)) {
|
||||
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
|
||||
}
|
||||
|
@ -61,6 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function isPasswordValid($encoded, $raw, $salt)
|
||||
{
|
||||
return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
||||
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
|
||||
namespace Symfony\Component\Security\Core\Encoder;
|
||||
|
||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||
|
||||
/**
|
||||
* Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2).
|
||||
*
|
||||
|
@ -54,6 +56,10 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function encodePassword($raw, $salt)
|
||||
{
|
||||
if ($this->isPasswordTooLong($raw)) {
|
||||
throw new BadCredentialsException('Invalid password.');
|
||||
}
|
||||
|
||||
if (!in_array($this->algorithm, hash_algos(), true)) {
|
||||
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
|
||||
}
|
||||
|
@ -72,7 +78,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function isPasswordValid($encoded, $raw, $salt)
|
||||
{
|
||||
return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
||||
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
||||
}
|
||||
|
||||
private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
|
||||
namespace Symfony\Component\Security\Core\Encoder;
|
||||
|
||||
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||
|
||||
/**
|
||||
* PlaintextPasswordEncoder does not do any encoding.
|
||||
*
|
||||
|
@ -35,6 +37,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function encodePassword($raw, $salt)
|
||||
{
|
||||
if ($this->isPasswordTooLong($raw)) {
|
||||
throw new BadCredentialsException('Invalid password.');
|
||||
}
|
||||
|
||||
return $this->mergePasswordAndSalt($raw, $salt);
|
||||
}
|
||||
|
||||
|
@ -43,6 +49,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder
|
|||
*/
|
||||
public function isPasswordValid($encoded, $raw, $salt)
|
||||
{
|
||||
if ($this->isPasswordTooLong($raw)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$pass2 = $this->mergePasswordAndSalt($raw, $salt);
|
||||
|
||||
if (!$this->ignorePasswordCase) {
|
||||
|
|
|
@ -70,4 +70,21 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||
$this->markTestSkipped('Requires PHP >= 5.3.7');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
*/
|
||||
public function testEncodePasswordLength()
|
||||
{
|
||||
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
||||
|
||||
$encoder->encodePassword(str_repeat('a', 5000), 'salt');
|
||||
}
|
||||
|
||||
public function testCheckPasswordLength()
|
||||
{
|
||||
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
||||
|
||||
$this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -53,6 +53,12 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||
$this->invokeMergePasswordAndSalt('password', '{foo}');
|
||||
}
|
||||
|
||||
public function testIsPasswordTooLong()
|
||||
{
|
||||
$this->assertTrue($this->invokeIsPasswordTooLong(str_repeat('a', 10000)));
|
||||
$this->assertFalse($this->invokeIsPasswordTooLong(str_repeat('a', 10)));
|
||||
}
|
||||
|
||||
protected function invokeDemergePasswordAndSalt($password)
|
||||
{
|
||||
$encoder = new PasswordEncoder();
|
||||
|
@ -82,4 +88,14 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||
|
||||
return $m->invoke($encoder, $p1, $p2);
|
||||
}
|
||||
|
||||
protected function invokeIsPasswordTooLong($p)
|
||||
{
|
||||
$encoder = new PasswordEncoder();
|
||||
$r = new \ReflectionObject($encoder);
|
||||
$m = $r->getMethod('isPasswordTooLong');
|
||||
$m->setAccessible(true);
|
||||
|
||||
return $m->invoke($encoder, $p);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,4 +42,21 @@ class MessageDigestPasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||
$encoder = new MessageDigestPasswordEncoder('foobar');
|
||||
$encoder->encodePassword('password', '');
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
*/
|
||||
public function testEncodePasswordLength()
|
||||
{
|
||||
$encoder = new MessageDigestPasswordEncoder();
|
||||
|
||||
$encoder->encodePassword(str_repeat('a', 5000), 'salt');
|
||||
}
|
||||
|
||||
public function testCheckPasswordLength()
|
||||
{
|
||||
$encoder = new MessageDigestPasswordEncoder();
|
||||
|
||||
$this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,4 +42,21 @@ class Pbkdf2PasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||
$encoder = new Pbkdf2PasswordEncoder('foobar');
|
||||
$encoder->encodePassword('password', '');
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
*/
|
||||
public function testEncodePasswordLength()
|
||||
{
|
||||
$encoder = new Pbkdf2PasswordEncoder('foobar');
|
||||
|
||||
$encoder->encodePassword(str_repeat('a', 5000), 'salt');
|
||||
}
|
||||
|
||||
public function testCheckPasswordLength()
|
||||
{
|
||||
$encoder = new Pbkdf2PasswordEncoder('foobar');
|
||||
|
||||
$this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,4 +36,21 @@ class PlaintextPasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||
|
||||
$this->assertSame('foo', $encoder->encodePassword('foo', ''));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
*/
|
||||
public function testEncodePasswordLength()
|
||||
{
|
||||
$encoder = new PlaintextPasswordEncoder();
|
||||
|
||||
$encoder->encodePassword(str_repeat('a', 5000), 'salt');
|
||||
}
|
||||
|
||||
public function testCheckPasswordLength()
|
||||
{
|
||||
$encoder = new PlaintextPasswordEncoder();
|
||||
|
||||
$this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,7 +25,13 @@ class PoFileDumper extends FileDumper
|
|||
*/
|
||||
public function format(MessageCatalogue $messages, $domain = 'messages')
|
||||
{
|
||||
$output = '';
|
||||
$output = 'msgid ""'."\n";
|
||||
$output .= 'msgstr ""'."\n";
|
||||
$output .= '"Content-Type: text/plain; charset=UTF-8\n"'."\n";
|
||||
$output .= '"Content-Transfer-Encoding: 8bit\n"'."\n";
|
||||
$output .= '"Language: '.$messages->getLocale().'\n"'."\n";
|
||||
$output .= "\n";
|
||||
|
||||
$newLine = false;
|
||||
foreach ($messages->all($domain) as $source => $target) {
|
||||
if ($newLine) {
|
||||
|
|
|
@ -1,2 +1,8 @@
|
|||
msgid ""
|
||||
msgstr ""
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Language: en\n"
|
||||
|
||||
msgid "foo"
|
||||
msgstr "bar"
|
Reference in New Issue