bug #32831 [Security] Revise UserPasswordEncoderInterface::needsRehash() (ro0NL)
This PR was squashed before being merged into the 4.4 branch (closes #32831).
Discussion
----------
[Security] Revise UserPasswordEncoderInterface::needsRehash()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This reuses the encoded password from the user for the `UserPasswordEncoderInterface`, similar we dont pass the encoded string to `isPasswordValid()`.
This differs from the non-user aware `PasswordEncoderInterface`
cc @nicolas-grekas did i miss something?
Commits
-------
c5a283d417
[Security] Revise UserPasswordEncoderInterface::needsRehash()
This commit is contained in:
commit
f4ceb91f6d
@ -50,10 +50,10 @@ class UserPasswordEncoder implements UserPasswordEncoderInterface
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function needsRehash(UserInterface $user, string $encoded): bool
|
||||
public function needsRehash(UserInterface $user): bool
|
||||
{
|
||||
$encoder = $this->encoderFactory->getEncoder($user);
|
||||
|
||||
return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($encoded);
|
||||
return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword());
|
||||
}
|
||||
}
|
||||
|
@ -18,7 +18,7 @@ use Symfony\Component\Security\Core\User\UserInterface;
|
||||
*
|
||||
* @author Ariel Ferrandini <arielferrandini@gmail.com>
|
||||
*
|
||||
* @method bool needsRehash(UserInterface $user, string $encoded)
|
||||
* @method bool needsRehash(UserInterface $user)
|
||||
*/
|
||||
interface UserPasswordEncoderInterface
|
||||
{
|
||||
|
@ -85,9 +85,9 @@ class UserPasswordEncoderTest extends TestCase
|
||||
|
||||
$passwordEncoder = new UserPasswordEncoder($mockEncoderFactory);
|
||||
|
||||
$hash = $passwordEncoder->encodePassword($user, 'foo', 'salt');
|
||||
$this->assertFalse($passwordEncoder->needsRehash($user, $hash));
|
||||
$this->assertTrue($passwordEncoder->needsRehash($user, $hash));
|
||||
$this->assertFalse($passwordEncoder->needsRehash($user, $hash));
|
||||
$user->setPassword($passwordEncoder->encodePassword($user, 'foo', 'salt'));
|
||||
$this->assertFalse($passwordEncoder->needsRehash($user));
|
||||
$this->assertTrue($passwordEncoder->needsRehash($user));
|
||||
$this->assertFalse($passwordEncoder->needsRehash($user));
|
||||
}
|
||||
}
|
||||
|
@ -164,4 +164,9 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function setPassword(string $password)
|
||||
{
|
||||
$this->password = $password;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user