forked from https://github.com/symfony/symfony
90a7fa0ca1
This PR was squashed before being merged into the 2.7 branch (closes #14032).
Discussion
----------
[SecurityBundle] UserPasswordEncoderCommand: Improve & simplify the command usage
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13988
| License | MIT
Overlaps #14017 (might replace or follow it) . Sorry if it is considered as a duplicate, but the debate has evolved, and I think the arguments ordering isn't the best nor single way to improve this command usage anymore.
Thank you @saro0h for having considered the mentioned issues and spent time on it.
# Salt option & salt generation
Thanks to @ircmaxell & @inanimatt, we came to the conclusion that the use-cases for the `salt` option/argument are pretty arguable. So I suggest to get rid of it: **a salt will always be generated by the command.**
### Generated salt
The generated salt is now in the Table output:
`security:encode-password test -n`
The "Generated salt" row and the last comment about the salt aren't present if the new `empty-salt` option is provided (see below).
# New empty-salt option
As some encoders might generate their own built-in salts (like the `BCryptPasswordEncoder`) and some custom encoders could do the same (or not require a salt at all), I suggest a new option: `empty-salt`.
This option will not provide any salt to the configured encoder, which will generate its own, then.
With the interactive way, the user will always be asked confirmation for the salt generation if the `empty-salt` option isn't set:
`security:encode-password password`
### bcrypt encoder
As the `BCryptPasswordEncoder` is shipped with the security component, and listening to @inanimatt valuable comments in #13988, I introduced a second commit (0cdb546) making an exception for the `bcrypt` encoder, and always set the `empty-salt` option with it.
We're aware that's not ideal from a OO design perspective, but far better from a DX one. If not desired, I will revert it.
Anyway I think https://github.com/symfony/symfony/issues/13988#issuecomment-85068382 and other comments about the `PasswordEncoder` API and salt generation should be considered for 3.0.
A note is added when bcrypt encoder is detected without the `empty-salt` option:
`security:encode-password password "Custom\Class\Bcrypt\User" -n`
# Default user-class
The default `user-class` is set to `Symfony\Component\Security\Core\User\User`.
I think this makes sense, as in the previous version of the command, the Symfony\Component\Security\Core\User\User was configured in the setAutocompleterValues and set the $value to Symfony\Component\Security\Core\User\User if null.
Asking the question to the user with the interactive command would have been useful only if the user was able to pick one encoder from a choice list.
# Arguments order / make arguments options
When we had both `salt` and `user-class` as arguments, the command looked like:
```sh
security:encode-password [password] [user-class] [salt]
```
All arguments were optional, for the interactive command purpose (The command asked the user for missing arguments).
But, as they were arguments, we had to provide each of them in the proper order. That meant we couldn't provide a salt without defining the optional user-class.
So I suggested using options instead of arguments for both user-class & salt.
But as the `salt` option/argument is removed, now I don't feel the need for the `user-class` to be an option.
Indeed, the new command short version will look like the following:
```sh
#Default user-class: Symfony\Component\Security\Core\User\User
security:encode-password password
#Another user-class:
security:encode-password password "AppBundle\Model\User"
```
Making the user-class an option IMO isn't a necessity anymore, and will only lengthen the command:
```sh
security:encode-password password --user-class="AppBundle\Model\User"
```
## Bonus:
- [The new command documentation](https://cloud.githubusercontent.com/assets/2211145/6845201/48a66382-d3b2-11e4-8227-b799215a2783.PNG). Thanks to @javiereguiluz.
- [Full interactivity output](https://cloud.githubusercontent.com/assets/2211145/6906381/d7753ce4-d72e-11e4-8547-2ef35c6257e9.PNG)
Commits
-------
|
||
|---|---|---|
| src/Symfony | ||
| .editorconfig | ||
| .gitignore | ||
| .php_cs | ||
| .travis.sh | ||
| .travis.yml | ||
| CHANGELOG-2.2.md | ||
| CHANGELOG-2.3.md | ||
| CHANGELOG-2.4.md | ||
| CHANGELOG-2.5.md | ||
| CHANGELOG-2.6.md | ||
| composer.json | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS.md | ||
| LICENSE | ||
| phpunit.xml.dist | ||
| README.md | ||
| UPGRADE-2.1.md | ||
| UPGRADE-2.2.md | ||
| UPGRADE-2.3.md | ||
| UPGRADE-2.4.md | ||
| UPGRADE-2.5.md | ||
| UPGRADE-2.6.md | ||
| UPGRADE-2.7.md | ||
| UPGRADE-3.0.md | ||
README
What is Symfony?
Symfony is a PHP 5.3 full-stack web framework. It is written with speed and flexibility in mind. It allows developers to build better and easy to maintain websites with PHP.
Symfony can be used to develop all kind of websites, from your personal blog to high traffic ones like Dailymotion or Yahoo! Answers.
Requirements
Symfony is only supported on PHP 5.3.9 and up.
Be warned that PHP 5.3.16 has a major bug in the Reflection subsystem and is not suitable to run Symfony (https://bugs.php.net/bug.php?id=62715)
Installation
The best way to install Symfony is to download the Symfony Standard Edition available at http://symfony.com/download.
Documentation
The "Quick Tour" tutorial gives you a first feeling of the framework. If, like us, you think that Symfony can help speed up your development and take the quality of your work to the next level, read the official Symfony documentation.
Contributing
Symfony is an open source, community-driven project. If you'd like to contribute, please read the Contributing Code part of the documentation. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section and use Pull Request Template.
Running Symfony Tests
Information on how to run the Symfony test suite can be found in the Running Symfony Tests section.