c757845643
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Extract password hashing from security-core - with proper wording
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes #39698
| License | MIT
| Doc PR | todo
This PR renames password "encoders" to password _hashers_ (naming widely used, see e.g. django or laravel).
This also takes the opportunity to extract the logic related to password hashing from security-core, moving it to a new password-hasher component.
Nowadays, many modern web apps and APIs don't deal with passwords at all, that's why splitting makes sense as a step towards making security-core not tied to the password concept.
For upgrading, applications will have to use `passwords_hashers` instead of `encoders` in their security configuration, and type-hint against `PasswordHasherInterface` (and related) instead of `PasswordEncoderInterface`.
The proposed API is not much different from the encoder one regarding behavior and signatures, and it is slightly more close to the PHP built-in password hashing API:
```php
namespace Symfony\Component\PasswordHasher;
interface PasswordHasherInterface
{
public function hash(string $plainPassword): string;
public function verify(string $hashedPassword, string $plainPassword): bool;
public function needsRehash(string $hashedPassword): bool;
}
```
Commits
-------
|
||
---|---|---|
.. | ||
Asset | ||
BrowserKit | ||
Cache | ||
Config | ||
Console | ||
CssSelector | ||
DependencyInjection | ||
DomCrawler | ||
Dotenv | ||
ErrorHandler | ||
EventDispatcher | ||
ExpressionLanguage | ||
Filesystem | ||
Finder | ||
Form | ||
HttpClient | ||
HttpFoundation | ||
HttpKernel | ||
Inflector | ||
Intl | ||
Ldap | ||
Lock | ||
Mailer | ||
Messenger | ||
Mime | ||
Notifier | ||
OptionsResolver | ||
PasswordHasher | ||
Process | ||
PropertyAccess | ||
PropertyInfo | ||
RateLimiter | ||
Routing | ||
Security | ||
Semaphore | ||
Serializer | ||
Stopwatch | ||
String | ||
Templating | ||
Translation | ||
Uid | ||
Validator | ||
VarDumper | ||
VarExporter | ||
WebLink | ||
Workflow | ||
Yaml |