Fix usage of PasswordHasherAdapter in PasswordHasherFactory

peter17 · pyguerder · commit 8ee821e2e494 · 2021-07-29T17:58:11.000+02:00
Using migrate_from with a PasswordEncoderInterface resulted in:
Argument 1 passed to Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory::createHasher() must be of the type array, object given, called in /var/www/html/vendor/symfony/password-hasher/Hasher/PasswordHasherFactory.php on line 157
Because getHasherConfigFromAlgorithm would access it before it is decorated with the adapter.
diff --git a/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php b/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php
@@ -61,14 +61,7 @@ public function getPasswordHasher($user): PasswordHasherInterface
             throw new \RuntimeException(sprintf('No password hasher has been configured for account "%s".', \is_object($user) ? get_debug_type($user) : $user));
         }
 
-        if (!$this->passwordHashers[$hasherKey] instanceof PasswordHasherInterface) {
-            $this->passwordHashers[$hasherKey] = $this->passwordHashers[$hasherKey] instanceof PasswordEncoderInterface
-                ? new PasswordHasherAdapter($this->passwordHashers[$hasherKey])
-                : $this->createHasher($this->passwordHashers[$hasherKey])
-            ;
-        }
-
-        return $this->passwordHashers[$hasherKey];
+        return $this->createHasherUsingAdapter($hasherKey);
     }
 
     /**
@@ -111,6 +104,18 @@ private function createHasher(array $config, bool $isExtra = false): PasswordHas
         return new MigratingPasswordHasher($hasher, ...$extrapasswordHashers);
     }
 
+    private function createHasherUsingAdapter($hasherKey)
+    {
+        if (!$this->passwordHashers[$hasherKey] instanceof PasswordHasherInterface) {
+            $this->passwordHashers[$hasherKey] = $this->passwordHashers[$hasherKey] instanceof PasswordEncoderInterface
+                ? new PasswordHasherAdapter($this->passwordHashers[$hasherKey])
+                : $this->createHasher($this->passwordHashers[$hasherKey])
+            ;
+        }
+
+        return $this->passwordHashers[$hasherKey];
+    }
+
     private function getHasherConfigFromAlgorithm(array $config): array
     {
         if ('auto' === $config['algorithm']) {
@@ -143,6 +148,8 @@ private function getHasherConfigFromAlgorithm(array $config): array
 
             foreach ($frompasswordHashers as $name) {
                 if ($hasher = $this->passwordHashers[$name] ?? false) {
+                    $hasher = $this->createHasherUsingAdapter($name);
+
                     $hasher = $hasher instanceof PasswordHasherInterface ? $hasher : $this->createHasher($hasher, true);
                 } else {
                     $hasher = $this->createHasher(['algorithm' => $name], true);
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php
@@ -163,6 +163,26 @@ public function testMigrateFrom()
         $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $hasher->hash('foo', null));
     }
 
+    public function testMigrateFromLegacy()
+    {
+        if (!SodiumPasswordHasher::isSupported()) {
+            $this->markTestSkipped('Sodium is not available');
+        }
+
+        $factory = new PasswordHasherFactory([
+            'plaintext_encoder' => $plaintext = new PlaintextPasswordEncoder(),
+            SomeUser::class => ['algorithm' => 'sodium', 'migrate_from' => ['bcrypt', 'plaintext_encoder']],
+        ]);
+
+        $hasher = $factory->getPasswordHasher(SomeUser::class);
+        $this->assertInstanceOf(MigratingPasswordHasher::class, $hasher);
+
+        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify($plaintext->encodePassword('foo', null), 'foo', null));
+        $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $hasher->hash('foo', null));
+    }
+
     public function testDefaultMigratingHashers()
     {
         $this->assertInstanceOf(
