8000 bug #36824 [Security/Core] fix compat of `NativePasswordEncoder` with… · symfony/symfony@bce3760 · GitHub
[go: up one dir, main page]

Skip to content

Commit bce3760

Browse files
bug #36824 [Security/Core] fix compat of NativePasswordEncoder with pre-PHP74 values of PASSWORD_* consts (nicolas-grekas)
This PR was merged into the 4.4 branch. Discussion ---------- [Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #36451 | License | MIT | Doc PR | - Commits ------- df32171 [Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
2 parents ae67376 + df32171 commit bce3760

File tree

2 files changed

+23
-2
lines changed

2 files changed

+23
-2
lines changed

src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ final class NativePasswordEncoder implements PasswordEncoderInterface, SelfSalti
2424
{
2525
private const MAX_PASSWORD_LENGTH = 4096;
2626

27-
private $algo;
27+
private $algo = PASSWORD_BCRYPT;
2828
private $options;
2929

3030
/**
@@ -48,7 +48,20 @@ public function __construct(int $opsLimit = null, int $memLimit = null, int $cos
4848
throw new \InvalidArgumentException('$cost must be in the range of 4-31.');
4949
}
5050

51-
$this->algo = (string) ($algo ?? (\defined('PASSWORD_ARGON2ID') ? PASSWORD_ARGON2ID : (\defined('PASSWORD_ARGON2I') ? PASSWORD_ARGON2I : PASSWORD_BCRYPT)));
51+
$algos = [1 => PASSWORD_BCRYPT, '2y' => PASSWORD_BCRYPT];
52+
53+
if (\defined('PASSWORD_ARGON2I')) {
54+
$this->algo = $algos[2] = $algos['argon2i'] = (string) PASSWORD_ARGON2I;
55+
}
56+
57+
if (\defined('PASSWORD_ARGON2ID')) {
58+
$this->algo = $algos[3] = $algos['argon2id'] = (string) PASSWORD_ARGON2ID;
59+
}
60+
61+
if (null !== $algo) {
62+
$this->algo = $algos[$algo] ?? $algo;
63+
}
64+
5265
$this->options = [
5366
'cost' => $cost,
5467
'time_cost' => $opsLimit,

src/Symfony/Component/Security/Core/Tests/Encoder/NativePasswordEncoderTest.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,14 @@ public function testConfiguredAlgorithm()
7373
$this->assertStringStartsWith('$2', $result);
7474
}
7575

76+
public function testConfiguredAlgorithmWithLegacyConstValue()
77+
{
78+
$encoder = new NativePasswordEncoder(null, null, null, '1');
79+
$result = $encoder->encodePassword('password', null);
80+
$this->assertTrue($encoder->isPasswordValid($result, 'password', null));
81+
$this->assertStringStartsWith('$2', $result);
82+
}
83+
7684
public function testCheckPasswordLength()
7785
{
7886
$encoder = new NativePasswordEncoder(null, null, 4);

0 commit comments

Comments
 (0)
0