8000 [Security] Allow run-time configuration of hash algo · symfony/symfony@d18a435 · GitHub
[go: up one dir, main page]
Skip to content

Commit d18a435

Browse files
nicolas-grekasnicolas-grekas
committed
[Security] Allow run-time configuration of hash algo
1 parent c3ec1c2 commit d18a435

File tree

4 files changed

+62
-14
lines changed

4 files changed

+62
-14
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -493,15 +493,8 @@ private function createEncoder($config, ContainerBuilder $container)
493493
);
494494
}
495495

496-
// message digest encoder
497-
return array(
498-
'class' => 'Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder',
499-
'arguments' => array(
500-
$config['algorithm'],
501-
$config['encode_as_base64'],
502-
$config['iterations'],
503-
),
504-
);
496+
// run-time configured encoder
497+
return $config;
505498
}
506499

507500
// Parses user providers and returns an array of their ids

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -191,12 +191,22 @@ public function testEncoders()
191191
'arguments' => array(false),
192192
),
193193
'JMS\FooBundle\Entity\User2' => array(
194-
'class' => 'Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder',
195-
'arguments' => array('sha1', false, 5),
194+
'algorithm' => 'sha1',
195+
'encode_as_base64' => false,
196+
'iterations' => 5,
197+
'hash_algorithm' => 'sha512',
198+
'key_length' => 40,
199+
'ignore_case' => false,
200+
'cost' => 13,
196201
),
197202
'JMS\FooBundle\Entity\User3' => array(
198-
'class' => 'Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder',
199-
'arguments' => array('md5', true, 5000),
203+
'algorithm' => 'md5',
204+
'hash_algorithm' => 'sha512',
205+
'key_length' => 40,
206+
'ignore_case' => false,
207+
'encode_as_base64' => true,
208+
'iterations' => 5000,
209+
'cost' => 13,
200210
),
201211
'JMS\FooBundle\Entity\User4' => new Reference('security.encoder.foo'),
202212
'JMS\FooBundle\Entity\User5' => array(

src/Symfony/Bundle/SecurityBundle/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
],
1818
"require": {
1919
"php": ">=5.5.9",
20-
"symfony/security": "~3.1,>=3.1.2",
20+
"symfony/security": "~3.2",
2121
"symfony/http-kernel": "~3.1",
2222
"symfony/polyfill-php70": "~1.0"
2323
},

src/Symfony/Component/Security/Core/Encoder/EncoderFactory.php

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,11 @@
1111

1212
namespace Symfony\Component\Security\Core\Encoder;
1313

14+
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
15+
use Symfony\Component\Security\Core\Encoder\Pbkdf2PasswordEncoder;
16+
use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
17+
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
18+
1419
/**
1520
* A generic encoder factory implementation.
1621
*
@@ -69,6 +74,9 @@ public function getEncoder($user)
6974
*/
7075
private function createEncoder(array $config)
7176
{
77+
if (isset($config['algorithm'])) {
78+
$config = $this->getEncoderConfigFromAlgorithm($config);
79+
}
7280
if (!isset($config['class'])) {
7381
throw new \InvalidArgumentException(sprintf('"class" must be set in %s.', json_encode($config)));
7482
}
@@ -80,4 +88,41 @@ private function createEncoder(array $config)
8088

8189
return $reflection->newInstanceArgs($config['arguments']);
8290
}
91+
92+
private function getEncoderConfigFromAlgorithm($config)
93+
{
94+
switch ($config['algorithm']) {
95+
case 'plaintext':
96+
return array(
97+
'class' => PlaintextPasswordEncoder::class,
98+
'arguments' => array($config['ignore_case']),
99+
);
100+
101+
case 'pbkdf2':
102+
return array(
103+
'class' => Pbkdf2PasswordEncoder::class,
104+
'arguments' => array(
105+
$config['hash_algorithm'],
106+
$config['encode_as_base64'],
107+
$config['iterations'],
108+
$config['key_length'],
109+
),
110+
);
111+
112+
case 'bcrypt':
113+
return array(
114+
'class' => BCryptPasswordEncoder::class,
115+
'arguments' => array($config['cost']),
116+
);
117+
}
118+
119+
return array(
120+
'class' => MessageDigestPasswordEncoder::class,
121+
'arguments' => array(
122+
$config['algorithm'],
123+
$config['encode_as_base64'],
124+
$config['iterations'],
125+
),
126+
);
127+
}
83128
}

0 commit comments

Comments
 (0)
0