10000 Fixed the ordering argument for the UserPasswordEncoderCommand by using options by saro0h · Pull Request #14017 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

Fixed the ordering argument for the UserPasswordEncoderCommand by using options #14017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Fixed the ordering argument for the UserPasswordEncoderCommand by using options #14017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Fixed the ordering argument for the UserPasswordEncoderCommand by usi… 
…ng options
  • Loading branch information
@saro0h
saro0h committed Mar 24, 2015
commit caffbfba5df1b8097cc6ed63a7891af983959c93
70 changes: 48 additions & 22 deletions src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,12 @@
namespace Symfony\Bundle\SecurityBundle\Command;

use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
use Symfony\Component\Console\Helper\Table;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\Question;
use Symfony\Component\Console\Helper\Table;

/**
* Encode a user's password.
Expand All @@ -32,10 +33,10 @@ protected function configure()
{
$this
->setName('security:encode-password')
->setDescription('Encode a password.')
->addArgument('password', InputArgument::OPTIONAL, 'Enter a password')
->addArgument('user-class', InputArgument::OPTIONAL, 'Enter the user class configured to find the encoder you need.')
->addArgument('salt', InputArgument::OPTIONAL, 'Enter the salt you want to use to encode your password.')
->setDescription('Encodes a password.')
->addArgument('password', InputArgument::OPTIONAL, 'The raw password to encode.')
->addOption('user-class', null, InputOption::VALUE_REQUIRED, 'The user class to retrieve the configured password encoder.')
->addOption('salt', null, InputOption::VALUE_REQUIRED, 'The salt to use to encode the raw password.')
->setHelp(<<<EOF

The <info>%command.name%</info> command allows to encode a password using encoders
Expand All @@ -59,8 +60,10 @@ protected function configure()
The command allows you to provide your own <comment>salt</comment>. If you don't provide any,
the command will take care about that for you.

You can also use the non interactive way by typing the following command:
<info>php %command.full_name% [password] [user-class] [salt]</info>
You can also use the non interactive way:
- the very simple way is to simply type: <info>php %command.full_name% [password] -n</info>. The salt will be generated
for you, and the configuration of the <comment>Symfony\Component\Security\Core\User\User</comment> class will be taken to grab the right encoder.
- You can also provide the salt and the user class by typing: <info>php %command.full_name% [password] --salt=[salt] --user-class=[namespace-class]</info>

EOF
)
Expand All @@ -75,8 +78,8 @@ protected function execute(InputInterface $input, OutputInterface $output)
$this->writeIntroduction($output);

$password = $input->getArgument('password');
$salt = $input->getArgument('salt');
$userClass = $input->getArgument('user-class');
$salt = $input->getOption('salt');
$userClass = $input->getOption('user-class');

$helper = $this->getHelper('question');

Expand All @@ -85,19 +88,29 @@ protected function execute(InputInterface $input, OutputInterface $output)
$password = $helper->ask($input, $output, $passwordQuestion);
}

if (!$salt) {
$saltQuestion = $this->createSaltQuestion($input, $output);
$salt = $helper->ask($input, $output, $saltQuestion);
}
if (!$userClass) {

$output->writeln("\n <comment>Encoders are configured by user type in the security.yml file.</comment>");
if ($input->isInteractive()) {
$userClassQuestion = $this->createUserClassQuestion($input, $output);
$userClass = $helper->ask($input, $output, $userClassQuestion);
} else {
$userClass = 'Symfony\Component\Security\Core\User\User';
}
}
$encoder = $this->getContainer()->get('security.encoder_factory')->getEncoder($userClass);

if (!$userClass) {
$userClassQuestion = $this->createUserClassQuestion($input, $output);
$userClass = $helper->ask($input, $output, $userClassQuestion);
if ($encoder instanceof \Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder) {
$salt = null;
$output->writeln('<comment>As the type of the encoder is Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder, it is preferable to not provide any salt.</comment>');
} elseif (!$salt) {
if ($input->isInteractive()) {
$saltQuestion = $this->createSaltQuestion($input, $output);
$salt = $helper->ask($input, $output, $saltQuestion);
} else {
$salt = $this->generateSalt($output);
}
}

$encoder = $this->getContainer()->get('security.encoder_factory')->getEncoder($userClass);
$encodedPassword = $encoder->encodePassword($password, $salt);

$this->writeResult($output);
Expand Down Expand Up @@ -148,15 +161,15 @@ private function createPasswordQuestion(InputInterface $input, OutputInterface $
*/
private function createSaltQuestion(InputInterface $input, OutputInterface $output)
{
$output->writeln('<comment>Caution: It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one.</comment>');
$saltQuestion = new Question("\n > (Optional) <question>Provide a salt (press <enter> to generate one):</question> ");

$container = $this->getContainer();
$saltQuestion->setValidator(function ($value) use ($output, $container) {
$that = $this;
$saltQuestion->setValidator(function ($value) use ($output, $that) {
if ('' === trim($value)) {
$value = base64_encode($container->get('security.secure_random')->nextBytes(30));

$output->writeln("\n<comment>The salt has been generated: </comment>".$value);
$output->writeln(sprintf("<comment>Make sure that your salt storage field fits this salt length: %s chars.</comment>\n", strlen($value)));
$value = $that->generateSalt($output);
}

return $value;
Expand Down Expand Up @@ -222,4 +235,17 @@ private function writeResult(OutputInterface $output)
'',
));
}

/**
* @internal
*/
public function generateSalt(OutputInterface $output)
{
$value = base64_encode($this->getContainer()->get('security.secure_random')->nextBytes(30));

$output->writeln(sprintf("\n<comment>The salt has been generated: %s</comment>", $value));
$output->writeln(sprintf("<comment>Make sure that your salt storage field fits this salt length: %s chars.</comment>\n", strlen($value)));

return $value;
}
}
38 changes: 27 additions & 11 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/UserPasswordEncoderCommandTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ public function testEncodePasswordPasswordPlainText()
$this->passwordEncoderCommandTester->execute(array(
'command' => 'security:encode-password',
'password' => 'password',
'user-class' => 'Symfony\Component\Security\Core\User\User',
'salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
'--user-class' => 'Symfony\Component\Security\Core\User\User',
'--salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
));
$expected = file_get_contents(__DIR__.'/app/PasswordEncode/plaintext.txt');

Expand All @@ -42,21 +42,22 @@ public function testEncodePasswordBcrypt()
$this->passwordEncoderCommandTester->execute(array(
'command' => 'security:encode-password',
'password' => 'password',
'user-class' => 'Custom\Class\Bcrypt\User',
'salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
'--user-class' => 'Custom\Class\Bcrypt\User',
'--salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
));
$expected = file_get_contents(__DIR__.'/app/PasswordEncode/bcrypt.txt');

$this->assertEquals($expected, $this->passwordEncoderCommandTester->getDisplay());
$this->assertContains('Password encoding succeeded', $this->passwordEncoderCommandTester->getDisplay());
$this->assertContains('$2y$13$', $this->passwordEncoderCommandTester->getDisplay());

}

public function testEncodePasswordPbkdf2()
{
$this->passwordEncoderCommandTester->execute(array(
'command' => 'security:encode-password',
'password' => 'password',
'user-class' => 'Custom\Class\Pbkdf2\User',
'salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
'--user-class' => 'Custom\Class\Pbkdf2\User',
'--salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
));

$expected = file_get_contents(__DIR__.'/app/PasswordEncode/pbkdf2.txt');
Expand All @@ -66,16 +67,31 @@ public function testEncodePasswordPbkdf2()

public function testEncodePasswordNoConfigForGivenUserClass()
{
$this->setExpectedException('\RuntimeException', 'No encoder has been configured for account "Wrong/User/Class".');
$this->setExpectedException('\RuntimeException', 'No encoder has been configured for account "Foo\Bar\User".');

$this->passwordEncoderCommandTester->execute(array(
'command' => 'security:encode-password',
'password' => 'password',
'user-class' => 'Wrong/User/Class',
'salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
'--user-class' => 'Foo\Bar\User',
'--salt' => 'AZERTYUIOPOfghjklytrertyuiolnbcxdfghjkytrfghjk',
));
}

public function testEncodePasswordWithNoSaltNoInteraction()
{
$this->passwordEncoderCommandTester->execute(
array(
'command' => 'security:encode-password',
'password' => 'password',
'--user-class' => 'Symfony\Component\Security\Core\User\User',
),
array('interactive' => false)
);

$this->assertContains('Password encoding succeeded', $this->passwordEncoderCommandTester->getDisplay());
$this->assertContains('password{', $this->passwordEncoderCommandTester->getDisplay());
}

protected function setUp()
{
$kernel = $this->createKernel(array('test_case' => 'PasswordEncode'));
Expand Down
22 changes: 0 additions & 22 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/bcrypt.txt
View file
Open in desktop

This file was deleted.

2 changes: 0 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/pbkdf2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ This command encodes any password you want according to the configuration you
made in your configuration file containing the security.encoders key.


Encoders are configured by user type in the security.yml file.


✔ Password encoding succeeded

Expand Down
2 changes: 0 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/plaintext.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ This command encodes any password you want according to the configuration you
made in your configuration file containing the security.encoders key.


Encoders are configured by user type in the security.yml file.


✔ Password encoding succeeded

Expand Down
0