Skip to content

Commit 935b749

Browse files
nicolas-grekasnicolas-grekas
committed
Rehash passwords when possible and needed
1 parent 186ffc8 commit 935b749

File tree

6 files changed

+49
-9
lines changed

6 files changed

+49
-9
lines changed

src/Doctrine/EntityClassGenerator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ public function __construct(Generator $generator)
2626
$this->generator = $generator;
2727
}
2828

29-
public function generateEntityClass(ClassNameDetails $entityClassDetails, bool $apiResource): string
29+
public function generateEntityClass(ClassNameDetails $entityClassDetails, bool $apiResource, bool $securityUser = false): string
3030
{
3131
$repoClassDetails = $this->generator->createClassNameDetails(
3232
$entityClassDetails->getRelativeName(),
@@ -51,6 +51,7 @@ public function generateEntityClass(ClassNameDetails $entityClassDetails, bool $
5151
'entity_full_class_name' => $entityClassDetails->getFullName(),
5252
'entity_class_name' => $entityClassDetails->getShortName(),
5353
'entity_alias' => $entityAlias,
54+
'security_user' => $securityUser,
5455
]
5556
);
5657

src/Maker/MakeUser.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
use Symfony\Component\Console\Input\InputInterface;
3333
use Symfony\Component\Console\Input\InputOption;
3434
use Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
35+
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
3536
use Symfony\Component\Yaml\Yaml;
3637

3738
/**
@@ -134,7 +135,8 @@ public function generate(InputInterface $input, ConsoleStyle $io, Generator $gen
134135
$entityClassGenerator = new EntityClassGenerator($generator);
135136
$classPath = $entityClassGenerator->generateEntityClass(
136137
$userClassNameDetails,
137-
false // api resource
138+
false, // api resource
139+
interface_exists(PasswordUpgraderInterface::class) // security user
138140
);
139141
} else {
140142
$classPath = $generator->generateClass($userClassNameDetails->getFullName(), 'Class.tpl.php');

src/Resources/skeleton/authenticator/EmptyAuthenticator.tpl.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
use Symfony\Component\HttpFoundation\Request;
66
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
77
use Symfony\Component\Security\Core\Exception\AuthenticationException;
8+
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
89
use Symfony\Component\Security\Core\User\UserInterface;
910
use Symfony\Component\Security\Core\User\UserProviderInterface;
1011
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
@@ -26,7 +27,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
2627
// todo
2728
}
2829

29-
public function checkCredentials($credentials, UserInterface $user)
30+
public function checkCredentials($credentials, UserInterface $user, PasswordUpgraderInterface $passwordUpgrader = null)
3031
{
3132
// todo
3233
}

src/Resources/skeleton/authenticator/LoginFormAuthenticator.tpl.php

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
<?= $user_needs_encoder ? "use Symfony\\Component\\Security\\Core\\Encoder\\UserPasswordEncoderInterface;\n" : null ?>
1313
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
1414
use Symfony\Component\Security\Core\Security;
15+
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
1516
use Symfony\Component\Security\Core\User\UserInterface;
1617
use Symfony\Component\Security\Core\User\UserProviderInterface;
1718
use Symfony\Component\Security\Csrf\CsrfToken;
@@ -77,12 +78,26 @@ public function getUser($credentials, UserProviderInterface $userProvider)
7778
return $user;
7879
}
7980

80-
public function checkCredentials($credentials, UserInterface $user)
81+
public function checkCredentials($credentials, UserInterface $user, PasswordUpgraderInterface $passwordUpgrader = null)
8182
{
82-
<?= $user_needs_encoder ? "return \$this->passwordEncoder->isPasswordValid(\$user, \$credentials['password']);\n"
83-
: "// Check the user's password or other credentials and return true or false
83+
<?= !$user_needs_encoder
84+
85+
? "// Check the user's password or other credentials and return true or false
8486
// If there are no credentials to check, you can just return true
85-
throw new \Exception('TODO: check the credentials inside '.__FILE__);\n" ?>
87+
throw new \Exception('TODO: check the credentials inside '.__FILE__);\n"
88+
89+
: (!method_exists('Symfony\Component\Security\Core\Encoder\BasePasswordEncoder', 'needsRehash')
90+
? "return \$this->passwordEncoder->isPasswordValid(\$user, \$credentials['password']);\n"
91+
92+
: "if (!\$this->passwordEncoder->isPasswordValid(\$user, \$credentials['password'])) {
93+
return false;
94+
}
95+
96+
if (null !== \$passwordUpgrader && \$this->passwordEncoder->needsRehash(\$credentials['password'])) {
97+
\$passwordUpgrader->upgradePassword(\$user, \$this->passwordEncoder->encodePassword(\$credentials['password'], \$user->getSalt()));
98+
}
99+
100+
return true;\n") ?>
86101
}
87102

88103
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)

src/Resources/skeleton/doctrine/Repository.tpl.php

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,19 +5,28 @@
55
use <?= $entity_full_class_name; ?>;
66
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
77
use Symfony\Bridge\Doctrine\RegistryInterface;
8+
<?= $security_user ? "use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;\n" : '' ?>
9+
<?= $security_user ? "use Symfony\Component\Security\Core\User\UserInterface;\n" : '' ?>
810

911
/**
1012
* @method <?= $entity_class_name; ?>|null find($id, $lockMode = null, $lockVersion = null)
1113
* @method <?= $entity_class_name; ?>|null findOneBy(array $criteria, array $orderBy = null)
1214
* @method <?= $entity_class_name; ?>[] findAll()
1315
* @method <?= $entity_class_name; ?>[] findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
1416
*/
15-
class <?= $class_name; ?> extends ServiceEntityRepository
17+
class <?= $class_name; ?> extends ServiceEntityRepository<?= $security_user ? "implements PasswordUpgraderInterface\n" : "\n" ?>
1618
{
1719
public function __construct(RegistryInterface $registry)
1820
{
1921
parent::__construct($registry, <?= $entity_class_name; ?>::class);
2022
}
23+
<?= $security_user ? '
24+
public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
25+
{
26+
$user->setPassword($newEncodedPassword);
27+
$this->_em->flush($user);
28+
}' : ''; ?>
29+
2130

2231
// /**
2332
// * @return <?= $entity_class_name ?>[] Returns an array of <?= $entity_class_name ?> objects

src/Resources/skeleton/security/UserProvider.tpl.php

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,11 @@
44

55
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
66
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
7+
<?= ($password_upgrader = interface_exists('Symfony\Component\Security\Core\User\PasswordUpgraderInterface')) ? "use Symfony\Component\Security\Core\User\PasswordUpgraderInterface\n" : '' ?>
78
use Symfony\Component\Security\Core\User\UserInterface;
89
use Symfony\Component\Security\Core\User\UserProviderInterface;
910

10-
class <?= $class_name ?> implements UserProviderInterface
11+
class <?= $class_name ?> implements UserProviderInterface<?= $password_upgrader ? ", PasswordUpgraderInterface\n" : "\n" ?>
1112
{
1213
/**
1314
* Symfony calls this method if you use features like switch_user
@@ -60,4 +61,15 @@ public function supportsClass($class)
6061
{
6162
return <?= $user_short_name ?>::class === $class;
6263
}
64+
<?= $password_upgrader ? '
65+
/**
66+
* Upgrades the encoded password of a user, typically for using a better hash algorithm.
67+
*/
68+
public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
69+
{
70+
// TODO: when encoded passwords are in use, this method should:
71+
// 1. persist the new password in the user storage
72+
// 2. update the $user object with $user->setPassword($newEncodedPassword);
73+
}
74+
' : '' ?>
6375
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy