Skip to content

Commit fd81bb8

Browse files
chalasrchalasr
committed
bug #35060 [Security] Fix missing defaults for auto-migrating encoders (chalasr)
This PR was merged into the 4.4 branch. Discussion ---------- [Security] Fix missing defaults for auto-migrating encoders | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fixes #35058 | License | MIT | Doc PR | - Commits ------- 665ef06 [Security] Fix missing defaults for auto-migrating encoders
2 parents aac9ca2 + 665ef06 commit fd81bb8

File tree

2 files changed

+11
-6
lines changed

2 files changed

+11
-6
lines changed

src/Symfony/Component/Security/Core/Encoder/EncoderFactory.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -144,10 +144,10 @@ private function getEncoderConfigFromAlgorithm(array $config): array
144144
return [
145145
'class' => Pbkdf2PasswordEncoder::class,
146146
'arguments' => [
147-
$config['hash_algorithm'],
148-
$config['encode_as_base64'],
149-
$config['iterations'],
150-
$config['key_length'],
147+
$config['hash_algorithm'] ?? 'sha512',
148+
$config['encode_as_base64'] ?? true,
149+
$config['iterations'] ?? 1000,
150+
$config['key_length'] ?? 40,
151151
],
152152
];
153153

@@ -205,8 +205,8 @@ private function getEncoderConfigFromAlgorithm(array $config): array
205205
'class' => MessageDigestPasswordEncoder::class,
206206
'arguments' => [
207207
$config['algorithm'],
208-
$config['encode_as_base64'],
209-
$config['iterations'],
208+
$config['encode_as_base64'] ?? true,
209+
$config['iterations'] ?? 5000,
210210
],
211211
];
212212
}

src/Symfony/Component/Security/Core/Tests/Encoder/EncoderFactoryTest.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -162,6 +162,11 @@ public function testDefaultMigratingEncoders()
162162
(new EncoderFactory([SomeUser::class => ['class' => NativePasswordEncoder::class, 'arguments' => []]]))->getEncoder(SomeUser::class)
163163
);
164164

165+
$this->assertInstanceOf(
166+
MigratingPasswordEncoder::class,
167+
(new EncoderFactory([SomeUser::class => ['algorithm' => 'bcrypt', 'cost' => 11]]))->getEncoder(SomeUser::class)
168+
);
169+
165170
if (!SodiumPasswordEncoder::isSupported()) {
166171
return;
167172
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy