diff options
| author | Nicolas Grekas <nicolas.grekas@gmail.com> | 2015-10-14 16:40:43 +0200 |
|---|---|---|
| committer | Nicolas Grekas <nicolas.grekas@gmail.com> | 2015-10-28 03:15:07 +0100 |
| commit | 1473342e7bb5d3d3080f78b196f528b4acf34db2 (patch) | |
| tree | 3319333a745b78bd7b4b04c504be69d7543f729b | |
| parent | d355322988b1c1d1798e19c41cc86b4169c31f2a (diff) | |
| download | symfony-security-1473342e7bb5d3d3080f78b196f528b4acf34db2.zip symfony-security-1473342e7bb5d3d3080f78b196f528b4acf34db2.tar.gz symfony-security-1473342e7bb5d3d3080f78b196f528b4acf34db2.tar.bz2 | |
Rely on iconv and symfony/polyfill-*
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 4 | ||||
| -rw-r--r-- | Core/Encoder/BasePasswordEncoder.php | 4 | ||||
| -rw-r--r-- | Core/Encoder/Pbkdf2PasswordEncoder.php | 26 | ||||
| -rw-r--r-- | Core/Tests/Util/StringUtilsTest.php | 2 | ||||
| -rw-r--r-- | Core/Util/StringUtils.php | 39 | ||||
| -rw-r--r-- | Core/composer.json | 12 | ||||
| -rw-r--r-- | Csrf/CsrfTokenManager.php | 3 | ||||
| -rw-r--r-- | Csrf/composer.json | 4 | ||||
| -rw-r--r-- | Http/RememberMe/TokenBasedRememberMeServices.php | 3 | ||||
| -rw-r--r-- | Http/composer.json | 5 | ||||
| -rw-r--r-- | composer.json | 11 |
11 files changed, 31 insertions, 82 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index d2b0319..c0c8fe0 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -34,10 +34,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function __construct($cost) { - if (!function_exists('password_hash')) { - throw new \RuntimeException('To use the BCrypt encoder, you need to upgrade to PHP 5.5 or install the "ircmaxell/password-compat" via Composer.'); - } - $cost = (int) $cost; if ($cost < 4 || $cost > 31) { throw new \InvalidArgumentException('Cost must be in the range of 4-31.'); diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index 1c9ada1..12126d8 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\Util\StringUtils; - /** * BasePasswordEncoder is the base class for all password encoders. * @@ -83,7 +81,7 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface */ protected function comparePasswords($password1, $password2) { - return StringUtils::equals($password1, $password2); + return hash_equals($password1, $password2); } /** diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php index 6f24c4f..8422a4b 100644 --- a/Core/Encoder/Pbkdf2PasswordEncoder.php +++ b/Core/Encoder/Pbkdf2PasswordEncoder.php @@ -64,11 +64,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); } - if (function_exists('hash_pbkdf2')) { - $digest = hash_pbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length, true); - } else { - $digest = $this->hashPbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length); - } + $digest = hash_pbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length, true); return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest); } @@ -80,24 +76,4 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder { return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } - - private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) - { - // Number of blocks needed to create the derived key - $blocks = ceil($length / strlen(hash($algorithm, null, true))); - $digest = ''; - - for ($i = 1; $i <= $blocks; ++$i) { - $ib = $block = hash_hmac($algorithm, $salt.pack('N', $i), $password, true); - - // Iterations - for ($j = 1; $j < $iterations; ++$j) { - $ib ^= ($block = hash_hmac($algorithm, $block, $password, true)); - } - - $digest .= $ib; - } - - return substr($digest, 0, $this->length); - } } diff --git a/Core/Tests/Util/StringUtilsTest.php b/Core/Tests/Util/StringUtilsTest.php index faeaf25..78d9b05 100644 --- a/Core/Tests/Util/StringUtilsTest.php +++ b/Core/Tests/Util/StringUtilsTest.php @@ -15,6 +15,8 @@ use Symfony\Component\Security\Core\Util\StringUtils; /** * Data from PHP.net's hash_equals tests. + * + * @group legacy */ class StringUtilsTest extends \PHPUnit_Framework_TestCase { diff --git a/Core/Util/StringUtils.php b/Core/Util/StringUtils.php index 343585c..5900812 100644 --- a/Core/Util/StringUtils.php +++ b/Core/Util/StringUtils.php @@ -11,10 +11,16 @@ namespace Symfony\Component\Security\Core\Util; +@trigger_error('The '.__NAMESPACE__.'\\StringUtils class is deprecated since version 2.8 and will be removed in 3.0. Use hash_equals() instead.', E_USER_DEPRECATED); + +use Symfony\Component\Polyfill\Util\Binary; + /** * String utility functions. * * @author Fabien Potencier <fabien@symfony.com> + * + * @deprecated since 2.8, to be removed in 3.0. */ class StringUtils { @@ -47,25 +53,7 @@ class StringUtils $userInput = (string) $userInput; } - if (function_exists('hash_equals')) { - return hash_equals($knownString, $userInput); - } - - $knownLen = self::safeStrlen($knownString); - $userLen = self::safeStrlen($userInput); - - if ($userLen !== $knownLen) { - return false; - } - - $result = 0; - - for ($i = 0; $i < $knownLen; ++$i) { - $result |= (ord($knownString[$i]) ^ ord($userInput[$i])); - } - - // They are only identical strings if $result is exactly 0... - return 0 === $result; + return hash_equals($knownString, $userInput); } /** @@ -77,17 +65,6 @@ class StringUtils */ public static function safeStrlen($string) { - // Premature optimization - // Since this cannot be changed at runtime, we can cache it - static $funcExists = null; - if (null === $funcExists) { - $funcExists = function_exists('mb_strlen'); - } - - if ($funcExists) { - return mb_strlen($string, '8bit'); - } - - return strlen($string); + return Binary::strlen($string); } } diff --git a/Core/composer.json b/Core/composer.json index 31b4653..c75d2d5 100644 --- a/Core/composer.json +++ b/Core/composer.json @@ -17,25 +17,25 @@ ], "require": { "php": ">=5.3.9", - "paragonie/random_compat": "~1.0" + "symfony/polyfill-php55": "~1.0", + "symfony/polyfill-php56": "~1.0", + "symfony/polyfill-util": "~1.0" }, "require-dev": { "symfony/event-dispatcher": "~2.1|~3.0.0", "symfony/expression-language": "~2.6|~3.0.0", "symfony/http-foundation": "~2.4|~3.0.0", + "symfony/ldap": "~2.8|~3.0.0", "symfony/translation": "~2.0,>=2.0.5|~3.0.0", "symfony/validator": "~2.5,>=2.5.5|~3.0.0", - "psr/log": "~1.0", - "ircmaxell/password-compat": "1.0.*", - "symfony/ldap": "~2.8|~3.0.0" + "psr/log": "~1.0" }, "suggest": { "symfony/event-dispatcher": "", "symfony/http-foundation": "", "symfony/validator": "For using the user password constraint", "symfony/expression-language": "For using the expression voter", - "symfony/ldap": "For using LDAP integration", - "ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5" + "symfony/ldap": "For using LDAP integration" }, "autoload": { "psr-4": { "Symfony\\Component\\Security\\Core\\": "" } diff --git a/Csrf/CsrfTokenManager.php b/Csrf/CsrfTokenManager.php index e129502..cdda543 100644 --- a/Csrf/CsrfTokenManager.php +++ b/Csrf/CsrfTokenManager.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Csrf; -use Symfony\Component\Security\Core\Util\StringUtils; use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator; use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface; use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage; @@ -92,6 +91,6 @@ class CsrfTokenManager implements CsrfTokenManagerInterface return false; } - return StringUtils::equals($this->storage->getToken($token->getId()), $token->getValue()); + return hash_equals($this->storage->getToken($token->getId()), $token->getValue()); } } diff --git a/Csrf/composer.json b/Csrf/composer.json index 2afebf9..c8e2fae 100644 --- a/Csrf/composer.json +++ b/Csrf/composer.json @@ -17,8 +17,8 @@ ], "require": { "php": ">=5.3.9", - "symfony/security-core": "~2.4|~3.0.0", - "paragonie/random_compat": "~1.0" + "symfony/polyfill-php56": "~1.0", + "symfony/security-core": "~2.4|~3.0.0" }, "require-dev": { "symfony/http-foundation": "~2.1|~3.0.0" diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php index f6107ec..a443702 100644 --- a/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/Http/RememberMe/TokenBasedRememberMeServices.php @@ -17,7 +17,6 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Core\Util\StringUtils; /** * Concrete implementation of the RememberMeServicesInterface providing @@ -54,7 +53,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } - if (true !== StringUtils::equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) { + if (true !== hash_equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) { throw new AuthenticationException('The cookie\'s hash is invalid.'); } diff --git a/Http/composer.json b/Http/composer.json index 65978ee..686a629 100644 --- a/Http/composer.json +++ b/Http/composer.json @@ -21,8 +21,9 @@ "symfony/event-dispatcher": "~2.1|~3.0.0", "symfony/http-foundation": "~2.4|~3.0.0", "symfony/http-kernel": "~2.4|~3.0.0", - "symfony/property-access": "~2.3|~3.0.0", - "paragonie/random_compat": "~1.0" + "symfony/polyfill-php56": "~1.0", + "symfony/polyfill-php70": "~1.0", + "symfony/property-access": "~2.3|~3.0.0" }, "require-dev": { "symfony/routing": "~2.2|~3.0.0", diff --git a/composer.json b/composer.json index 65a2eb0..beb2f88 100644 --- a/composer.json +++ b/composer.json @@ -21,8 +21,11 @@ "symfony/event-dispatcher": "~2.2|~3.0.0", "symfony/http-foundation": "~2.1|~3.0.0", "symfony/http-kernel": "~2.4|~3.0.0", - "symfony/property-access": "~2.3|~3.0.0", - "paragonie/random_compat": "~1.0" + "symfony/polyfill-php55": "~1.0", + "symfony/polyfill-php56": "~1.0", + "symfony/polyfill-php70": "~1.0", + "symfony/polyfill-util": "~1.0", + "symfony/property-access": "~2.3|~3.0.0" }, "replace": { "symfony/security-core": "self.version", @@ -32,14 +35,13 @@ }, "require-dev": { "symfony/finder": "~2.3|~3.0.0", - "symfony/intl": "~2.3|~3.0.0", + "symfony/polyfill-intl-icu": "~1.0", "symfony/routing": "~2.2|~3.0.0", "symfony/translation": "~2.0,>=2.0.5|~3.0.0", "symfony/validator": "~2.5,>=2.5.5|~3.0.0", "doctrine/common": "~2.2", "doctrine/dbal": "~2.2", "psr/log": "~1.0", - "ircmaxell/password-compat": "~1.0", "symfony/expression-language": "~2.6|~3.0.0", "symfony/ldap": "~2.8|~3.0.0" }, @@ -50,7 +52,6 @@ "symfony/validator": "For using the user password constraint", "symfony/routing": "For using the HttpUtils class to create sub-requests, redirect the user, and match URLs", "symfony/expression-language": "For using the expression voter", - "ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5", "symfony/ldap": "For using the LDAP user and authentication providers" }, "autoload": { |