diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-12-18 17:59:46 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-12-18 17:59:46 +0100 |
| commit | e3d856ff389c4741c98d78b19716e49b2e4ae70f (patch) | |
| tree | d9d6961521c217ed03f215f5af468a85b01b7c55 | |
| parent | 9685b588a8a11822620871472fe46ff7a9fe483c (diff) | |
| parent | ad9416c7ecfd8ebb4cc57c8b044534b1cdaeb2ed (diff) | |
| download | symfony-security-e3d856ff389c4741c98d78b19716e49b2e4ae70f.zip symfony-security-e3d856ff389c4741c98d78b19716e49b2e4ae70f.tar.gz symfony-security-e3d856ff389c4741c98d78b19716e49b2e4ae70f.tar.bz2 | |
Merge branch '2.3' into 2.7
* 2.3:
[Form] fix #15544 when a collection type attribute "required" is false, "prototype" should too
updated validators.bg.xlf
[Security] Enable bcrypt validation and result length tests on all PHP versions
[Security] Verify if a password encoded with bcrypt is no longer than 72 characters
[Console] Avoid extra blank lines when rendering exceptions
[Yaml] do not remove "comments" in scalar blocks
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 2 | ||||
| -rw-r--r-- | Core/Encoder/BasePasswordEncoder.php | 2 | ||||
| -rw-r--r-- | Core/Tests/Encoder/BCryptPasswordEncoderTest.php | 6 |
3 files changed, 7 insertions, 3 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index d2b0319..83ae334 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -19,6 +19,8 @@ use Symfony\Component\Security\Core\Exception\BadCredentialsException; */ class BCryptPasswordEncoder extends BasePasswordEncoder { + const MAX_PASSWORD_LENGTH = 72; + /** * @var string */ diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index 1c9ada1..fcf2e47 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -95,6 +95,6 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface */ protected function isPasswordTooLong($password) { - return strlen($password) > self::MAX_PASSWORD_LENGTH; + return strlen($password) > static::MAX_PASSWORD_LENGTH; } } diff --git a/Core/Tests/Encoder/BCryptPasswordEncoderTest.php b/Core/Tests/Encoder/BCryptPasswordEncoderTest.php index ebd845d..40de8af 100644 --- a/Core/Tests/Encoder/BCryptPasswordEncoderTest.php +++ b/Core/Tests/Encoder/BCryptPasswordEncoderTest.php @@ -67,13 +67,15 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase { $encoder = new BCryptPasswordEncoder(self::VALID_COST); - $encoder->encodePassword(str_repeat('a', 5000), 'salt'); + $encoder->encodePassword(str_repeat('a', 73), 'salt'); } public function testCheckPasswordLength() { $encoder = new BCryptPasswordEncoder(self::VALID_COST); + $result = $encoder->encodePassword(str_repeat('a', 72), null); - $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); + $this->assertFalse($encoder->isPasswordValid($result, str_repeat('a', 73), 'salt')); + $this->assertTrue($encoder->isPasswordValid($result, str_repeat('a', 72), 'salt')); } } |