diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-10-10 16:19:44 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-10-10 16:19:44 +0200 |
| commit | c6bcb7699b39b8575cbd5527d9f65428500163ba (patch) | |
| tree | c37394d4e3abd73ea35cc52c462f40e857b11b05 /Core/Encoder/MessageDigestPasswordEncoder.php | |
| parent | 8780aecc6088ec65909d68dfebd867dfa99a0d77 (diff) | |
| parent | b6d302f1f0f1235aa376c180dcd289f38b3df70e (diff) | |
| download | symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.zip symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.gz symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.bz2 | |
Merge branch '2.3'
* 2.3:
bumped Symfony version to 2.3.7
updated VERSION for 2.3.6
updated CHANGELOG for 2.3.6
bumped Symfony version to 2.2.10
updated VERSION for 2.2.9
update CONTRIBUTORS for 2.2.9
updated CHANGELOG for 2.2.9
[Security] limited the password length passed to encoders
[HttpKernel] Fixed a test (compiler pass class name has been changed).
assets:install command should mirror .dotfiles (.htaccess)
PoFileDumper - PO headers
removed whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php
src/Symfony/Component/Security/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php
src/Symfony/Component/Security/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php
src/Symfony/Component/Security/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
Diffstat (limited to 'Core/Encoder/MessageDigestPasswordEncoder.php')
| -rw-r--r-- | Core/Encoder/MessageDigestPasswordEncoder.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index efe1e5c..a7e5546 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * MessageDigestPasswordEncoder uses a message digest algorithm. * @@ -41,7 +43,9 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); @@ -63,8 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } } |