diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-10-10 16:19:44 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-10-10 16:19:44 +0200 |
| commit | c6bcb7699b39b8575cbd5527d9f65428500163ba (patch) | |
| tree | c37394d4e3abd73ea35cc52c462f40e857b11b05 /Core/Encoder | |
| parent | 8780aecc6088ec65909d68dfebd867dfa99a0d77 (diff) | |
| parent | b6d302f1f0f1235aa376c180dcd289f38b3df70e (diff) | |
| download | symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.zip symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.gz symfony-security-c6bcb7699b39b8575cbd5527d9f65428500163ba.tar.bz2 | |
Merge branch '2.3'
* 2.3:
bumped Symfony version to 2.3.7
updated VERSION for 2.3.6
updated CHANGELOG for 2.3.6
bumped Symfony version to 2.2.10
updated VERSION for 2.2.9
update CONTRIBUTORS for 2.2.9
updated CHANGELOG for 2.2.9
[Security] limited the password length passed to encoders
[HttpKernel] Fixed a test (compiler pass class name has been changed).
assets:install command should mirror .dotfiles (.htaccess)
PoFileDumper - PO headers
removed whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php
src/Symfony/Component/Security/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php
src/Symfony/Component/Security/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php
src/Symfony/Component/Security/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
Diffstat (limited to 'Core/Encoder')
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 9 | ||||
| -rw-r--r-- | Core/Encoder/BasePasswordEncoder.php | 11 | ||||
| -rw-r--r-- | Core/Encoder/MessageDigestPasswordEncoder.php | 10 | ||||
| -rw-r--r-- | Core/Encoder/Pbkdf2PasswordEncoder.php | 10 | ||||
| -rw-r--r-- | Core/Encoder/PlaintextPasswordEncoder.php | 10 |
5 files changed, 32 insertions, 18 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index e8b2632..fc79021 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Core\Encoder; use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; /** * @author Elnur Abdurrakhimov <elnur@elnur.pro> @@ -64,7 +65,9 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } $options = array('cost' => $this->cost); @@ -80,8 +83,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return password_verify($raw, $encoded); + return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded); } } diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index b7e52bb..ba8ba79 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -87,10 +87,13 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface return StringUtils::equals($password1, $password2); } - protected function checkPasswordLength($password) + /** + * Checks if the password is too long. + * + * @return Boolean true if the password is too long, false otherwise + */ + protected function isPasswordTooLong($password) { - if (strlen($password) > self::MAX_PASSWORD_LENGTH) { - throw new BadCredentialsException('Invalid password.'); - } + return strlen($password) > self::MAX_PASSWORD_LENGTH; } } diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index efe1e5c..a7e5546 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * MessageDigestPasswordEncoder uses a message digest algorithm. * @@ -41,7 +43,9 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); @@ -63,8 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } } diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php index a4b5c3b..8a5a958 100644 --- a/Core/Encoder/Pbkdf2PasswordEncoder.php +++ b/Core/Encoder/Pbkdf2PasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2). * @@ -54,7 +56,9 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); @@ -74,9 +78,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php index 55aad18..22f3da4 100644 --- a/Core/Encoder/PlaintextPasswordEncoder.php +++ b/Core/Encoder/PlaintextPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * PlaintextPasswordEncoder does not do any encoding. * @@ -35,7 +37,9 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } return $this->mergePasswordAndSalt($raw, $salt); } @@ -45,7 +49,9 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + return false; + } $pass2 = $this->mergePasswordAndSalt($raw, $salt); |