diff options
| -rw-r--r-- | Core/Authentication/Token/RememberMeToken.php | 17 | ||||
| -rw-r--r-- | Core/Encoder/MessageDigestPasswordEncoder.php | 4 | ||||
| -rw-r--r-- | Http/Firewall/ExceptionListener.php | 5 |
3 files changed, 23 insertions, 3 deletions
diff --git a/Core/Authentication/Token/RememberMeToken.php b/Core/Authentication/Token/RememberMeToken.php index 8ec3063..8ade136 100644 --- a/Core/Authentication/Token/RememberMeToken.php +++ b/Core/Authentication/Token/RememberMeToken.php @@ -66,4 +66,21 @@ class RememberMeToken extends Token { $this->persistentToken = $persistentToken; } + + + /** + * {@inheritdoc} + */ + public function serialize() + { + return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key)); + } + + /** + * {@inheritdoc} + */ + public function unserialize($serialized) + { + list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key) = unserialize($serialized); + } }
\ No newline at end of file diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index 811dd4c..2b87863 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -28,7 +28,7 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder * @param Boolean $encodeHashAsBase64 Whether to base64 encode the password hash * @param integer $iterations The number of iterations to use to stretch the password hash */ - public function __construct($algorithm = 'sha256', $encodeHashAsBase64 = false, $iterations = 1) + public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $iterations = 5000) { $this->algorithm = $algorithm; $this->encodeHashAsBase64 = $encodeHashAsBase64; @@ -49,7 +49,7 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder // "stretch" hash for ($i = 1; $i < $this->iterations; $i++) { - $digest = hash($this->algorithm, $digest, true); + $digest = hash($this->algorithm, $digest.$salted, true); } return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest); diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 350b029..d8f016e 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -160,7 +160,10 @@ class ExceptionListener implements ListenerInterface $this->logger->debug('Calling Authentication entry point'); } - $request->getSession()->set('_security.target_path', $request->getUri()); + // session isn't required when using http basic authentification mecanism for example + if ($request->hasSession()) { + $request->getSession()->set('_security.target_path', $request->getUri()); + } return $this->authenticationEntryPoint->start($event, $request, $authException); } |