summaryrefslogtreecommitdiffstats
path: root/Core/Encoder/MessageDigestPasswordEncoder.php
diff options
context:
space:
mode:
Diffstat (limited to 'Core/Encoder/MessageDigestPasswordEncoder.php')
-rw-r--r--Core/Encoder/MessageDigestPasswordEncoder.php10
1 files changed, 6 insertions, 4 deletions
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php
index efe1e5c..a7e5546 100644
--- a/Core/Encoder/MessageDigestPasswordEncoder.php
+++ b/Core/Encoder/MessageDigestPasswordEncoder.php
@@ -11,6 +11,8 @@
namespace Symfony\Component\Security\Core\Encoder;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
/**
* MessageDigestPasswordEncoder uses a message digest algorithm.
*
@@ -41,7 +43,9 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
*/
public function encodePassword($raw, $salt)
{
- $this->checkPasswordLength($raw);
+ if ($this->isPasswordTooLong($raw)) {
+ throw new BadCredentialsException('Invalid password.');
+ }
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
@@ -63,8 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
*/
public function isPasswordValid($encoded, $raw, $salt)
{
- $this->checkPasswordLength($raw);
-
- return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+ return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}
}
generated by cgit v1.1 at 2025-05-14 18:41:34 +0000