summaryrefslogtreecommitdiffstats
path: root/Core
diff options
context:
space:
mode:
Diffstat (limited to 'Core')
-rw-r--r--Core/Encoder/BCryptPasswordEncoder.php7
-rw-r--r--Core/Encoder/BasePasswordEncoder.php12
-rw-r--r--Core/Encoder/MessageDigestPasswordEncoder.php8
-rw-r--r--Core/Encoder/Pbkdf2PasswordEncoder.php8
-rw-r--r--Core/Encoder/PlaintextPasswordEncoder.php10
5 files changed, 42 insertions, 3 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php
index 9349291..fc79021 100644
--- a/Core/Encoder/BCryptPasswordEncoder.php
+++ b/Core/Encoder/BCryptPasswordEncoder.php
@@ -12,6 +12,7 @@
namespace Symfony\Component\Security\Core\Encoder;
use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
/**
* @author Elnur Abdurrakhimov <elnur@elnur.pro>
@@ -64,6 +65,10 @@ class BCryptPasswordEncoder extends BasePasswordEncoder
*/
public function encodePassword($raw, $salt)
{
+ if ($this->isPasswordTooLong($raw)) {
+ throw new BadCredentialsException('Invalid password.');
+ }
+
$options = array('cost' => $this->cost);
if ($salt) {
@@ -78,6 +83,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder
*/
public function isPasswordValid($encoded, $raw, $salt)
{
- return password_verify($raw, $encoded);
+ return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
}
}
diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php
index c26c9ce..b83eb30 100644
--- a/Core/Encoder/BasePasswordEncoder.php
+++ b/Core/Encoder/BasePasswordEncoder.php
@@ -20,6 +20,8 @@ use Symfony\Component\Security\Core\Util\StringUtils;
*/
abstract class BasePasswordEncoder implements PasswordEncoderInterface
{
+ const MAX_PASSWORD_LENGTH = 4096;
+
/**
* Demerges a merge password and salt string.
*
@@ -83,4 +85,14 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface
{
return StringUtils::equals($password1, $password2);
}
+
+ /**
+ * Checks if the password is too long.
+ *
+ * @return Boolean true if the password is too long, false otherwise
+ */
+ protected function isPasswordTooLong($password)
+ {
+ return strlen($password) > self::MAX_PASSWORD_LENGTH;
+ }
}
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php
index a8bd553..a7e5546 100644
--- a/Core/Encoder/MessageDigestPasswordEncoder.php
+++ b/Core/Encoder/MessageDigestPasswordEncoder.php
@@ -11,6 +11,8 @@
namespace Symfony\Component\Security\Core\Encoder;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
/**
* MessageDigestPasswordEncoder uses a message digest algorithm.
*
@@ -41,6 +43,10 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
*/
public function encodePassword($raw, $salt)
{
+ if ($this->isPasswordTooLong($raw)) {
+ throw new BadCredentialsException('Invalid password.');
+ }
+
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
@@ -61,6 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
*/
public function isPasswordValid($encoded, $raw, $salt)
{
- return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+ return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}
}
diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php
index 4f37ba3..8a5a958 100644
--- a/Core/Encoder/Pbkdf2PasswordEncoder.php
+++ b/Core/Encoder/Pbkdf2PasswordEncoder.php
@@ -11,6 +11,8 @@
namespace Symfony\Component\Security\Core\Encoder;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
/**
* Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2).
*
@@ -54,6 +56,10 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
*/
public function encodePassword($raw, $salt)
{
+ if ($this->isPasswordTooLong($raw)) {
+ throw new BadCredentialsException('Invalid password.');
+ }
+
if (!in_array($this->algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
}
@@ -72,7 +78,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
*/
public function isPasswordValid($encoded, $raw, $salt)
{
- return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+ return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}
private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php
index c21f3cd..22f3da4 100644
--- a/Core/Encoder/PlaintextPasswordEncoder.php
+++ b/Core/Encoder/PlaintextPasswordEncoder.php
@@ -11,6 +11,8 @@
namespace Symfony\Component\Security\Core\Encoder;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
/**
* PlaintextPasswordEncoder does not do any encoding.
*
@@ -35,6 +37,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder
*/
public function encodePassword($raw, $salt)
{
+ if ($this->isPasswordTooLong($raw)) {
+ throw new BadCredentialsException('Invalid password.');
+ }
+
return $this->mergePasswordAndSalt($raw, $salt);
}
@@ -43,6 +49,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder
*/
public function isPasswordValid($encoded, $raw, $salt)
{
+ if ($this->isPasswordTooLong($raw)) {
+ return false;
+ }
+
$pass2 = $this->mergePasswordAndSalt($raw, $salt);
if (!$this->ignorePasswordCase) {
generated by cgit v1.1 at 2025-05-28 04:39:59 +0000