bug #34738 [SecurityBundle] Passwords are not encoded when algorithm …

…set to "true" (nieuwenhuisen) This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] Passwords are not encoded when algorithm set to "true" | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #34725 | License | MIT | Doc PR | - If the algorithm is set to `true`, password will be encode as plain password. ``` security: encoders: App\User\User: algorithm: true ``` The reason for this is the not strict comparison of php switches. ``` switch ($config['algorithm']) { case 'plaintext': } ``` `true == 'plaintext'` is `true`, so the first case is hit. My first solution was to cast the algorithm to a string, to prevent this. After some feedback I have catch this problem earlier and does not allow true as valid value to the algorithm option. Ps. This is my first PR for Symfony, any feedback is welcome :-)! Commits ------- 83a5517 [SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
symfony · Dec 3, 2019 · 59126e0 · 59126e0
2 parents cb429cd + 83a5517
commit 59126e0
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -421,7 +421,13 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)
                         ->performNoDeepMerging()
                         ->beforeNormalization()->ifString()->then(function ($v) { return ['algorithm' => $v]; })->end()
                         ->children()
-                            ->scalarNode('algorithm')->cannotBeEmpty()->end()
+                            ->scalarNode('algorithm')
+                                ->cannotBeEmpty()
+                                ->validate()
+                                    ->ifTrue(function ($v) { return !\is_string($v); })
+                                    ->thenInvalid('You must provide a string value.')
+                                ->end()
+                            ->end()
                             ->scalarNode('hash_algorithm')->info('Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms.')->defaultValue('sha512')->end()
                             ->scalarNode('key_length')->defaultValue(40)->end()
                             ->booleanNode('ignore_case')->defaultFalse()->end()