Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically upgrade new password hashes #1027

Merged
merged 2 commits into from Nov 27, 2019
Merged

Automatically upgrade new password hashes #1027

merged 2 commits into from Nov 27, 2019

Conversation

Toflar
Copy link
Member

@Toflar Toflar commented Nov 27, 2019

This will automatically upgrade bcrypt passwords to argon2 passwords when users log in (or whatever we will have in the future). Symfony FTW :)

Implements #538.

@Toflar Toflar added the feature label Nov 27, 2019
@Toflar Toflar added this to the 4.9 milestone Nov 27, 2019
@Toflar Toflar self-assigned this Nov 27, 2019
@Toflar Toflar mentioned this pull request Nov 27, 2019
Closed
bytehead
bytehead previously approved these changes Nov 27, 2019
View reviewed changes
@leofeyer leofeyer merged commit 1a0bfef into master Nov 27, 2019
@leofeyer
Copy link
Member

Thank you @Toflar.

@leofeyer leofeyer deleted the autoupgrade-passwords branch November 27, 2019 15:13
Toflar
Toflar commented Nov 27, 2019
View reviewed changes
core-bundle/src/Security/User/ContaoUserProvider.php
*/
public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
{
if (!is_a($user, $this->userClass)) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't happen because of the supports() call. But anyway :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. I have just copied the code from the refreshUser() method, but maybe it is unnecessary there as well?

contao/core-bundle/src/Security/User/ContaoUserProvider.php

Lines 87 to 91 in 1e08698

public function refreshUser(UserInterface $user)
{
if (!is_a($user, $this->userClass)) {
throw new UnsupportedUserException(sprintf('Unsupported class "%s".', \get_class($user)));
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, defensive programming - guess that's fine :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leofeyer leofeyer leofeyer approved these changes

@bytehead bytehead bytehead left review comments

@aschempp aschempp Awaiting requested review from aschempp

Assignees

@Toflar Toflar

Labels
feature
Projects
None yet
Milestone
4.9
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Toflar @leofeyer @bytehead