New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically upgrade new password hashes #1027
Conversation
Thank you @Toflar. |
*/ | ||
public function upgradePassword(UserInterface $user, string $newEncodedPassword): void | ||
{ | ||
if (!is_a($user, $this->userClass)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shouldn't happen because of the supports()
call. But anyway :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right. I have just copied the code from the refreshUser()
method, but maybe it is unnecessary there as well?
contao/core-bundle/src/Security/User/ContaoUserProvider.php
Lines 87 to 91 in 1e08698
public function refreshUser(UserInterface $user) | |
{ | |
if (!is_a($user, $this->userClass)) { | |
throw new UnsupportedUserException(sprintf('Unsupported class "%s".', \get_class($user))); | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, defensive programming - guess that's fine :)
This will automatically upgrade bcrypt passwords to argon2 passwords when users log in (or whatever we will have in the future). Symfony FTW :)
Implements #538.