New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set auto password hasher for all user classes #6289
Conversation
that would mean we'll change the default config of existing systems, right? And if they would reconfigure this (e.g. for another firewall) it would no longer apply to Contao? |
Just for the ME which imho is a good default. But I'm also fine with leaving it as is. |
Yeah, that's a good point. We could add both though. |
I would be in favor of adding both. |
@fritzmg Can you please also update the |
Thank you @fritzmg. |
In Symfony 5.3 this config was added to the default security config in order to enable the
auto
password hasher for all user classes that implement this interface (see symfony/recipes#981) - whichContao\User
also implements.I think we should do the same in the
contao/managed-edition
. This way you don't have to define this yourself in case you are using HTTP Basic Authentication for some controller outside Contao's own firewalls. For instance, in this example the linecould be omitted then.