Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set auto password hasher for all user classes #6289

Merged
merged 5 commits into from Aug 24, 2023
Merged

Set auto password hasher for all user classes #6289

merged 5 commits into from Aug 24, 2023

Conversation

fritzmg
Copy link
Contributor

@fritzmg fritzmg commented Aug 11, 2023

In Symfony 5.3 this config was added to the default security config in order to enable the auto password hasher for all user classes that implement this interface (see symfony/recipes#981) - which Contao\User also implements.

I think we should do the same in the contao/managed-edition. This way you don't have to define this yourself in case you are using HTTP Basic Authentication for some controller outside Contao's own firewalls. For instance, in this example the line

$extensionConfig['password_hashers'][InMemoryUser::class] = 'auto';

could be omitted then.

@fritzmg fritzmg added this to the 5.3 milestone Aug 11, 2023
@fritzmg fritzmg self-assigned this Aug 11, 2023
@fritzmg fritzmg changed the title Set auto password hasher to for all user classes Set auto password hasher for all user classes Aug 11, 2023
@aschempp
Copy link
Member

that would mean we'll change the default config of existing systems, right? And if they would reconfigure this (e.g. for another firewall) it would no longer apply to Contao?

Toflar
Toflar previously approved these changes Aug 11, 2023
View reviewed changes
@Toflar
Copy link
Member

Toflar commented Aug 11, 2023

Just for the ME which imho is a good default. But I'm also fine with leaving it as is.

@fritzmg
Copy link
Contributor Author

fritzmg commented Aug 12, 2023

And if they would reconfigure this (e.g. for another firewall) it would no longer apply to Contao?

Yeah, that's a good point. We could add both though.

@aschempp
Copy link
Member

I would be in favor of adding both.

Toflar
Toflar previously approved these changes Aug 16, 2023
View reviewed changes
@leofeyer
Copy link
Member

@fritzmg Can you please also update the core-bundle/README.md and the core-bundle/tests/Functional/app/config/security.yaml files?

@fritzmg fritzmg requested a review from leofeyer August 24, 2023 10:49
@leofeyer leofeyer merged commit a233e18 into contao:5.x Aug 24, 2023
16 checks passed
@leofeyer
Copy link
Member

Thank you @fritzmg.

@fritzmg fritzmg deleted the auto-password-hasher branch February 19, 2024 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leofeyer leofeyer leofeyer approved these changes

@Toflar Toflar Toflar left review comments

@bytehead bytehead Awaiting requested review from bytehead

@aschempp aschempp Awaiting requested review from aschempp

Assignees

@fritzmg fritzmg

Labels
feature
Projects
None yet
Milestone
5.3
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@fritzmg @aschempp @Toflar @leofeyer