New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
!!! TASK: Clean up password hashing strategies #2920
!!! TASK: Clean up password hashing strategies #2920
Conversation
|
This make use of tyoing and password_hash() / password_verify() in the BCrypt strategy.
bcde95e
to
6549214
Compare
Note: We can of course drop the interface change (or move it to 9.0), but I'd say the risk is low. Who would implement their own hashing strategy? 😇 |
Ping… |
@markusguenther (and others), any objections to the interface change? |
Ah... hmmm... What about NOT changing the interface in 8.2 - but do so in 9.0? (Rest of the code can stay as it is, if I see it correctly, as "additional hints" are allowed) On the other hand... I cannot believe, that this interface has been implemented too often outside the Flow packages themself. And it would be quite easy to be forward compatible. (So I would not say, we absolute cannot merge that into 8.2) |
I agree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed with merging ASAP but without the Interface change.
Neos.Flow/Classes/Security/Cryptography/PasswordHashingStrategyInterface.php
Outdated
Show resolved
Hide resolved
Neos.Flow/Classes/Security/Cryptography/PasswordHashingStrategyInterface.php
Outdated
Show resolved
Hide resolved
The addition of type hints is breaking and thus needs to be done in the next major. Co-authored-by: Christian Müller <christian@flownative.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine by reading
No, as the test results show… |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Revert remaining changes to methods from interface
Neos.Flow/Classes/Security/Cryptography/BCryptHashingStrategy.php
Outdated
Show resolved
Hide resolved
Neos.Flow/Classes/Security/Cryptography/BCryptHashingStrategy.php
Outdated
Show resolved
Hide resolved
Neos.Flow/Classes/Security/Cryptography/Pbkdf2HashingStrategy.php
Outdated
Show resolved
Hide resolved
Neos.Flow/Classes/Security/Cryptography/Pbkdf2HashingStrategy.php
Outdated
Show resolved
Hide resolved
Neos.Flow/Tests/Unit/Security/Cryptography/Fixture/TestHashingStrategy.php
Outdated
Show resolved
Hide resolved
Neos.Flow/Tests/Unit/Security/Cryptography/Fixture/TestHashingStrategy.php
Outdated
Show resolved
Hide resolved
Unfortunate :/ But then lets merge this as is now. |
Cleans up the password hashing strategies shipped with Flow.
Upgrade instructions
If you implemented
PasswordHashingStrategyInterface
, take note that type declarations will be added for the next major version (9.0) so adjust your implementation to use the added type declarations like in the core implementations.Checklist
FEATURE|TASK|BUGFIX
!!!
and have upgrade-instructions