Skip to content

Commit

Permalink
[Security] Do not try to rehash null-passwords
Browse files Browse the repository at this point in the history
  • Loading branch information
@tjveldhuizen
tjveldhuizen committed Apr 30, 2021
1 parent 267840a commit 3aebf0e
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
4 changes: 4 additions & 0 deletions EventListener/PasswordMigratingListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
}

$user = $passport->getUser();
if (null === $user->getPassword()) {
return;
}

$passwordEncoder = $this->encoderFactory->getEncoder($user);
if (!$passwordEncoder->needsRehash($user->getPassword())) {
return;
Expand Down
10 changes: 10 additions & 0 deletions Tests/EventListener/PasswordMigratingListenerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,16 @@ public function testUpgradeWithoutUpgrader()
$this->listener->onLoginSuccess($event);
}

public function testUserWithoutPassword()
{
$this->user = new User('test', null);

$this->encoderFactory->expects($this->never())->method('getEncoder');

$event = $this->createEvent(new SelfValidatingPassport(new UserBadge('test', function () { return $this->user; }), [new PasswordUpgradeBadge('pa$$word')]));
$this->listener->onLoginSuccess($event);
}

private function createPasswordUpgrader()
{
return $this->createMock(MigratingUserProvider::class);
Expand Down

0 comments on commit 3aebf0e

Please sign in to comment.