[FrameworkBundle] generate a random password if none is provided in t…

…he configuration
symfony · Oct 21, 2010 · acfd09e · acfd09e
1 parent bf3659d
commit acfd09e
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/SecurityExtension.php
@@ -379,8 +379,13 @@ protected function createUserDaoProvider($name, $provider, ContainerBuilder $con
                 $username = $user['name'];
             }
 
-            if (!isset($user['password'])) {
-                $user['password'] = '';
+            if (!array_key_exists('password', $user)) {
+                // if no password is provided explicitly, it means that
+                // the user will be used with OpenID, X.509 certificates, ...
+                // Let's generate a random password just to be sure this
+                // won't be used accidentally with other authentication schemes.
+                // If you want an empty password, just say so explicitly
+                $user['password'] = uniqid();
             }
 
             if (!isset($user['roles'])) {