symfony
diff --git a/‎UPGRADE-4.3.md
Copy file name to clipboardExpand all lines: UPGRADE-4.3.md
+2-4Lines changed: 2 additions & 4 deletions b/‎UPGRADE-4.3.md
Copy file name to clipboardExpand all lines: UPGRADE-4.3.md
+2-4Lines changed: 2 additions & 4 deletions
diff --git a/‎UPGRADE-5.0.md
Copy file name to clipboardExpand all lines: UPGRADE-5.0.md
+6-4Lines changed: 6 additions & 4 deletions b/‎UPGRADE-5.0.md
Copy file name to clipboardExpand all lines: UPGRADE-5.0.md
+6-4Lines changed: 6 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+1-3Lines changed: 1 addition & 3 deletions b/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+1-3Lines changed: 1 addition & 3 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+7-8Lines changed: 7 additions & 8 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+7-8Lines changed: 7 additions & 8 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+14-9Lines changed: 14 additions & 9 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+14-9Lines changed: 14 additions & 9 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2id_encoder.php renamed to ‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_encoder.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_encoder.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2id_encoder.php renamed to ‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_encoder.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_encoder.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2id_encoder.xml renamed to ‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_encoder.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_encoder.xml
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2id_encoder.xml renamed to ‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_encoder.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_encoder.xml
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2id_encoder.yml renamed to ‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_encoder.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_encoder.yml
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2id_encoder.yml renamed to ‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_encoder.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_encoder.yml
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/UserPasswordEncoderCommandTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/UserPasswordEncoderCommandTest.php
+25-20Lines changed: 25 additions & 20 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/UserPasswordEncoderCommandTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/UserPasswordEncoderCommandTest.php
+25-20Lines changed: 25 additions & 20 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/argon2id.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/argon2id.yml
-7Lines changed: 0 additions & 7 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/argon2id.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/argon2id.yml
-7Lines changed: 0 additions & 7 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/sodium.yml
Copy file name to clipboard
+7Lines changed: 7 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/sodium.yml
Copy file name to clipboard
+7Lines changed: 7 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/CHANGELOG.md
+1-3Lines changed: 1 addition & 3 deletions b/‎src/Symfony/Component/Security/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/CHANGELOG.md
+1-3Lines changed: 1 addition & 3 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Encoder/Argon2Trait.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/Argon2Trait.php
-52Lines changed: 0 additions & 52 deletions b/‎src/Symfony/Component/Security/Core/Encoder/Argon2Trait.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/Argon2Trait.php
-52Lines changed: 0 additions & 52 deletions
@@ -151,14 +151,12 @@ Security
    }
    ```
 
- * Using `Argon2iPasswordEncoder` while only the `argon2id` algorithm is supported
-   is deprecated, use `Argon2idPasswordEncoder` instead
+ * The `Argon2iPasswordEncoder` class has been deprecated, use `SodiumPasswordEncoder` instead.
 
 SecurityBundle
 --------------
 
- * Configuring encoders using `argon2i` as algorithm while only `argon2id` is
-   supported is deprecated, use `argon2id` instead
+ * Configuring encoders using `argon2i` as algorithm has been deprecated, use `sodium` instead.
 
 TwigBridge
 ----------
 
@@ -326,8 +326,7 @@ Security
    }
    ```
 
- * Using `Argon2iPasswordEncoder` while only the `argon2id` algorithm is supported
-   now throws a `\LogicException`, use `Argon2idPasswordEncoder` instead
+ * The `Argon2iPasswordEncoder` class has been removed, use `SodiumPasswordEncoder` instead.
 
 SecurityBundle
 --------------
@@ -348,8 +347,11 @@ SecurityBundle
    changed to underscores.
    Before: `my-cookie` deleted the `my_cookie` cookie (with an underscore).
    After: `my-cookie` deletes the `my-cookie` cookie (with a dash).
- * Configuring encoders using `argon2i` as algorithm while only `argon2id` is supported
-   now throws a `\LogicException`, use `argon2id` instead
+
+SecurityBundle
+--------------
+
+ * Configuring encoders using `argon2i` is not supported anymore, use `sodium` instead.
 
 Serializer
 ----------
 
@@ -8,9 +8,7 @@ CHANGELOG
    option is deprecated and will be disabled in Symfony 5.0. This affects to cookies
    with dashes in their names. For example, starting from Symfony 5.0, the `my-cookie`
    name will delete `my-cookie` (with a dash) instead of `my_cookie` (with an underscore).
- * Deprecated configuring encoders using `argon2i` as algorithm while only `argon2id` is supported,
-   use `argon2id` instead
- 
+ * Deprecated configuring encoders using `argon2i` as algorithm, use `sodium` instead
 
 4.2.0
 -----
 
@@ -29,8 +29,8 @@
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
+use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Http\Controller\UserValueResolver;
 use Symfony\Component\Templating\PhpEngine;
@@ -565,14 +565,14 @@ private function createEncoder($config, ContainerBuilder $container)
 
         // Argon2i encoder
         if ('argon2i' === $config['algorithm']) {
+            @trigger_error('Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "sodium" instead.', E_USER_DEPRECATED);
+
             if (!Argon2iPasswordEncoder::isSupported()) {
                 if (\extension_loaded('sodium') && !\defined('SODIUM_CRYPTO_PWHASH_SALTBYTES')) {
                     throw new InvalidConfigurationException('The installed libsodium version does not have support for Argon2i. Use Bcrypt instead.');
                 }
 
                 throw new InvalidConfigurationException('Argon2i algorithm is not supported. Install the libsodium extension or use BCrypt instead.');
-            } elseif (!\defined('PASSWORD_ARGON2I') && Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
-                @trigger_error('Configuring an encoder based on the "argon2i" algorithm while only "argon2id" is supported is deprecated since Symfony 4.3, use "argon2id" instead.', E_USER_DEPRECATED);
             }
 
             return [
@@ -585,14 +585,13 @@ private function createEncoder($config, ContainerBuilder $container)
             ];
         }
 
-        // Argon2id encoder
-        if ('argon2id' === $config['algorithm']) {
-            if (!Argon2idPasswordEncoder::isSupported()) {
-                throw new InvalidConfigurationException('Argon2i algorithm is not supported. Install the libsodium extension or use BCrypt instead.');
+        if ('sodium' === $config['algorithm']) {
+            if (!SodiumPasswordEncoder::isSupported()) {
+                throw new InvalidConfigurationException('Libsodium is not available. Install the sodium extension or use BCrypt instead.');
             }
 
             return [
-                'class' => Argon2idPasswordEncoder::class,
+                'class' => SodiumPasswordEncoder::class,
                 'arguments' => [
                     $config['memory_cost'],
                     $config['time_cost'],
 
@@ -18,8 +18,8 @@
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
-use Symfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
+use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
 
 abstract class CompleteConfigurationTest extends TestCase
 {
@@ -314,11 +314,11 @@ public function testEncoders()
 
     public function testEncodersWithLibsodium()
     {
-        if (!Argon2iPasswordEncoder::isSupported() || \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
-            $this->markTestSkipped('Argon2i algorithm is not supported.');
+        if (!SodiumPasswordEncoder::isSupported()) {
+            $this->markTestSkipped('Libsodium is not available.');
         }
 
-        $container = $this->getContainer('argon2i_encoder');
+        $container = $this->getContainer('sodium_encoder');
 
         $this->assertEquals([[
             'JMS\FooBundle\Entity\User1' => [
@@ -359,19 +359,24 @@ public function testEncodersWithLibsodium()
                 'arguments' => [15],
             ],
             'JMS\FooBundle\Entity\User7' => [
-                'class' => 'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
+                'class' => 'Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder',
                 'arguments' => [256, 1, 2],
             ],
         ]], $container->getDefinition('security.encoder_factory.generic')->getArguments());
     }
 
-    public function testEncodersWithArgon2id()
+    /**
+     * @group legacy
+     *
+     * @expectedDeprecation Configuring an encoder with "argon2i" as algorithm is deprecated since Symfony 4.3, use "sodium" instead.
+     */
+    public function testEncodersWithArgon2i()
     {
-        if (!Argon2idPasswordEncoder::isSupported()) {
+        if (!Argon2iPasswordEncoder::isSupported()) {
             $this->markTestSkipped('Argon2i algorithm is not supported.');
         }
 
-        $container = $this->getContainer('argon2id_encoder');
+        $container = $this->getContainer('argon2i_encoder');
 
         $this->assertEquals([[
             'JMS\FooBundle\Entity\User1' => [
@@ -412,7 +417,7 @@ public function testEncodersWithArgon2id()
                 'arguments' => [15],
             ],
             'JMS\FooBundle\Entity\User7' => [
-                'class' => 'Symfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder',
+                'class' => 'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
                 'arguments' => [256, 1, 2],
             ],
         ]], $container->getDefinition('security.encoder_factory.generic')->getArguments());
 
@@ -5,7 +5,7 @@
 $container->loadFromExtension('security', [
     'encoders' => [
         'JMS\FooBundle\Entity\User7' => [
-            'algorithm' => 'argon2id',
+            'algorithm' => 'sodium',
             'memory_cost' => 256,
             'time_cost' => 1,
             'threads' => 2,
 
@@ -10,7 +10,7 @@
     </imports>
 
     <sec:config>
-        <sec:encoder class="JMS\FooBundle\Entity\User7" algorithm="argon2id" memory_cost="256" time_cost="1" threads="2" />
+        <sec:encoder class="JMS\FooBundle\Entity\User7" algorithm="sodium" memory_cost="256" time_cost="1" threads="2" />
     </sec:config>
 
 </container>
@@ -4,7 +4,7 @@ imports:
 security:
     encoders:
         JMS\FooBundle\Entity\User7:
-            algorithm: argon2id
+            algorithm: sodium
             memory_cost: 256
             time_cost: 1
             threads: 2
@@ -15,11 +15,11 @@
 use Symfony\Bundle\SecurityBundle\Command\UserPasswordEncoderCommand;
 use Symfony\Component\Console\Application as ConsoleApplication;
 use Symfony\Component\Console\Tester\CommandTester;
-use Symfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 use Symfony\Component\Security\Core\Encoder\Pbkdf2PasswordEncoder;
+use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
 
 /**
  * Tests UserPasswordEncoderCommand.
@@ -71,9 +71,12 @@ public function testEncodePasswordBcrypt()
         $this->assertTrue($encoder->isPasswordValid($hash, 'password', null));
     }
 
+    /**
+     * @group legacy
+     */
     public function testEncodePasswordArgon2i()
     {
-        if (!Argon2iPasswordEncoder::isSupported() || !\defined('PASSWORD_ARGON2I') && Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
+        if (!Argon2iPasswordEncoder::isSupported()) {
             $this->markTestSkipped('Argon2i algorithm not available.');
         }
         $this->setupArgon2i();
@@ -87,30 +90,29 @@ public function testEncodePasswordArgon2i()
         $this->assertContains('Password encoding succeeded', $output);
 
         $encoder = new Argon2iPasswordEncoder();
-        preg_match('#  Encoded password\s+(\$argon2i?\$[\w,=\$+\/]+={0,2})\s+#', $output, $matches);
+        preg_match('#  Encoded password\s+(\$argon2id?\$[\w,=\$+\/]+={0,2})\s+#', $output, $matches);
         $hash = $matches[1];
         $this->assertTrue($encoder->isPasswordValid($hash, 'password', null));
     }
 
-    public function testEncodePasswordArgon2id()
+    public function testEncodePasswordSodium()
     {
-        if (!Argon2idPasswordEncoder::isSupported()) {
-            $this->markTestSkipped('Argon2id algorithm not available.');
+        if (!SodiumPasswordEncoder::isSupported()) {
+            $this->markTestSkipped('Libsodium is not available.');
         }
-        $this->setupArgon2id();
+        $this->setupSodium();
         $this->passwordEncoderCommandTester->execute([
             'command' => 'security:encode-password',
             'password' => 'password',
-            'user-class' => 'Custom\Class\Argon2id\User',
+            'user-class' => 'Custom\Class\Sodium\User',
         ], ['interactive' => false]);
 
         $output = $this->passwordEncoderCommandTester->getDisplay();
         $this->assertContains('Password encoding succeeded', $output);
 
-        $encoder = new Argon2idPasswordEncoder();
-        preg_match('#  Encoded password\s+(\$argon2id?\$[\w,=\$+\/]+={0,2})\s+#', $output, $matches);
+        preg_match('#  Encoded password\s+(\$?\$[\w,=\$+\/]+={0,2})\s+#', $output, $matches);
         $hash = $matches[1];
-        $this->assertTrue($encoder->isPasswordValid($hash, 'password', null));
+        $this->assertTrue((new SodiumPasswordEncoder())->isPasswordValid($hash, 'password', null));
     }
 
     public function testEncodePasswordPbkdf2()
@@ -173,10 +175,13 @@ public function testEncodePasswordBcryptOutput()
         $this->assertNotContains(' Generated salt ', $this->passwordEncoderCommandTester->getDisplay());
     }
 
+    /**
+     * @group legacy
+     */
     public function testEncodePasswordArgon2iOutput()
     {
-        if (!Argon2iPasswordEncoder::isSupported() || !\defined('PASSWORD_ARGON2I') && Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
-            $this->markTestSkipped('Argon2id algorithm not available.');
+        if (!Argon2iPasswordEncoder::isSupported()) {
+            $this->markTestSkipped('Argon2i algorithm not available.');
         }
 
         $this->setupArgon2i();
@@ -189,17 +194,17 @@ public function testEncodePasswordArgon2iOutput()
         $this->assertNotContains(' Generated salt ', $this->passwordEncoderCommandTester->getDisplay());
     }
 
-    public function testEncodePasswordArgon2idOutput()
+    public function testEncodePasswordSodiumOutput()
     {
-        if (!Argon2idPasswordEncoder::isSupported()) {
-            $this->markTestSkipped('Argon2id algorithm not available.');
+        if (!SodiumPasswordEncoder::isSupported()) {
+            $this->markTestSkipped('Libsodium is not available.');
         }
 
-        $this->setupArgon2id();
+        $this->setupSodium();
         $this->passwordEncoderCommandTester->execute([
             'command' => 'security:encode-password',
             'password' => 'p@ssw0rd',
-            'user-class' => 'Custom\Class\Argon2id\User',
+            'user-class' => 'Custom\Class\Sodium\User',
         ], ['interactive' => false]);
 
         $this->assertNotContains(' Generated salt ', $this->passwordEncoderCommandTester->getDisplay());
@@ -298,10 +303,10 @@ private function setupArgon2i()
         $this->passwordEncoderCommandTester = new CommandTester($passwordEncoderCommand);
     }
 
-    private function setupArgon2id()
+    private function setupSodium()
     {
         putenv('COLUMNS='.(119 + \strlen(PHP_EOL)));
-        $kernel = $this->createKernel(['test_case' => 'PasswordEncode', 'root_config' => 'argon2id.yml']);
+        $kernel = $this->createKernel(['test_case' => 'PasswordEncode', 'root_config' => 'sodium.yml']);
         $kernel->boot();
 
         $application = new Application($kernel);
 
@@ -0,0 +1,7 @@
+imports:
+    - { resource: config.yml }
+
+security:
+    encoders:
+        Custom\Class\Sodium\User:
+            algorithm: sodium
@@ -19,9 +19,7 @@ CHANGELOG
  * Dispatch `AuthenticationFailureEvent` on `security.authentication.failure`
  * Dispatch `InteractiveLoginEvent` on `security.interactive_login`
  * Dispatch `SwitchUserEvent` on `security.switch_user`
- * Added `Argon2idPasswordEncoder`
- * Deprecated using `Argon2iPasswordEncoder` while only the `argon2id` algorithm
-   is supported, use `Argon2idPasswordEncoder` instead
+ * deprecated `Argon2iPasswordEncoder`, use `SodiumPasswordEncoder` instead
 
 4.2.0
 -----