Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 9dbeab9

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
Merge branch '4.4' into 5.0
* 4.4: [Security/Core] Fix checking for SHA256/SHA512 passwords [Cache][Lock] fix tests bumped Symfony version to 4.4.2 updated VERSION for 4.4.1 updated CHANGELOG for 4.4.1
2 parents 08a8e77 + 1f00705 commit 9dbeab9
Copy full SHA for 9dbeab9

File tree

Expand file treeCollapse file tree

7 files changed

+81
-11
lines changed
Filter options
Expand file treeCollapse file tree

7 files changed

+81
-11
lines changed

‎CHANGELOG-4.4.md

Copy file name to clipboardExpand all lines: CHANGELOG-4.4.md
+52Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,58 @@ in 4.4 minor versions.
77
To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
88
To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.4.0...v4.4.1
99

10+
* 4.4.1 (2019-12-01)
11+
12+
* bug #34732 [DependencyInjection][Xml] Fix the attribute 'tag' is not allowed in 'bind' tag (tienvx)
13+
* bug #34729 [DI] auto-register singly implemented interfaces by default (nicolas-grekas)
14+
* bug #34728 [DI] fix overriding existing services with aliases for singly-implemented interfaces (nicolas-grekas)
15+
* bug #34649 more robust initialization from request (dbu)
16+
* bug #34715 [TwigBundle] remove service when base class is missing (xabbuh)
17+
* bug #34600 [DoctrineBridge] do not depend on the QueryBuilder from the ORM (xabbuh)
18+
* bug #34627 [Security/Http] call auth listeners/guards eagerly when they "support" the request (nicolas-grekas)
19+
* bug #34671 [Security] Fix clearing remember-me cookie after deauthentication (chalasr)
20+
* bug #34711 Fix the translation commands when a template contains a syntax error (fabpot)
21+
* bug #34032 [Mime] Fixing multidimensional array structure with FormDataPart (jvahldick)
22+
* bug #34560 [Config][ReflectionClassResource] Handle parameters with undefined constant as their default values (fancyweb)
23+
* bug #34695 [Config] don't break on virtual stack frames in ClassExistenceResource (nicolas-grekas)
24+
* bug #34716 [DependencyInjection] fix dumping number-like string parameters (xabbuh)
25+
* bug #34558 [Console] Fix autocomplete multibyte input support (fancyweb)
26+
* bug #34130 [Console] Fix commands description with numeric namespaces (fancyweb)
27+
* bug #34562 [DI] Skip unknown method calls for factories in check types pass (fancyweb)
28+
* bug #34677 [EventDispatcher] Better error reporting when arguments to dispatch() are swapped (rimas-kudelis)
29+
* bug #33573 [TwigBridge] Add row_attr to all form themes (fancyweb)
30+
* bug #34019 [Serializer] CsvEncoder::NO_HEADERS_KEY ignored when used in constructor (Dario Savella)
31+
* bug #34083 [Form] Keep preferred_choices order for choice groups (vilius-g)
32+
* bug #34091 [Debug] work around failing chdir() on Darwin (mary2501)
33+
* bug #34305 [PhpUnitBridge] Read configuration CLI directive (ro0NL)
34+
* bug #34490 [Serializer] Fix MetadataAwareNameConverter usage with string group (antograssiot)
35+
* bug #34632 [Console] Fix trying to access array offset on value of type int (Tavafi)
36+
* bug #34669 [HttpClient] turn exception into log when the request has no content-type (nicolas-grekas)
37+
* bug #34662 [HttpKernel] Support typehint to deprecated FlattenException in controller (andrew-demb)
38+
* bug #34619 Restores preview mode support for Html and Serializer error renderers (yceruto)
39+
* bug #34636 [VarDumper] notice on potential undefined index (sylvainmetayer)
40+
* bug #34668 [Cache] Make sure we get the correct number of values from redis::mget() (thePanz)
41+
* bug #34621 [Routing] Continue supporting single colon in object route loaders (fancyweb)
42+
* bug #34554 [HttpClient] Fix early cleanup of pushed HTTP/2 responses (lyrixx)
43+
* bug #34607 [HttpKernel] Ability to define multiple kernel.reset tags (rmikalkenas)
44+
* bug #34599 [Mailer][Mailchimp Bridge] Throwing undefined index _id when setting message id (monteiro)
45+
* bug #34569 [Workflow] Apply the same logic of precedence between the apply() and the buildTransitionBlockerList() method (lyrixx)
46+
* bug #34580 [HttpKernel] Don't cache "not-fresh" state (nicolas-grekas)
47+
* bug #34577 [FrameworkBundle][Cache] Don't deep-merge cache pools configuration (alxndrbauer)
48+
* bug #34515 [DependencyInjection] definitions are valid objects (xabbuh)
49+
* bug #34536 [SecurityBundle] Don't require a user provider for the anonymous listener (chalasr)
50+
* bug #34533 [Monolog Bridge] Fixed accessing static property as non static. (Sander-Toonen)
51+
* bug #34502 [FrameworkBundle][ContainerLint] Keep "removing" compiler passes (fancyweb)
52+
* bug #34552 [Dotenv] don't fail when referenced env var does not exist (xabbuh)
53+
* bug #34546 [Serializer] Add DateTimeZoneNormalizer into Dependency Injection (jewome62)
54+
* bug #34547 [Messenger] Error when specified default bus is not among the configured (vudaltsov)
55+
* bug #34513 [Validator] remove return type declaration from __sleep() (xabbuh)
56+
* bug #34551 [Security] SwitchUser is broken when the User Provider always returns a valid user (tucksaun)
57+
* bug #34385 Avoid empty "If-Modified-Since" header in validation request (mpdude)
58+
* bug #34458 [Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls (ogizanagi)
59+
* bug #34516 [HttpKernel] drop return type declaration (xabbuh)
60+
* bug #34474 [Messenger] Ignore stamps in in-memory transport (tienvx)
61+
1062
* 4.4.0 (2019-11-21)
1163

1264
* bug #34464 [Form] group constraints when calling the validator (nicolas-grekas)

‎src/Symfony/Component/Cache/Tests/Adapter/PdoAdapterTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Cache/Tests/Adapter/PdoAdapterTest.php
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94,9 +94,9 @@ public function testDsn(string $dsn, string $file = null)
9494
public function provideDsn()
9595
{
9696
$dbFile = tempnam(sys_get_temp_dir(), 'sf_sqlite_cache');
97-
yield ['sqlite://localhost/'.$dbFile, ''.$dbFile];
98-
yield ['sqlite:'.$dbFile, ''.$dbFile];
99-
yield ['sqlite3:///'.$dbFile, ''.$dbFile];
97+
yield ['sqlite://localhost/'.$dbFile.'1', $dbFile.'1'];
98+
yield ['sqlite:'.$dbFile.'2', $dbFile.'2'];
99+
yield ['sqlite3:///'.$dbFile.'3', $dbFile.'3'];
100100
yield ['sqlite://localhost/:memory:'];
101101
yield ['sqlite::memory:'];
102102
}

‎src/Symfony/Component/Lock/Tests/Store/PdoStoreTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Lock/Tests/Store/PdoStoreTest.php
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,9 +97,9 @@ public function testDsn(string $dsn, string $file = null)
9797
public function provideDsn()
9898
{
9999
$dbFile = tempnam(sys_get_temp_dir(), 'sf_sqlite_cache');
100-
yield ['sqlite://localhost/'.$dbFile, ''.$dbFile];
101-
yield ['sqlite:'.$dbFile, ''.$dbFile];
102-
yield ['sqlite3:///'.$dbFile, ''.$dbFile];
100+
yield ['sqlite://localhost/'.$dbFile.'1', $dbFile.'1'];
101+
yield ['sqlite:'.$dbFile.'2', $dbFile.'2'];
102+
yield ['sqlite3:///'.$dbFile.'3', $dbFile.'3'];
103103
yield ['sqlite://localhost/:memory:'];
104104
yield ['sqlite::memory:'];
105105
}

‎src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,9 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo
8080
return false;
8181
}
8282

83-
if (0 === strpos($encoded, '$2')) {
83+
if (0 !== strpos($encoded, '$argon')) {
8484
// BCrypt encodes only the first 72 chars
85-
return 72 >= \strlen($raw) && password_verify($raw, $encoded);
85+
return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
8686
}
8787

8888
if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {

‎src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,9 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo
8080
return false;
8181
}
8282

83-
if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
84-
// Accept validating BCrypt passwords for seamless migrations
85-
return password_verify($raw, $encoded);
83+
if (0 !== strpos($encoded, '$argon')) {
84+
// Accept validating non-argon passwords for seamless migrations
85+
return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
8686
}
8787

8888
if (\function_exists('sodium_crypto_pwhash_str_verify')) {

‎src/Symfony/Component/Security/Core/Tests/Encoder/NativePasswordEncoderTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Encoder/NativePasswordEncoderTest.php
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,15 @@ public function testValidation()
5555
$this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
5656
}
5757

58+
public function testNonArgonValidation()
59+
{
60+
$encoder = new NativePasswordEncoder();
61+
$this->assertTrue($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
62+
$this->assertFalse($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
63+
$this->assertTrue($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
64+
$this->assertFalse($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
65+
}
66+
5867
public function testConfiguredAlgorithm()
5968
{
6069
$encoder = new NativePasswordEncoder(null, null, null, PASSWORD_BCRYPT);

‎src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,15 @@ public function testBCryptValidation()
3737
$this->assertTrue($encoder->isPasswordValid('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
3838
}
3939

40+
public function testNonArgonValidation()
41+
{
42+
$encoder = new SodiumPasswordEncoder();
43+
$this->assertTrue($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
44+
$this->assertFalse($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
45+
$this->assertTrue($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
46+
$this->assertFalse($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
47+
}
48+
4049
public function testEncodePasswordLength()
4150
{
4251
$this->expectException('Symfony\Component\Security\Core\Exception\BadCredentialsException');

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.