Description
Symfony version(s) affected: 4.4, 5.0
Description
Updating Symfony 4.3 to 4.4 breaks tests on my application. I think the cause of the regression might be the new password migration feature introduced in 4.4.
There is a notice thrown when we pass an array as configuration to an encoder.
Once we have created the NativePasswordEncoder object, we try to build extra encoders (pbkdf2, sha512). But the pbkdf2 encoder needs configs which are not present in the $rawConfig variable.
- I can try to fix the problem, with some help (I don't know why we try to build extra encoders).
- I tried to figure out why we build other PasswordEncoders in the array_map callback but could find any reason perhaps you have an idea :-) .
- This PR is related [Security] Add migrating encoder configuration #34139 (review)
ping @chalasr @nicolas-grekas
How to reproduce
Create a test in Symfony\Component\Security\Core\Tests\Encoder\EncoderFactoryTest with the following code on a symfony/symfony:4.3 branch this will be successful in 4.3 branch and will produce notice in 4.4.
// Symfony\Component\Security\Core\Tests\Encoder\EncoderFactoryTest
public function testGetEncoderWithArrayConfiguration()
{
$factory = new EncoderFactory([
'Symfony\Component\Security\Core\User\UserInterface' => [
'algorithm' => 'bcrypt',
'cost' => 11,
],
]);
$factory->getEncoder(new User('user', 'pass'));
$this->assertInstanceOf(PasswordEncoderInterface::class, $factory->getEncoder(new User('user', 'pass')));
}Symfony\Component\Security\Core\Tests\Encoder\EncoderFactoryTest::testGetEncoderWithArrayConfiguration
Undefined index: hash_algorithmPossible Solutions
I think there are 2 options here
- Do not create extra encoders with NativePasswordEncoder
- Provide default configuration keys for extra encoders
Additional context
I can provide if needed.