Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[SecurityBundle] register alias for argument for password hasher #60371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 7.3
Choose a base branch
Loading
from
Open

[SecurityBundle] register alias for argument for password hasher #60371

wants to merge 1 commit into from

Conversation

lyrixx
Copy link
Member

@lyrixx lyrixx commented May 7, 2025
edited
Loading

Q A
Branch? 7.3
Bug fix? no
New feature? yes
Deprecations? no
Issues
License MIT

This is a new feature, but I want to gather feedback before finishing the PR (meta + doc + test)

I need to hash some sensitive data in my database (2FA recovery code).
They are not tied to a specific class. So I need a "raw hasher".

ATM, I'm able to write:

security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
        recovery_code: auto

But to get it, I need to write:

    public function homepage(PasswordHasherFactoryInterface $p): Response
    {
        $password = 'password';
        $hash = $p->getPasswordHasher('recovery_code')->hash($password);
        dd($hash);

There is an extra steps here (low of demeter...)

With this PR, I propose an alternative:

class HomepageController extends AbstractController
{
    public function __construct(
        #[Target('recovery_code')]
        private readonly PasswordHasherInterface $passwordHasher,
    ) {
    }

    #[Route('/')]
    public function index(): Response
    {
        dd($this->passwordHasher->hash('aaa'));

DX is extra smooth. If I forgot the Target Attribute:

image

@lyrixx lyrixx requested a review from chalasr as a code owner May 7, 2025 10:10
@carsonbot carsonbot added this to the 7.3 milestone May 7, 2025
@lyrixx lyrixx force-pushed the security-password-hasher branch from 2216356 to 576f604 Compare May 14, 2025 09:10
@lyrixx
Copy link
Member Author

lyrixx commented May 14, 2025

@nicolas-grekas I addressed your comments, added tests, and updated CHANGELOG.md

@lyrixx lyrixx force-pushed the security-password-hasher branch from 576f604 to 9b50bc9 Compare May 14, 2025 09:11
@lyrixx lyrixx force-pushed the security-password-hasher branch from 9b50bc9 to c6051e3 Compare May 14, 2025 09:38
chalasr
chalasr approved these changes May 14, 2025
View reviewed changes
Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Feature SecurityBundle Status: Reviewed
Projects
None yet
Milestone
7.3
Development

Successfully merging this pull request may close these issues.
4 participants
@lyrixx @nicolas-grekas @chalasr @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.