Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 705251b

Browse filesBrowse files
kbondkbond
committed
[Security] remove plaintext password hasher usage
1 parent f019e47 commit 705251b
Copy full SHA for 705251b

File tree

1 file changed

+40
-50
lines changed
Filter options

1 file changed

+40
-50
lines changed

‎security/passwords.rst

Copy file name to clipboardExpand all lines: security/passwords.rst
+40-50Lines changed: 40 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -124,75 +124,65 @@ Further in this article, you can find a
124124

125125
.. code-block:: yaml
126126
127-
# config/packages/test/security.yaml
128-
security:
129-
# ...
130-
131-
password_hashers:
132-
# Use your user class name here
133-
App\Entity\User:
134-
algorithm: plaintext # disable hashing (only do this in tests!)
135-
136-
# or use the lowest possible values
137-
App\Entity\User:
138-
algorithm: auto # This should be the same value as in config/packages/security.yaml
139-
cost: 4 # Lowest possible value for bcrypt
140-
time_cost: 3 # Lowest possible value for argon
141-
memory_cost: 10 # Lowest possible value for argon
127+
# config/packages/security.yaml
128+
when@test:
129+
security:
130+
# ...
131+
132+
password_hashers:
133+
# Use your user class name here
134+
App\Entity\User:
135+
algorithm: auto
136+
cost: 4 # Lowest possible value for bcrypt
137+
time_cost: 3 # Lowest possible value for argon
138+
memory_cost: 10 # Lowest possible value for argon
142139
143140
.. code-block:: xml
144141
145-
<!-- config/packages/test/security.xml -->
142+
<!-- config/packages/security.xml -->
146143
<?xml version="1.0" encoding="UTF-8"?>
147144
<srv:container xmlns="http://symfony.com/schema/dic/security"
148145
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
149146
xmlns:srv="http://symfony.com/schema/dic/services"
150147
xsi:schemaLocation="http://symfony.com/schema/dic/services
151148
https://symfony.com/schema/dic/services/services-1.0.xsd">
152149
153-
<config>
154-
<!-- class: Use your user class name here -->
155-
<!-- algorithm: disable hashing (only do this in tests!) -->
156-
<security:password-hasher
157-
class="App\Entity\User"
158-
algorithm="plaintext"
159-
/>
160-
161-
<!-- or use the lowest possible values -->
162-
<!-- algorithm: This should be the same value as in config/packages/security.yaml -->
163-
<!-- cost: Lowest possible value for bcrypt -->
164-
<!-- time_cost: Lowest possible value for argon -->
165-
<!-- memory_cost: Lowest possible value for argon -->
166-
<security:password-hasher
167-
class="App\Entity\User"
168-
algorithm="auto"
169-
cost="4"
170-
time_cost="3"
171-
memory_cost="10"
172-
/>
173-
</config>
150+
<when env="test">
151+
<config>
152+
<!-- class: Use your user class name here -->
153+
<!-- cost: Lowest possible value for bcrypt -->
154+
<!-- time_cost: Lowest possible value for argon -->
155+
<!-- memory_cost: Lowest possible value for argon -->
156+
<security:password-hasher
157+
class="App\Entity\User"
158+
algorithm="auto"
159+
cost="4"
160+
time_cost="3"
161+
memory_cost="10"
162+
/>
163+
</config>
164+
</when>
174165
</srv:container>
175166
176167
.. code-block:: php
177168
178-
// config/packages/test/security.php
169+
// config/packages/security.php
179170
use App\Entity\User;
171+
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
180172
use Symfony\Config\SecurityConfig;
181173
182-
return static function (SecurityConfig $security): void {
174+
return static function (SecurityConfig $security, ContainerConfigurator $container): void {
183175
// ...
184176
185-
// Use your user class name here
186-
$security->passwordHasher(User::class)
187-
->algorithm('plaintext'); // disable hashing (only do this in tests!)
188-
189-
// or use the lowest possible values
190-
$security->passwordHasher(User::class)
191-
->algorithm('auto') // This should be the same value as in config/packages/security.yaml
192-
->cost(4) // Lowest possible value for bcrypt
193-
->timeCost(2) // Lowest possible value for argon
194-
->memoryCost(10) // Lowest possible value for argon
195-
;
177+
if ('test' === $container->env()) {
178+
// Use your user class name here
179+
$security->passwordHasher(User::class)
180+
->algorithm('auto') // This should be the same value as in config/packages/security.yaml
181+
->cost(4) // Lowest possible value for bcrypt
182+
->timeCost(2) // Lowest possible value for argon
183+
->memoryCost(10) // Lowest possible value for argon
184+
;
185+
}
196186
};
197187
198188
Hashing the Password

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.