Skip to content

Commit b7f758d

Browse files
committed
[Security] Added type-hints to password encoders.
1 parent cc9778e commit b7f758d

10 files changed

+22
-41
lines changed

src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php

Lines changed: 4 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,9 @@ public function needsRehash(string $encoded): bool
3131
/**
3232
* Demerges a merge password and salt string.
3333
*
34-
* @param string $mergedPasswordSalt The merged password and salt string
35-
*
3634
* @return array An array where the first element is the password and the second the salt
3735
*/
38-
protected function demergePasswordAndSalt($mergedPasswordSalt)
36+
protected function demergePasswordAndSalt(string $mergedPasswordSalt)
3937
{
4038
if (empty($mergedPasswordSalt)) {
4139
return ['', ''];
@@ -56,14 +54,11 @@ protected function demergePasswordAndSalt($mergedPasswordSalt)
5654
/**
5755
* Merges a password and a salt.
5856
*
59-
* @param string $password The password to be used
60-
* @param string|null $salt The salt to be used
61-
*
6257
* @return string a merged password and salt
6358
*
6459
* @throws \InvalidArgumentException
6560
*/
66-
protected function mergePasswordAndSalt($password, $salt)
61+
protected function mergePasswordAndSalt(string $password, ?string $salt)
6762
{
6863
if (empty($salt)) {
6964
return $password;
@@ -82,24 +77,19 @@ protected function mergePasswordAndSalt($password, $salt)
8277
* This method implements a constant-time algorithm to compare passwords to
8378
* avoid (remote) timing attacks.
8479
*
85-
* @param string $password1 The first password
86-
* @param string $password2 The second password
87-
*
8880
* @return bool true if the two passwords are the same, false otherwise
8981
*/
90-
protected function comparePasswords($password1, $password2)
82+
protected function comparePasswords(string $password1, string $password2)
9183
{
9284
return hash_equals($password1, $password2);
9385
}
9486

9587
/**
9688
* Checks if the password is too long.
9789
*
98-
* @param string $password The password to check
99-
*
10090
* @return bool true if the password is too long, false otherwise
10191
*/
102-
protected function isPasswordTooLong($password)
92+
protected function isPasswordTooLong(string $password)
10393
{
10494
return \strlen($password) > static::MAX_PASSWORD_LENGTH;
10595
}

src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ public function __construct(string $algorithm = 'sha512', bool $encodeHashAsBase
3939
/**
4040
* {@inheritdoc}
4141
*/
42-
public function encodePassword($raw, $salt)
42+
public function encodePassword(string $raw, ?string $salt)
4343
{
4444
if ($this->isPasswordTooLong($raw)) {
4545
throw new BadCredentialsException('Invalid password.');
@@ -63,7 +63,7 @@ public function encodePassword($raw, $salt)
6363
/**
6464
* {@inheritdoc}
6565
*/
66-
public function isPasswordValid($encoded, $raw, $salt)
66+
public function isPasswordValid(string $encoded, string $raw, ?string $salt)
6767
{
6868
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
6969
}

src/Symfony/Component/Security/Core/Encoder/MigratingPasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,15 +34,15 @@ public function __construct(PasswordEncoderInterface $bestEncoder, PasswordEncod
3434
/**
3535
* {@inheritdoc}
3636
*/
37-
public function encodePassword($raw, $salt): string
37+
public function encodePassword(string $raw, ?string $salt): string
3838
{
3939
return $this->bestEncoder->encodePassword($raw, $salt);
4040
}
4141

4242
/**
4343
* {@inheritdoc}
4444
*/
45-
public function isPasswordValid($encoded, $raw, $salt): bool
45+
public function isPasswordValid(string $encoded, string $raw, ?string $salt): bool
4646
{
4747
if ($this->bestEncoder->isPasswordValid($encoded, $raw, $salt)) {
4848
return true;

src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ public function __construct(int $opsLimit = null, int $memLimit = null, int $cos
5757
/**
5858
* {@inheritdoc}
5959
*/
60-
public function encodePassword($raw, $salt)
60+
public function encodePassword(string $raw, ?string $salt)
6161
{
6262
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
6363
throw new BadCredentialsException('Invalid password.');
@@ -78,7 +78,7 @@ public function encodePassword($raw, $salt)
7878
/**
7979
* {@inheritdoc}
8080
*/
81-
public function isPasswordValid($encoded, $raw, $salt): bool
81+
public function isPasswordValid(string $encoded, string $raw, ?string $salt): bool
8282
{
8383
if (72 < \strlen($raw) && 0 === strpos($encoded, '$2')) {
8484
// BCrypt encodes only the first 72 chars

src/Symfony/Component/Security/Core/Encoder/PasswordEncoderInterface.php

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,15 +23,12 @@ interface PasswordEncoderInterface
2323
/**
2424
* Encodes the raw password.
2525
*
26-
* @param string $raw The password to encode
27-
* @param string|null $salt The salt
28-
*
2926
* @return string The encoded password
3027
*
3128
* @throws BadCredentialsException If the raw password is invalid, e.g. excessively long
3229
* @throws \InvalidArgumentException If the salt is invalid
3330
*/
34-
public function encodePassword($raw, $salt);
31+
public function encodePassword(string $raw, ?string $salt);
3532

3633
/**
3734
* Checks a raw password against an encoded password.
@@ -44,7 +41,7 @@ public function encodePassword($raw, $salt);
4441
*
4542
* @throws \InvalidArgumentException If the salt is invalid
4643
*/
47-
public function isPasswordValid($encoded, $raw, $salt);
44+
public function isPasswordValid(string $encoded, string $raw, ?string $salt);
4845

4946
/**
5047
* Checks if an encoded password would benefit from rehashing.

src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ public function __construct(string $algorithm = 'sha512', bool $encodeHashAsBase
5252
*
5353
* @throws \LogicException when the algorithm is not supported
5454
*/
55-
public function encodePassword($raw, $salt)
55+
public function encodePassword(string $raw, ?string $salt)
5656
{
5757
if ($this->isPasswordTooLong($raw)) {
5858
throw new BadCredentialsException('Invalid password.');
@@ -70,7 +70,7 @@ public function encodePassword($raw, $salt)
7070
/**
7171
* {@inheritdoc}
7272
*/
73-
public function isPasswordValid($encoded, $raw, $salt)
73+
public function isPasswordValid(string $encoded, string $raw, ?string $salt)
7474
{
7575
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
7676
}

src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ public function __construct(bool $ignorePasswordCase = false)
3333
/**
3434
* {@inheritdoc}
3535
*/
36-
public function encodePassword($raw, $salt)
36+
public function encodePassword(string $raw, ?string $salt)
3737
{
3838
if ($this->isPasswordTooLong($raw)) {
3939
throw new BadCredentialsException('Invalid password.');
@@ -45,7 +45,7 @@ public function encodePassword($raw, $salt)
4545
/**
4646
* {@inheritdoc}
4747
*/
48-
public function isPasswordValid($encoded, $raw, $salt)
48+
public function isPasswordValid(string $encoded, string $raw, ?string $salt)
4949
{
5050
if ($this->isPasswordTooLong($raw)) {
5151
return false;

src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ public static function isSupported(): bool
5454
/**
5555
* {@inheritdoc}
5656
*/
57-
public function encodePassword($raw, $salt): string
57+
public function encodePassword(string $raw, ?string $salt): string
5858
{
5959
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
6060
throw new BadCredentialsException('Invalid password.');
@@ -74,7 +74,7 @@ public function encodePassword($raw, $salt): string
7474
/**
7575
* {@inheritdoc}
7676
*/
77-
public function isPasswordValid($encoded, $raw, $salt): bool
77+
public function isPasswordValid(string $encoded, string $raw, ?string $salt): bool
7878
{
7979
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
8080
return false;

src/Symfony/Component/Security/Core/Encoder/UserPasswordEncoder.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ public function __construct(EncoderFactoryInterface $encoderFactory)
3030
/**
3131
* {@inheritdoc}
3232
*/
33-
public function encodePassword(UserInterface $user, $plainPassword)
33+
public function encodePassword(UserInterface $user, string $plainPassword)
3434
{
3535
$encoder = $this->encoderFactory->getEncoder($user);
3636

@@ -40,7 +40,7 @@ public function encodePassword(UserInterface $user, $plainPassword)
4040
/**
4141
* {@inheritdoc}
4242
*/
43-
public function isPasswordValid(UserInterface $user, $raw)
43+
public function isPasswordValid(UserInterface $user, string $raw)
4444
{
4545
$encoder = $this->encoderFactory->getEncoder($user);
4646

src/Symfony/Component/Security/Core/Encoder/UserPasswordEncoderInterface.php

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -23,20 +23,14 @@ interface UserPasswordEncoderInterface
2323
/**
2424
* Encodes the plain password.
2525
*
26-
* @param UserInterface $user The user
27-
* @param string $plainPassword The password to encode
28-
*
2926
* @return string The encoded password
3027
*/
31-
public function encodePassword(UserInterface $user, $plainPassword);
28+
public function encodePassword(UserInterface $user, string $plainPassword);
3229

3330
/**
34-
* @param UserInterface $user The user
35-
* @param string $raw A raw password
36-
*
3731
* @return bool true if the password is valid, false otherwise
3832
*/
39-
public function isPasswordValid(UserInterface $user, $raw);
33+
public function isPasswordValid(UserInterface $user, string $raw);
4034

4135
/**
4236
* Checks if an encoded password would benefit from rehashing.

0 commit comments

Comments
 (0)