[Security] Check UserInterface::getPassword is not null before calling needsRehash #34802
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
xabbuh
reviewed
Dec 4, 2019
src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
Outdated
Show resolved
Hide resolved
|
@xabbuh Based on #34824 (comment) I could make some additional changes in this PR if you agree. Which option would have your preference?
|
|
@dbrekelmans I think |
|
By the way, #34779 has been merged up to 4.4. You can rebase your changes now. :) |
|
@xabbuh I rebased on 4.4. I think the PR is good to go :) |
xabbuh
requested changes
Dec 6, 2019
src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
Outdated
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/Encoder/UserPasswordEncoder.php
Outdated
Show resolved
Hide resolved
xabbuh
approved these changes
Dec 6, 2019
|
Thank you @dbrekelmans. |
chalasr
added a commit
that referenced
this pull request
Dec 6, 2019
…fore calling needsRehash (dbrekelmans) This PR was squashed before being merged into the 4.4 branch (closes #34802). Discussion ---------- [Security] Check UserInterface::getPassword is not null before calling needsRehash | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - `Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface::needsRehash()` expects a string as the input argument. In some cases `Symfony\Component\Security\Core\User\UserInterface::getPassword()` is used as the input argument, but this function can return `null` resulting in a potential type error. Commits ------- 8e4cf49 [Security] Check UserInterface::getPassword is not null before calling needsRehash
|
And congratz for your first contrib! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface::needsRehash()expects a string as the input argument. In some casesSymfony\Component\Security\Core\User\UserInterface::getPassword()is used as the input argument, but this function can returnnullresulting in a potential type error.