Skip to content

[Security] Update password upgrader listener to work with the new UserBadge #39111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 18, 2020
Merged

[Security] Update password upgrader listener to work with the new UserBadge #39111

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ CHANGELOG
* Added `LoginThrottlingListener`.
* Added `LoginLinkAuthenticator`.
* Moved methods `supports()` and `authenticate()` from `AbstractListener` to `FirewallListenerInterface`.
* [BC break] `PasswordUpgradeBadge::getPasswordUpgrader()` changed its return type to return null or a `PasswordUpgraderInterface` implementation.

5.1.0
-----
Expand Down
8 changes: 4 additions & 4 deletions src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/PasswordUpgradeBadge.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ class PasswordUpgradeBadge implements BadgeInterface
private $passwordUpgrader;

/**
* @param string $plaintextPassword The presented password, used in the rehash
* @param PasswordUpgraderInterface $passwordUpgrader The password upgrader, usually the UserProvider
* @param string $plaintextPassword The presented password, used in the rehash
* @param PasswordUpgraderInterface|null $passwordUpgrader The password upgrader, defaults to the UserProvider if null
*/
public function __construct(string $plaintextPassword, PasswordUpgraderInterface $passwordUpgrader)
public function __construct(string $plaintextPassword, ?PasswordUpgraderInterface $passwordUpgrader = null)
{
$this->plaintextPassword = $plaintextPassword;
$this->passwordUpgrader = $passwordUpgrader;
Expand All @@ -51,7 +51,7 @@ public function getAndErasePlaintextPassword(): string
return $password;
}

public function getPasswordUpgrader(): PasswordUpgraderInterface
public function getPasswordUpgrader(): ?PasswordUpgraderInterface
{
return $this->passwordUpgrader;
}
Expand Down
16 changes: 15 additions & 1 deletion src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
use Symfony\Component\Security\Http\Event\LoginSuccessEvent;

Expand Down Expand Up @@ -53,7 +55,19 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
return;
}

$badge->getPasswordUpgrader()->upgradePassword($user, $passwordEncoder->encodePassword($plaintextPassword, $user->getSalt()));
$passwordUpgrader = $badge->getPasswordUpgrader();
if (null === $passwordUpgrader) {
/** @var UserBadge $userBadge */
$userBadge = $passport->getBadge(UserBadge::class);
$userLoader = $userBadge->getUserLoader();
if (\is_array($userLoader) && $userLoader[0] instanceof PasswordUpgraderInterface) {
$passwordUpgrader = $userLoader[0];
} else {
return;
}
}

$passwordUpgrader->upgradePassword($user, $passwordEncoder->encodePassword($plaintextPassword, $user->getSalt()));
}

public static function getSubscribedEvents(): array
Expand Down
3 changes: 3 additions & 0 deletions src/Symfony/Component/Security/Http/EventListener/UserProviderListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@
use Symfony\Component\Security\Http\Event\CheckPassportEvent;

/**
* Configures the user provider as user loader, if no user load
* has been explicitly set.
*
* @author Wouter de Jong <wouter@wouterj.nl>
*
* @final
Expand Down
36 changes: 26 additions & 10 deletions src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
Expand All @@ -34,9 +35,14 @@ class PasswordMigratingListenerTest extends TestCase

protected function setUp(): void
{
$this->user = $this->createMock(UserInterface::class);
$this->user->expects($this->any())->method('getPassword')->willReturn('old-encoded-password');
$encoder = $this->createMock(PasswordEncoderInterface::class);
$encoder->expects($this->any())->method('needsRehash')->willReturn(true);
$encoder->expects($this->any())->method('encodePassword')->with('pa$$word', null)->willReturn('new-encoded-password');
$this->encoderFactory = $this->createMock(EncoderFactoryInterface::class);
$this->encoderFactory->expects($this->any())->method('getEncoder')->with($this->user)->willReturn($encoder);
$this->listener = new PasswordMigratingListener($this->encoderFactory);
$this->user = $this->createMock(UserInterface::class);
}

/**
Expand All @@ -61,16 +67,8 @@ public function provideUnsupportedEvents()
yield [$this->createEvent($this->createMock(PassportInterface::class))];
}

public function testUpgrade()
public function testUpgradeWithUpgrader()
{
$encoder = $this->createMock(PasswordEncoderInterface::class);
$encoder->expects($this->any())->method('needsRehash')->willReturn(true);
$encoder->expects($this->any())->method('encodePassword')->with('pa$$word', null)->willReturn('new-encoded-password');

$this->encoderFactory->expects($this->any())->method('getEncoder')->with($this->user)->willReturn($encoder);

$this->user->expects($this->any())->method('getPassword')->willReturn('old-encoded-password');

$passwordUpgrader = $this->createPasswordUpgrader();
$passwordUpgrader->expects($this->once())
->method('upgradePassword')
Expand All @@ -81,6 +79,20 @@ public function testUpgrade()
$this->listener->onLoginSuccess($event);
}

public function testUpgradeWithoutUpgrader()
{
$userLoader = $this->createMock(MigratingUserProvider::class);
$userLoader->expects($this->any())->method('loadUserByUsername')->willReturn($this->user);

$userLoader->expects($this->once())
->method('upgradePassword')
->with($this->user, 'new-encoded-password')
;

$event = $this->createEvent(new SelfValidatingPassport(new UserBadge('test', [$userLoader, 'loadUserByUsername']), [new PasswordUpgradeBadge('pa$$word')]));
$this->listener->onLoginSuccess($event);
}

private function createPasswordUpgrader()
{
return $this->createMock(PasswordUpgraderInterface::class);
Expand All @@ -91,3 +103,7 @@ private function createEvent(PassportInterface $passport)
return new LoginSuccessEvent($this->createMock(AuthenticatorInterface::class), $passport, $this->createMock(TokenInterface::class), new Request(), null, 'main');
}
}

abstract class MigratingUserProvider implements UserProviderInterface, PasswordUpgraderInterface
{
}