Skip to content

Commit dca28a2

Browse files
matasonmatason
committed
[PasswordHasher] Prevent PHP fatal error when using auto algorithm
1 parent 10607db commit dca28a2

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -116,9 +116,13 @@ private function getHasherConfigFromAlgorithm(array $config): array
116116
if ('auto' === $config['algorithm']) {
117117
// "plaintext" is not listed as any leaked hashes could then be used to authenticate directly
118118
if (SodiumPasswordHasher::isSupported()) {
119-
$algorithms = ['native', 'sodium', 'pbkdf2', $config['hash_algorithm']];
119+
$algorithms = ['native', 'sodium', 'pbkdf2'];
120120
} else {
121-
$algorithms = ['native', 'pbkdf2', $config['hash_algorithm']];
121+
$algorithms = ['native', 'pbkdf2'];
122+
}
123+
124+
if ($config['hash_algorithm'] ?? '') {
125+
$algorithms[] = $config['hash_algorithm'];
122126
}
123127

124128
$hasherChain = [];

src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherAwareInterface;
1919
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;
2020
use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
21+
use Symfony\Component\PasswordHasher\PasswordHasherInterface;
2122
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
2223
use Symfony\Component\Security\Core\User\InMemoryUser;
2324
use Symfony\Component\Security\Core\User\UserInterface;
@@ -85,6 +86,16 @@ public function testGetHasherConfiguredForConcreteClassWithClassName()
8586
$this->assertEquals($expectedHasher->hash('foo', ''), $hasher->hash('foo', ''));
8687
}
8788

89+
public function testGetHasherConfiguredWithAuto()
90+
{
91+
$factory = new PasswordHasherFactory([
92+
'auto' => ['algorithm' => 'auto'],
93+
]);
94+
95+
$hasher = $factory->getPasswordHasher('auto');
96+
$this->assertInstanceOf(PasswordHasherInterface::class, $hasher);
97+
}
98+
8899
public function testGetNamedHasherForHasherAware()
89100
{
90101
$factory = new PasswordHasherFactory([

0 commit comments

Comments
 (0)