Skip to content

[Security] Password encoder factory backward compatibility #41877

@dvesh3

Description

@dvesh3

Symfony version(s) affected: 5.3.x

Description
We have a custom password encoder factory that decorates the Symfony encoder factory and allows to delegate building the encoder to a type specific factory which then is able to create a dedicated encoder for a user object.

Until 5.2.x it worked as expected, but on ver. 5.3.x it started throwing exception "No password hasher has been configured for account...". After digging the issue, we found out, with #39802 password encoder has been deprecated and new password hasher factory has been introduced to replace it. This new factory is being used everywhere e.g.

service('security.password_hasher_factory'),

So this old encoder factory is deprecated and not used anywhere anymore except in security.command.user_password_encoder. how does this follow backward compatibility?

The problem is, we would like to support Symfony ver. 5.2 or higher, so if we switch to new password hasher factory then it will not be backward compatible and overriding the Symfony services to use old password encoder factory is not forward compatible.

Any help would be greatly appreciated. thanks!

Additional context
Issue described here: pimcore/pimcore#9489

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions