[2.7][SecurityBundle] Added a command to encode a password #12818
Conversation
saro0h
force-pushed
the
command-encode-password
branch
from
68b50d1 to
75a9926
Compare
| $table = new Table($output); | ||
| $table | ||
| ->setHeaders(array('Key', 'Value')) | ||
| ->addRow(array('Raw password', $input->getOption('show-password') ? $password : str_repeat('*', mb_strlen($password)))) |
There was a problem hiding this comment.
By showing the length, you're partially leaking some informations about the password
There was a problem hiding this comment.
I know. What's the problem about that?
There was a problem hiding this comment.
Why showing something when the use ask for not "--show-password"?
There was a problem hiding this comment.
To have some consistency between the 2 outputs.
saro0h
force-pushed
the
command-encode-password
branch
from
75a9926 to
728f231
Compare
saro0h
changed the title
| { | ||
| $saltQuestion = new Question('<question>Provide a salt (if none, a salt will be generated):</question> '); | ||
|
|
||
| $that = $this; |
There was a problem hiding this comment.
Why not saving container instead of whole class?
saro0h
force-pushed
the
command-encode-password
branch
from
728f231 to
50e0662
Compare
saro0h
force-pushed
the
command-encode-password
branch
3 times, most recently
from
13b8d53 to
8e227b1
Compare
saro0h
force-pushed
the
command-encode-password
branch
2 times, most recently
from
dc3816d to
35ad91f
Compare
saro0h
changed the title
|
Ping @javiereguiluz : Is that what you expected? |
|
@saro0h sorry for the late response. This is indeed what I expected, but I think we can simplify the user experience of the command. I find it confusing having to read so many text and it's also confusing to me the order of the questions. The ida of this command is to provide a very simple and lightweight utility to encode plain text passwords using the appropriate encoding. The way passwords are encoded makes it almost "impossible" to encode the password by hand. This is necessary when you want to encode passwords for the "in_memory" provider and when you want to do checks of encoded passwords in the database. This is how I imagined this command could work: In addition, if you only define one encoder, the command shouldn't ask you to pick one. |
saro0h
changed the title
saro0h
force-pushed
the
command-encode-password
branch
from
35ad91f to
1b877b9
Compare
|
@javiereguiluz Unfortunatly, I can't access the |
saro0h
force-pushed
the
command-encode-password
branch
from
1b877b9 to
addbfb9
Compare
|
I like the idea, but why should we do a totaly "Symfony-coupled" implementation instead of console application ? This can be useful for a lot of PHP projects (and developpers). Maybe can you check the minimal dependencies to provide this kind of stuff ? I you don't, I will :) |
|
@saro0h : I provided a similar command (but much less worked) in a separate bundle, and I faced the same issue about the |
|
@mickaelandrieu which PHP Open-Source projects? Maybe Silex eventually. I don't think decoupling this command really worths it for now. It mostly serves Symfony users first. Maybe if there is a real need to get it extracted somewhere else, we will be able to do it. @ogizanagi instead of parsing the YAML files, the easiest way is to rely on a global configuration parameter in the container. Remember the console is executed at "runtime" whereas configuration files like |
|
@hhamon : Indeed, I completely ignored the environments in my suggestion. This was a bad idea...
Should the |
|
Nope it doesn't and I think it's a bad idea to expose it just for this command. |
saro0h
force-pushed
the
command-encode-password
branch
7 times, most recently
from
0ca0f46 to
f71109f
Compare
|
Ping @fabpot |
| @@ -18,12 +18,13 @@ | |||
| "require": { | |||
| "php": ">=5.3.9", | |||
| "symfony/security": "~2.7|~3.0.0", | |||
| "symfony/http-kernel": "~2.2|~3.0.0" | |||
| "symfony/http-kernel": "~2.2|~3.0.0", | |||
| "ircmaxell/password-compat": "dev-master" | |||
There was a problem hiding this comment.
Do we really need to depend on dev-master, that makes me nervous :)
There was a problem hiding this comment.
Also, is it really a hard requirement? It's only useful on older versions of PHP.
There was a problem hiding this comment.
I don't remember why I added it :/ Let me remove it.
saro0h
force-pushed
the
command-encode-password
branch
from
f71109f to
6561f11
Compare
| The command allows you to provide your own <comment>salt</comment>. If you don't provide any, | ||
| the command will take about that for you. | ||
|
|
||
| You can also use the non interactive |
There was a problem hiding this comment.
Looks unfinished to me. While you are at it, can you rework the documentation to describe the non-interactive way first?
saro0h
force-pushed
the
command-encode-password
branch
from
6561f11 to
033236c
Compare
|
👍 for the feature. |
|
ping @fabpot Done |
| with the <comment>bcrypt</comment> encoder. | ||
|
|
||
| The command allows you to provide your own <comment>salt</comment>. If you don't provide any, | ||
| the command will take about that for you. |
saro0h
force-pushed
the
command-encode-password
branch
2 times, most recently
from
964c4fb to
0e8aedf
Compare
|
@fabpot Now I remember why I added the package |
saro0h
force-pushed
the
command-encode-password
branch
from
0e8aedf to
3c6acc4
Compare
| @@ -37,7 +37,8 @@ | |||
| "symfony/yaml": "~2.0,>=2.0.5|~3.0.0", | |||
| "symfony/expression-language": "~2.6|~3.0.0", | |||
| "doctrine/doctrine-bundle": "~1.2", | |||
| "twig/twig": "~1.12" | |||
| "twig/twig": "~1.12", | |||
| "ircmaxell/password-compat": "1.0.4" | |||
There was a problem hiding this comment.
Do you really need a specific version here? Can't we just use ~1 or ~1.0?
saro0h
force-pushed
the
command-encode-password
branch
from
3c6acc4 to
a7bd0fc
Compare
|
Ping @fabpot modification done. |
|
Thank you @saro0h. |
…word (saro0h) This PR was merged into the 2.7 branch. Discussion ---------- [2.7][SecurityBundle] Added a command to encode a password | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #11206 | License | MIT | Doc PR | ~ - [x] Give some love to the UI (need your feedbacks) - [x] Write tests - [x] Write documentation ------------------------------------------------------- The encoder got depend directly from the configuration of the user class in the security.yml. So the user choose the user type, and, using the method `getEncoder($user)` of the `security.encoder_factory` service, I get the right encoder configured. *Here is the output for `security:encode-password`*:  Commits ------- a7bd0fc Added a command to encode a password
|
\o/ |
…guments order. (ogizanagi) This PR was merged into the 2.7 branch. Discussion ---------- [SecurityBundle] UserPasswordEncoderCommand: fix help arguments order. | Q | A | ------------- | --- | Fixed tickets | ✘ | License | MIT A very small fix about the newly introduced command to encode a user password (#12818). The help message states the command looks like: ``` security:encode-password [password] [salt] [user-class] ``` but is the following instead: ``` security:encode-password [password] [user-class] [salt] ``` Commits ------- 0a5b1b9 [SecurityBundle] UserPasswordEncoderCommand: fix help arguments order.
The encoder got depend directly from the configuration of the user class in the security.yml.
So the user choose the user type, and, using the method
getEncoder($user)of thesecurity.encoder_factoryservice, I get the right encoder configured.Here is the output for
security:encode-password: