Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactored the update of the hashed password and canonical fields #1615

Merged
merged 1 commit into from
Oct 20, 2016
Merged

Refactored the update of the hashed password and canonical fields #1615

merged 1 commit into from
Oct 20, 2016

Conversation

stof
Copy link
Member

@stof stof commented Sep 26, 2014
edited
Loading

The responsibility of updating these fields is moved to dedicated services instead of being in the UserManager, allowing to inject them in the Doctrine listener and the validator initializer without any issue about circular dependencies.

This PR currently includes #1612 as they would conflict together otherwise. I will need to be rebased once the other PR is merged.

This is a BC break for people extending the user manager (or instantiating the existing one themselves, but this would be weird) as the constructor signature has changed.

@merk
Copy link
Member

merk commented Sep 27, 2014

👍

1 similar comment
@sstok
Copy link

sstok commented Sep 28, 2014

👍

@stof stof removed the in progress label Jan 19, 2015
@stof stof force-pushed the field_updaters branch from a06dbe1 to 374b774 Compare June 1, 2015 09:52
@stof stof mentioned this pull request Jun 16, 2015
Closed
sstok
sstok reviewed Jun 16, 2015
View reviewed changes
Util/PasswordUpdater.php
{
$plainPassword = $user->getPlainPassword();

if (0 === strlen($plainPassword)) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CS and this can be optimized to if ('' === $plainPassword) {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, because this would not handle null anymore

@stof stof changed the title [WIP] Refactored the update of the hashed password and canonical fields Refactored the update of the hashed password and canonical fields Jan 27, 2016
@stof stof force-pushed the field_updaters branch 2 times, most recently from d2b1d51 to bbcc4b7 Compare October 14, 2016 21:14
@stof
Refactored the update of the hashed password and canonical fields
c0d50c5 
The responsibility of updating these fields is moved to dedicated
services instead of being in the UserManager, allowing to inject them in
the Doctrine listener and the validator initializer without any issue
about circular dependencies.
@stof stof added this to the 2.0 milestone Oct 14, 2016
@XWB
Copy link
Member

XWB commented Oct 17, 2016

👍

@stof
Copy link
Member Author

stof commented Oct 17, 2016
edited
Loading

@XWB FYI, I have further improvements in my mind following this:

  • regenerating the salt on each password update instead of relying on the User constructor to generate it
  • make the salt optional in the User object, and avoid generating it for encoders not needing it (the bcrypt encoder generates the salt itself, as the salt option is deprecated in PHP 7)

These will come in separate PRs.

@XWB
Copy link
Member

XWB commented Oct 20, 2016

Yes we should make the salt optional before 2.0 goes final.

@XWB XWB merged commit 05280e7 into FriendsOfSymfony:master Oct 20, 2016
@xabbuh xabbuh mentioned this pull request Oct 22, 2016
Closed
@stof stof deleted the field_updaters branch November 13, 2016 16:15
@stof stof mentioned this pull request Nov 28, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0
Development

Successfully merging this pull request may close these issues.
7 participants
@stof @merk @sstok @XWB @kdinn @binhle410 @xabbuh