[PasswordHasher] Fixed compatibility with existing password encoders

derrabus · derrabus · commit dcde4e5b1a0c · 2021-05-01T20:09:29.000+02:00
diff --git a/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php b/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php
@@ -14,6 +14,8 @@
 use Symfony\Component\PasswordHasher\Exception\LogicException;
 use Symfony\Component\PasswordHasher\PasswordHasherInterface;
 use Symfony\Component\Security\Core\Encoder\EncoderAwareInterface;
+use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
+use Symfony\Component\Security\Core\Encoder\PasswordHasherAdapter;
 
 /**
  * A generic hasher factory implementation.
@@ -25,6 +27,9 @@ class PasswordHasherFactory implements PasswordHasherFactoryInterface
 {
     private $passwordHashers;
 
+    /**
+     * @param array<string, PasswordHasherInterface|array> $passwordHashers
+     */
     public function __construct(array $passwordHashers)
     {
         $this->passwordHashers = $passwordHashers;
@@ -57,7 +62,10 @@ public function getPasswordHasher($user): PasswordHasherInterface
         }
 
         if (!$this->passwordHashers[$hasherKey] instanceof PasswordHasherInterface) {
-            $this->passwordHashers[$hasherKey] = $this->createHasher($this->passwordHashers[$hasherKey]);
+            $this->passwordHashers[$hasherKey] = $this->passwordHashers[$hasherKey] instanceof PasswordEncoderInterface
+                ? new PasswordHasherAdapter($this->passwordHashers[$hasherKey])
+                : $this->createHasher($this->passwordHashers[$hasherKey])
+            ;
         }
 
         return $this->passwordHashers[$hasherKey];
@@ -82,6 +90,9 @@ private function createHasher(array $config, bool $isExtra = false): PasswordHas
         }
 
         $hasher = new $config['class'](...$config['arguments']);
+        if (!$hasher instanceof PasswordHasherInterface && $hasher instanceof PasswordEncoderInterface) {
+            $hasher = new PasswordHasherAdapter($hasher);
+        }
 
         if ($isExtra || !\in_array($config['class'], [NativePasswordHasher::class, SodiumPasswordHasher::class], true)) {
             return $hasher;
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php
@@ -18,6 +18,7 @@
 use Symfony\Component\PasswordHasher\Hasher\PasswordHasherAwareInterface;
 use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;
 use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
+use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\UserInterface;
 
@@ -176,6 +177,24 @@ public function testDefaultMigratingHashers()
             (new PasswordHasherFactory([SomeUser::class => ['class' => SodiumPasswordHasher::class, 'arguments' => []]]))->getPasswordHasher(SomeUser::class)
         );
     }
+
+    /**
+     * @group legacy
+     */
+    public function testLegacyEncoderObject()
+    {
+        $factory = new PasswordHasherFactory([SomeUser::class => new PlaintextPasswordEncoder()]);
+        self::assertSame('foo{bar}', $factory->getPasswordHasher(SomeUser::class)->hash('foo', 'bar'));
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testLegacyEncoderClass()
+    {
+        $factory = new PasswordHasherFactory([SomeUser::class => ['class' => PlaintextPasswordEncoder::class, 'arguments' => []]]);
+        self::assertSame('foo{bar}', $factory->getPasswordHasher(SomeUser::class)->hash('foo', 'bar'));
+    }
 }
 
 class SomeUser implements UserInterface
diff --git a/src/Symfony/Component/PasswordHasher/composer.json b/src/Symfony/Component/PasswordHasher/composer.json
@@ -23,6 +23,9 @@
         "symfony/security-core": "^5.3",
         "symfony/console": "^5"
     },
+    "conflict": {
+        "symfony/security-core": "<5.3"
+    },
     "autoload": {
         "psr-4": { "Symfony\\Component\\PasswordHasher\\": "" },
         "exclude-from-classmap": [
diff --git a/src/Symfony/Component/Security/Core/Encoder/PasswordHasherAdapter.php b/src/Symfony/Component/Security/Core/Encoder/PasswordHasherAdapter.php
@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+use Symfony\Component\PasswordHasher\LegacyPasswordHasherInterface;
+
+/**
+ * Forward compatibility for new new PasswordHasher component.
+ *
+ * @author Alexander M. Turek <me@derrabus.de>
+ *
+ * @internal To be removed in Symfony 6
+ */
+final class PasswordHasherAdapter implements LegacyPasswordHasherInterface
+{
+    private $passwordEncoder;
+
+    public function __construct(PasswordEncoderInterface $passwordEncoder)
+    {
+        $this->passwordEncoder = $passwordEncoder;
+    }
+
+    public function hash(string $plainPassword, ?string $salt = null): string
+    {
+        return $this->passwordEncoder->encodePassword($plainPassword, $salt);
+    }
+
+    public function verify(string $hashedPassword, string $plainPassword, ?string $salt = null): bool
+    {
+        return $this->passwordEncoder->isPasswordValid($hashedPassword, $plainPassword, $salt);
+    }
+
+    public function needsRehash(string $hashedPassword): bool
+    {
+        return $this->passwordEncoder->needsRehash($hashedPassword);
+    }
+}
