Thanks to visit codestin.com
Credit goes to github.com

Skip to content

How to use NotCompromisedPasswordValidator in tests/dev? #30871

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nicolas-grekas opened this issue Apr 5, 2019 · 5 comments
Closed

How to use NotCompromisedPasswordValidator in tests/dev? #30871

nicolas-grekas opened this issue Apr 5, 2019 · 5 comments
Labels
Validator

Comments

@nicolas-grekas
Copy link
Member

Asked on https://symfony.com/blog/new-in-symfony-4-3-compromised-password-validator
What's the recommended way to test/dev with the validator added on entities via annotations?
@stof
Copy link
Member

stof commented Apr 5, 2019

Maybe we could register a no-op ConstraintValidator for that constraint in testing mode (not sure about dev mode though)

@nicolas-grekas
Copy link
Member Author

Using a MockHttpClient could do it also, not sure how easy it would be though.

@lyrixx
Copy link
Member

lyrixx commented Apr 5, 2019
edited
Loading

It would be nice to be able to use DIC parameter:

/**
 * Assert\NotPwnedValidator(disabled="%kernel.debug%")
 */
private $email

BTW, we have such behavior in an internal project for google recaptcha;

class RecaptchaValidator extends ConstraintValidator
{
    private $enabled;
    private $privateKey;
    private $requestStack;
    private $httpClient;

    public function __construct(array $recaptchaConfig, RequestStack $requestStack, HttpClient $httpClient)
    {
        $this->enabled = $recaptchaConfig['enabled'];
        $this->privateKey = $recaptchaConfig['private_key'];
        $this->requestStack = $requestStack;
        $this->httpClient = $httpClient;
    }

    /**
     * {@inheritdoc}
     */
    public function validate($value, Constraint $constraint)
    {
        // if recaptcha is disabled, always valid
        if (!$this->enabled) {
            return;
        }

@stof
Copy link
Member

stof commented Apr 5, 2019

Well, this enabled option is in the Validator, not in the constraint. So you would not apply it in the annotation.
But FrameworkBundle could indeed have a configuration option to disable the validation logic (similar to what we do for the strict mode of the email validator)

@curry684
Copy link
Contributor

curry684 commented Apr 6, 2019

Given that this issue will come up more frequently now that we have an HTTP client - shouldn't we introduce some global setting that disables all external dependencies, that defaults to framework.testing?

@lyrixx lyrixx self-assigned this Apr 6, 2019
@lyrixx lyrixx changed the title How to use NotPwnedValidator in tests/dev? How to use NotCompromisedPasswordValidator in tests/dev? Apr 6, 2019
@lyrixx lyrixx mentioned this issue Apr 6, 2019
Merged
@lyrixx lyrixx removed their assignment Apr 6, 2019
@fabpot fabpot closed this as completed Apr 6, 2019
fabpot added a commit that referenced this issue Apr 6, 2019
@fabpot
feature #30932 [Validator] Add an option to disable NotCompromisedPas…
f80df4c 
…swordValidator (lyrixx)

This PR was merged into the 4.3-dev branch.

Discussion
----------

[Validator] Add an option to disable NotCompromisedPasswordValidator

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #30871
| License       | MIT
| Doc PR        | symfony/symfony-docs#11327

EUFOSSA

Commits
-------

9a2787e [Validator] Add an option to disable NotCompromisedPasswordValidator
This was referenced Apr 10, 2019
Closed
Merged
fabpot added a commit that referenced this issue May 6, 2019
@fabpot
feature #31060 [Validator] Make API endpoint for NotCompromisedPasswo…
ecfccc6 
…rdValidator configurable (xelan)

This PR was squashed before being merged into the 4.3-dev branch (closes #31060).

Discussion
----------

[Validator] Make API endpoint for NotCompromisedPasswordValidator configurable

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | yes, but acceptable [1]
| Deprecations? | no [1]
| Tests pass?   | yes
| Fixed tickets | #30871, #31054
| License       | MIT
| Doc PR        | symfony/symfony-docs#... (TODO)

Makes the API endpoint for the `NotCompromisedPasswordValidator` configurable. The endpoint includes the placeholder which will be replaced with the first digits of the password hash for k-anonymity.

The endpoint can either be set via constructor injection of the validator if the component is used standalone, or via the framework configuration of symfony/framework-bundle.

[1] As discussed in #31054, the validator is not in a stable release yet, therefore the BC break is considered acceptable. No deprecation / BC layer is necessary.

Commits
-------

f6a80c2 [Validator] Make API endpoint for NotCompromisedPasswordValidator configurable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Validator
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@fabpot @nicolas-grekas @lyrixx @stof @curry684 @xabbuh