Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Allow enums in SignatureHasher::computeSignatureHash() #60302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BenMorel wants to merge 3 commits into
base: 8.1
Choose a base branch
from
Open

[Security] Allow enums in SignatureHasher::computeSignatureHash() #60302

BenMorel wants to merge 3 commits into from

Conversation

@BenMorel
Copy link
Contributor

@BenMorel BenMorel commented Apr 30, 2025

Q A
Branch? 7.3
Bug fix? no
New feature? yes
Deprecations? no
License MIT

Currently, using remember_me.signature_properties on a property holding an enum fails with:

The property path "status" on the user object "App\Security\SecurityUser" must return a value that can be cast to a string, but "App(...)\UserStatus" was returned.

We can add support for enums in one of three ways:

  1. support all enums, and use the enum case name
  2. support only backed enums, and use the enum case backing value (int|string)
  3. support all enums, and use enum case name + backing value if available (most sensitive to changes)

In the current PR I went with option 2, but I'm thinking that option 3 could be better:

Pros:

  • it would support all enums
  • it would detect changes such as exchanging values of 2 enum cases

Cons:

  • it would invalidate the token if an enum case is renamed

I would welcome feedback here.

@BenMorel BenMorel requested a review from chalasr as a code owner April 30, 2025 00:40
@carsonbot carsonbot added this to the 7.3 milestone Apr 30, 2025
@derrabus
Copy link
Member

derrabus commented Apr 30, 2025

Tests? 🙃

@OskarStark OskarStark changed the title Allow enums in SignatureHasher::computeSignatureHash() Allow enums in SignatureHasher::computeSignatureHash() Apr 30, 2025
@carsonbot carsonbot changed the title Allow enums in SignatureHasher::computeSignatureHash() [Security] Allow enums in SignatureHasher::computeSignatureHash() Apr 30, 2025
@stof
Copy link
Member

stof commented Apr 30, 2025

Only option 2 makes sense to me. If you need your enum to have a canonical scalar representation, you should use a backed enum (that's what they are about).

  • it would detect changes such as exchanging values of 2 enum cases

that's not something we need to detect IMO (your DB would also have issues in such case, and this would require an insane architecture IMO)

@BenMorel
Copy link
Contributor Author

BenMorel commented Apr 30, 2025

Alright then, thanks for your input, @stof.
@derrabus I'll add tests for the signature hasher, I was actually surprised to find none.

@BenMorel BenMorel force-pushed the signature_hasher_enum branch 5 times, most recently from 3815106 to d13454c Compare May 21, 2025 12:38
@BenMorel
Copy link
Contributor Author

BenMorel commented May 21, 2025

@chalasr @derrabus @stof Ready for review.

I've split the PR into 3 commits:

  • Commit 1 adds the feature, and adds missing tests for SignatureHasher.
    As you can see, tests are rather ugly as in its current state, SignatureHasher uses a hardcoded combination of hash_*() functions, base64_encode() and strtr(), with no mechanism in place to mock these: 
    ['someValue', ['arbitraryValue'], 'kfMzZgYYD1oeqSSW7m0k94VuRvS7LeHcKq-PKU8WD7k~0nuV8X2IlHqxDdPRNOLP-wp_v2KdVL9dNYJ0_557fGc~'],
['someValue', ['identifier', 'arbitraryValue'], 'myxvvho8WkMuOcMMeuRlZQFe58TNDQFgDrVFb8SZ50g~iJ4d_Agaa0AaCHZinVr_zZCgR2nSZgokvXIkv7ne1b4~'],
  • Commit 2 proposes introducing HasherInterface and HashContextInterface, which are now mockable, and allow to see what is hashed exactly in tests: 
    - ['someValue', ['arbitraryValue'], 'kfMzZgYYD1oeqSSW7m0k94VuRvS7LeHcKq-PKU8WD7k~0nuV8X2IlHqxDdPRNOLP-wp_v2KdVL9dNYJ0_557fGc~'],
- ['someValue', ['identifier', 'arbitraryValue'], 'myxvvho8WkMuOcMMeuRlZQFe58TNDQFgDrVFb8SZ50g~iJ4d_Agaa0AaCHZinVr_zZCgR2nSZgokvXIkv7ne1b4~'],
+ ['someValue', ['arbitraryValue'], true, 'HMAC(HASH(:someValue):1234567890:username,s3cr3t)HASH(:someValue)'],
+ ['someValue', ['identifier', 'arbitraryValue'], true, 'HMAC(HASH(:username:someValue):1234567890:username,s3cr3t)HASH(:username:someValue)'],
  • Commit 3 fixes a missing dependency on symfony/property-access, highlighted by the newly added tests for SignatureHasher.

@fabpot fabpot modified the milestones: 7.3, 7.4 May 26, 2025
@BenMorel BenMorel force-pushed the signature_hasher_enum branch from d13454c to 184663b Compare June 5, 2025 22:59
@BenMorel
Copy link
Contributor Author

BenMorel commented Jun 5, 2025

Rebased onto 7.4.

@BenMorel BenMorel force-pushed the signature_hasher_enum branch from 184663b to cec52d9 Compare June 5, 2025 23:14
nicolas-grekas
nicolas-grekas requested changes Sep 23, 2025
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR.
I'd rather remove the new interface and keep the current inline calls.
The reason is that we likely won't want to open a new API for hasher. Also that's unrelated to the purpose of the PR.
About the added deps, it should be moved to require-dev: the feature is optional.
Last but not least, we don't use strict types ;)

@nicolas-grekas nicolas-grekas modified the milestones: 7.4, 8.1 Nov 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas requested changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees

No one assigned

Labels

Feature Security Status: Needs Work

Projects

None yet

Milestone

8.1

Development

Successfully merging this pull request may close these issues.

7 participants

@BenMorel @derrabus @stof @nicolas-grekas @fabpot @OskarStark @carsonbot