Merge branch '6.3' into 6.4

nicolas-grekas · nicolas-grekas · commit 4a676374d405 · 2023-09-27T15:58:47.000+02:00
* 6.3:
  [Cache] Fix Redis6Proxy
  [Finder] Disable failing test about open_basedir
  Fix merge
  Fix merge
  [Notifier] Telegram Bridge add escaping for \
  [Routing] Fix routing collection defaults when adding a new route to a collection
  [Messenger] Fix cloned TraceableStack not unstacking the stack independently
  [DependencyInjection] Fix autocasting null env values to empty string with container.env_var_processors_locator
  [Cache] Fix support for Redis Sentinel using php-redis 6.0.0
  [Notifier] Fix Smsmode HttpClient mandatory headers
  minor #51693 Disable the dead code analysis in Psalm (stof)
  Update the PR template
  [SecurityBundle][PasswordHasher] Fix password migration with custom hasher service with security bundle config
  [Translator] Fix support for `default_path` in XML
  [FrameworkBundle] Handle tags array attributes in descriptors
  [HttpClient] Fix TraceableResponse if response has no destruct method
  [FrameworkBundle] Always use buildDir as `ConfigBuilderGenerator` outputDir
diff --git a/Hasher/PasswordHasherFactory.php b/Hasher/PasswordHasherFactory.php
@@ -70,6 +70,14 @@ public function getPasswordHasher(string|PasswordAuthenticatedUserInterface|Pass
      */
     private function createHasher(array $config, bool $isExtra = false): PasswordHasherInterface
     {
+        if (isset($config['instance'])) {
+            if (!isset($config['migrate_from'])) {
+                return $config['instance'];
+            }
+
+            $config = $this->getMigratingPasswordConfig($config);
+        }
+
         if (isset($config['algorithm'])) {
             $rawConfig = $config;
             $config = $this->getHasherConfigFromAlgorithm($config);
@@ -126,24 +134,8 @@ private function getHasherConfigFromAlgorithm(array $config): array
             ];
         }
 
-        if ($frompasswordHashers = ($config['migrate_from'] ?? false)) {
-            unset($config['migrate_from']);
-            $hasherChain = [$this->createHasher($config, true)];
-
-            foreach ($frompasswordHashers as $name) {
-                if ($hasher = $this->passwordHashers[$name] ?? false) {
-                    $hasher = $hasher instanceof PasswordHasherInterface ? $hasher : $this->createHasher($hasher, true);
-                } else {
-                    $hasher = $this->createHasher(['algorithm' => $name], true);
-                }
-
-                $hasherChain[] = $hasher;
-            }
-
-            return [
-                'class' => MigratingPasswordHasher::class,
-                'arguments' => $hasherChain,
-            ];
+        if ($config['migrate_from'] ?? false) {
+            return $this->getMigratingPasswordConfig($config);
         }
 
         switch ($config['algorithm']) {
@@ -223,4 +215,26 @@ private function getHasherConfigFromAlgorithm(array $config): array
             ],
         ];
     }
+
+    private function getMigratingPasswordConfig(array $config): array
+    {
+        $frompasswordHashers = $config['migrate_from'];
+        unset($config['migrate_from']);
+        $hasherChain = [$this->createHasher($config, true)];
+
+        foreach ($frompasswordHashers as $name) {
+            if ($hasher = $this->passwordHashers[$name] ?? false) {
+                $hasher = $hasher instanceof PasswordHasherInterface ? $hasher : $this->createHasher($hasher, true);
+            } else {
+                $hasher = $this->createHasher(['algorithm' => $name], true);
+            }
+
+            $hasherChain[] = $hasher;
+        }
+
+        return [
+            'class' => MigratingPasswordHasher::class,
+            'arguments' => $hasherChain,
+        ];
+    }
 }
diff --git a/Tests/Hasher/PasswordHasherFactoryTest.php b/Tests/Hasher/PasswordHasherFactoryTest.php
@@ -48,6 +48,17 @@ public function testGetHasherWithService()
         $this->assertEquals($expectedHasher->hash('foo', ''), $hasher->hash('foo', ''));
     }
 
+    public function testGetHasherWithInstance()
+    {
+        $factory = new PasswordHasherFactory([
+            PasswordAuthenticatedUserInterface::class => ['instance' => new MessageDigestPasswordHasher('sha1')],
+        ]);
+
+        $hasher = $factory->getPasswordHasher($this->createMock(PasswordAuthenticatedUserInterface::class));
+        $expectedHasher = new MessageDigestPasswordHasher('sha1');
+        $this->assertEquals($expectedHasher->hash('foo', ''), $hasher->hash('foo', ''));
+    }
+
     public function testGetHasherWithClassName()
     {
         $factory = new PasswordHasherFactory([
@@ -183,6 +194,28 @@ public function testDefaultMigratingHashers()
             (new PasswordHasherFactory([SomeUser::class => ['class' => SodiumPasswordHasher::class, 'arguments' => []]]))->getPasswordHasher(SomeUser::class)
         );
     }
+
+    public function testMigrateFromWithCustomInstance()
+    {
+        if (!SodiumPasswordHasher::isSupported()) {
+            $this->markTestSkipped('Sodium is not available');
+        }
+
+        $sodium = new SodiumPasswordHasher();
+
+        $factory = new PasswordHasherFactory([
+            'digest_hasher' => $digest = new MessageDigestPasswordHasher('sha256'),
+            SomeUser::class => ['instance' => $sodium, 'migrate_from' => ['bcrypt', 'digest_hasher']],
+        ]);
+
+        $hasher = $factory->getPasswordHasher(SomeUser::class);
+        $this->assertInstanceOf(MigratingPasswordHasher::class, $hasher);
+
+        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify($digest->hash('foo', null), 'foo', null));
+        $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $hasher->hash('foo', null));
+    }
 }
 
 class SomeUser implements PasswordAuthenticatedUserInterface
