Skip to content

Commit a0a6b3f

Browse files
javiereguiluzjaviereguiluz
committed
Merge branch '7.2' into 7.3
* 7.2: Remove the wrong XML config sample [Security] remove `plaintext` password hasher usage
2 parents a233fb0 + f6c5a4b commit a0a6b3f

File tree

1 file changed

+24
-61
lines changed

1 file changed

+24
-61
lines changed

security/passwords.rst

Lines changed: 24 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -124,75 +124,38 @@ Further in this article, you can find a
124124

125125
.. code-block:: yaml
126126
127-
# config/packages/test/security.yaml
128-
security:
129-
# ...
130-
131-
password_hashers:
132-
# Use your user class name here
133-
App\Entity\User:
134-
algorithm: plaintext # disable hashing (only do this in tests!)
135-
136-
# or use the lowest possible values
137-
App\Entity\User:
138-
algorithm: auto # This should be the same value as in config/packages/security.yaml
139-
cost: 4 # Lowest possible value for bcrypt
140-
time_cost: 3 # Lowest possible value for argon
141-
memory_cost: 10 # Lowest possible value for argon
142-
143-
.. code-block:: xml
144-
145-
<!-- config/packages/test/security.xml -->
146-
<?xml version="1.0" encoding="UTF-8"?>
147-
<srv:container xmlns="http://symfony.com/schema/dic/security"
148-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
149-
xmlns:srv="http://symfony.com/schema/dic/services"
150-
xsi:schemaLocation="http://symfony.com/schema/dic/services
151-
https://symfony.com/schema/dic/services/services-1.0.xsd">
152-
153-
<config>
154-
<!-- class: Use your user class name here -->
155-
<!-- algorithm: disable hashing (only do this in tests!) -->
156-
<security:password-hasher
157-
class="App\Entity\User"
158-
algorithm="plaintext"
159-
/>
160-
161-
<!-- or use the lowest possible values -->
162-
<!-- algorithm: This should be the same value as in config/packages/security.yaml -->
163-
<!-- cost: Lowest possible value for bcrypt -->
164-
<!-- time_cost: Lowest possible value for argon -->
165-
<!-- memory_cost: Lowest possible value for argon -->
166-
<security:password-hasher
167-
class="App\Entity\User"
168-
algorithm="auto"
169-
cost="4"
170-
time_cost="3"
171-
memory_cost="10"
172-
/>
173-
</config>
174-
</srv:container>
127+
# config/packages/security.yaml
128+
when@test:
129+
security:
130+
# ...
131+
132+
password_hashers:
133+
# Use your user class name here
134+
App\Entity\User:
135+
algorithm: auto
136+
cost: 4 # Lowest possible value for bcrypt
137+
time_cost: 3 # Lowest possible value for argon
138+
memory_cost: 10 # Lowest possible value for argon
175139
176140
.. code-block:: php
177141
178-
// config/packages/test/security.php
142+
// config/packages/security.php
179143
use App\Entity\User;
144+
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
180145
use Symfony\Config\SecurityConfig;
181146
182-
return static function (SecurityConfig $security): void {
147+
return static function (SecurityConfig $security, ContainerConfigurator $container): void {
183148
// ...
184149
185-
// Use your user class name here
186-
$security->passwordHasher(User::class)
187-
->algorithm('plaintext'); // disable hashing (only do this in tests!)
188-
189-
// or use the lowest possible values
190-
$security->passwordHasher(User::class)
191-
->algorithm('auto') // This should be the same value as in config/packages/security.yaml
192-
->cost(4) // Lowest possible value for bcrypt
193-
->timeCost(2) // Lowest possible value for argon
194-
->memoryCost(10) // Lowest possible value for argon
195-
;
150+
if ('test' === $container->env()) {
151+
// Use your user class name here
152+
$security->passwordHasher(User::class)
153+
->algorithm('auto') // This should be the same value as in config/packages/security.yaml
154+
->cost(4) // Lowest possible value for bcrypt
155+
->timeCost(2) // Lowest possible value for argon
156+
->memoryCost(10) // Lowest possible value for argon
157+
;
158+
}
196159
};
197160
198161
Hashing the Password

0 commit comments

Comments
 (0)