Merge branch '2.3'

fabpot · fabpot · commit 2506b2a0d14a · 2013-10-10T16:19:44.000+02:00
* 2.3:
  bumped Symfony version to 2.3.7
  updated VERSION for 2.3.6
  updated CHANGELOG for 2.3.6
  bumped Symfony version to 2.2.10
  updated VERSION for 2.2.9
  update CONTRIBUTORS for 2.2.9
  updated CHANGELOG for 2.2.9
  [Security] limited the password length passed to encoders
  [HttpKernel] Fixed a test (compiler pass class name has been changed).
  assets:install command should mirror .dotfiles (.htaccess)
  PoFileDumper - PO headers
  removed whitespaces

Conflicts:
	src/Symfony/Component/HttpKernel/Kernel.php
	src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
	src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
	src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
	src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
	src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php
	src/Symfony/Component/Security/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php
	src/Symfony/Component/Security/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php
	src/Symfony/Component/Security/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
diff --git a/Encoder/BCryptPasswordEncoder.php b/Encoder/BCryptPasswordEncoder.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Encoder;
 
 use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 
 /**
  * @author Elnur Abdurrakhimov <elnur@elnur.pro>
@@ -64,7 +65,9 @@ public function __construct($cost)
      */
     public function encodePassword($raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
 
         $options = array('cost' => $this->cost);
 
@@ -80,8 +83,6 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        $this->checkPasswordLength($raw);
-
-        return password_verify($raw, $encoded);
+        return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
     }
 }
diff --git a/Encoder/BasePasswordEncoder.php b/Encoder/BasePasswordEncoder.php
@@ -87,10 +87,13 @@ protected function comparePasswords($password1, $password2)
         return StringUtils::equals($password1, $password2);
     }
 
-    protected function checkPasswordLength($password)
+    /**
+     * Checks if the password is too long.
+     *
+     * @return Boolean true if the password is too long, false otherwise
+     */
+    protected function isPasswordTooLong($password)
     {
-        if (strlen($password) > self::MAX_PASSWORD_LENGTH) {
-            throw new BadCredentialsException('Invalid password.');
-        }
+        return strlen($password) > self::MAX_PASSWORD_LENGTH;
     }
 }
diff --git a/Encoder/MessageDigestPasswordEncoder.php b/Encoder/MessageDigestPasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
 /**
  * MessageDigestPasswordEncoder uses a message digest algorithm.
  *
@@ -41,7 +43,9 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $
      */
     public function encodePassword($raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
 
         if (!in_array($this->algorithm, hash_algos(), true)) {
             throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
@@ -63,8 +67,6 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        $this->checkPasswordLength($raw);
-
-        return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+        return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
     }
 }
diff --git a/Encoder/Pbkdf2PasswordEncoder.php b/Encoder/Pbkdf2PasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
 /**
  * Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2).
  *
@@ -54,7 +56,9 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $
      */
     public function encodePassword($raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
 
         if (!in_array($this->algorithm, hash_algos(), true)) {
             throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
@@ -74,9 +78,7 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        $this->checkPasswordLength($raw);
-
-        return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+        return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
     }
 
     private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
diff --git a/Encoder/PlaintextPasswordEncoder.php b/Encoder/PlaintextPasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
 /**
  * PlaintextPasswordEncoder does not do any encoding.
  *
@@ -35,7 +37,9 @@ public function __construct($ignorePasswordCase = false)
      */
     public function encodePassword($raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
 
         return $this->mergePasswordAndSalt($raw, $salt);
     }
@@ -45,7 +49,9 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        $this->checkPasswordLength($raw);
+        if ($this->isPasswordTooLong($raw)) {
+            return false;
+        }
 
         $pass2 = $this->mergePasswordAndSalt($raw, $salt);
 
diff --git a/Tests/Encoder/BCryptPasswordEncoderTest.php b/Tests/Encoder/BCryptPasswordEncoderTest.php
@@ -64,30 +64,27 @@ public function testValidation()
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
     }
 
+    private function skipIfPhpVersionIsNotSupported()
+    {
+        if (version_compare(phpversion(), '5.3.7', '<')) {
+            $this->markTestSkipped('Requires PHP >= 5.3.7');
+        }
+    }
+
     /**
      * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
      */
     public function testEncodePasswordLength()
     {
-        $encoder = new BCryptPasswordEncoder(4);
+        $encoder = new BCryptPasswordEncoder(self::VALID_COST);
 
         $encoder->encodePassword(str_repeat('a', 5000), 'salt');
     }
 
-    /**
-     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
-     */
     public function testCheckPasswordLength()
     {
-        $encoder = new BCryptPasswordEncoder(4);
-
-        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
-    }
+        $encoder = new BCryptPasswordEncoder(self::VALID_COST);
 
-    private function skipIfPhpVersionIsNotSupported()
-    {
-        if (version_compare(phpversion(), '5.3.7', '<')) {
-            $this->markTestSkipped('Requires PHP >= 5.3.7');
-        }
+        $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
     }
 }
diff --git a/Tests/Encoder/BasePasswordEncoderTest.php b/Tests/Encoder/BasePasswordEncoderTest.php
@@ -53,6 +53,12 @@ public function testMergePasswordAndSaltWithException()
         $this->invokeMergePasswordAndSalt('password', '{foo}');
     }
 
+    public function testIsPasswordTooLong()
+    {
+        $this->assertTrue($this->invokeIsPasswordTooLong(str_repeat('a', 10000)));
+        $this->assertFalse($this->invokeIsPasswordTooLong(str_repeat('a', 10)));
+    }
+
     protected function invokeDemergePasswordAndSalt($password)
     {
         $encoder = new PasswordEncoder();
@@ -82,4 +88,14 @@ protected function invokeComparePasswords($p1, $p2)
 
         return $m->invoke($encoder, $p1, $p2);
     }
+
+    protected function invokeIsPasswordTooLong($p)
+    {
+        $encoder = new PasswordEncoder();
+        $r = new \ReflectionObject($encoder);
+        $m = $r->getMethod('isPasswordTooLong');
+        $m->setAccessible(true);
+
+        return $m->invoke($encoder, $p);
+    }
 }
diff --git a/Tests/Encoder/MessageDigestPasswordEncoderTest.php b/Tests/Encoder/MessageDigestPasswordEncoderTest.php
@@ -53,13 +53,10 @@ public function testEncodePasswordLength()
         $encoder->encodePassword(str_repeat('a', 5000), 'salt');
     }
 
-    /**
-     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
-     */
     public function testCheckPasswordLength()
     {
         $encoder = new MessageDigestPasswordEncoder();
 
-        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+        $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
     }
 }
diff --git a/Tests/Encoder/Pbkdf2PasswordEncoderTest.php b/Tests/Encoder/Pbkdf2PasswordEncoderTest.php
@@ -48,18 +48,15 @@ public function testEncodePasswordAlgorithmDoesNotExist()
      */
     public function testEncodePasswordLength()
     {
-        $encoder = new Pbkdf2PasswordEncoder();
+        $encoder = new Pbkdf2PasswordEncoder('foobar');
 
         $encoder->encodePassword(str_repeat('a', 5000), 'salt');
     }
 
-    /**
-     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
-     */
     public function testCheckPasswordLength()
     {
-        $encoder = new Pbkdf2PasswordEncoder();
+        $encoder = new Pbkdf2PasswordEncoder('foobar');
 
-        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+        $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
     }
 }
diff --git a/Tests/Encoder/PlaintextPasswordEncoderTest.php b/Tests/Encoder/PlaintextPasswordEncoderTest.php
@@ -47,13 +47,10 @@ public function testEncodePasswordLength()
         $encoder->encodePassword(str_repeat('a', 5000), 'salt');
     }
 
-    /**
-     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
-     */
     public function testCheckPasswordLength()
     {
         $encoder = new PlaintextPasswordEncoder();
 
-        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+        $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespace Symfony\Component\Security\Core\Encoder;`
`13`	`13`
`14`	`14`	`use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;`
	`15`	`+use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
`15`	`16`
`16`	`17`	`/**`
`17`	`18`	`* @author Elnur Abdurrakhimov <[email protected]>`
`@@ -64,7 +65,9 @@ public function __construct($cost)`
`64`	`65`	`*/`
`65`	`66`	`public function encodePassword($raw, $salt)`
`66`	`67`	`{`
`67`		`- $this->checkPasswordLength($raw);`
	`68`	`+ if ($this->isPasswordTooLong($raw)) {`
	`69`	`+ throw new BadCredentialsException('Invalid password.');`
	`70`	`+ }`
`68`	`71`
`69`	`72`	`$options = array('cost' => $this->cost);`
`70`	`73`
`@@ -80,8 +83,6 @@ public function encodePassword($raw, $salt)`
`80`	`83`	`*/`
`81`	`84`	`public function isPasswordValid($encoded, $raw, $salt)`
`82`	`85`	`{`
`83`		`- $this->checkPasswordLength($raw);`
`84`		`-`
`85`		`- return password_verify($raw, $encoded);`
	`86`	`+ return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);`
`86`	`87`	`}`
`87`	`88`	`}`
Original file line number	Diff line number	Diff line change
`@@ -87,10 +87,13 @@ protected function comparePasswords($password1, $password2)`
`87`	`87`	`return StringUtils::equals($password1, $password2);`
`88`	`88`	`}`
`89`	`89`
`90`		`- protected function checkPasswordLength($password)`
	`90`	`+ /**`
	`91`	`+ * Checks if the password is too long.`
	`92`	`+ *`
	`93`	`+ * @return Boolean true if the password is too long, false otherwise`
	`94`	`+ */`
	`95`	`+ protected function isPasswordTooLong($password)`
`91`	`96`	`{`
`92`		`- if (strlen($password) > self::MAX_PASSWORD_LENGTH) {`
`93`		`- throw new BadCredentialsException('Invalid password.');`
`94`		`- }`
	`97`	`+ return strlen($password) > self::MAX_PASSWORD_LENGTH;`
`95`	`98`	`}`
`96`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Core\Encoder;`
`13`	`13`
	`14`	`+use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
	`15`	`+`
`14`	`16`	`/**`
`15`	`17`	`* MessageDigestPasswordEncoder uses a message digest algorithm.`
`16`	`18`	`*`
`@@ -41,7 +43,9 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $`
`41`	`43`	`*/`
`42`	`44`	`public function encodePassword($raw, $salt)`
`43`	`45`	`{`
`44`		`- $this->checkPasswordLength($raw);`
	`46`	`+ if ($this->isPasswordTooLong($raw)) {`
	`47`	`+ throw new BadCredentialsException('Invalid password.');`
	`48`	`+ }`
`45`	`49`
`46`	`50`	`if (!in_array($this->algorithm, hash_algos(), true)) {`
`47`	`51`	`throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));`
`@@ -63,8 +67,6 @@ public function encodePassword($raw, $salt)`
`63`	`67`	`*/`
`64`	`68`	`public function isPasswordValid($encoded, $raw, $salt)`
`65`	`69`	`{`
`66`		`- $this->checkPasswordLength($raw);`
`67`		`-`
`68`		`- return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));`
	`70`	`+ return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));`
`69`	`71`	`}`
`70`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,13 +53,10 @@ public function testEncodePasswordLength()`
`53`	`53`	`$encoder->encodePassword(str_repeat('a', 5000), 'salt');`
`54`	`54`	`}`
`55`	`55`
`56`		`- /**`
`57`		`- * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException`
`58`		`- */`
`59`	`56`	`public function testCheckPasswordLength()`
`60`	`57`	`{`
`61`	`58`	`$encoder = new MessageDigestPasswordEncoder();`
`62`	`59`
`63`		`- $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');`
	`60`	`+ $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));`
`64`	`61`	`}`
`65`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,18 +48,15 @@ public function testEncodePasswordAlgorithmDoesNotExist()`
`48`	`48`	`*/`
`49`	`49`	`public function testEncodePasswordLength()`
`50`	`50`	`{`
`51`		`- $encoder = new Pbkdf2PasswordEncoder();`
	`51`	`+ $encoder = new Pbkdf2PasswordEncoder('foobar');`
`52`	`52`
`53`	`53`	`$encoder->encodePassword(str_repeat('a', 5000), 'salt');`
`54`	`54`	`}`
`55`	`55`
`56`		`- /**`
`57`		`- * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException`
`58`		`- */`
`59`	`56`	`public function testCheckPasswordLength()`
`60`	`57`	`{`
`61`		`- $encoder = new Pbkdf2PasswordEncoder();`
	`58`	`+ $encoder = new Pbkdf2PasswordEncoder('foobar');`
`62`	`59`
`63`		`- $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');`
	`60`	`+ $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));`
`64`	`61`	`}`
`65`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -47,13 +47,10 @@ public function testEncodePasswordLength()`
`47`	`47`	`$encoder->encodePassword(str_repeat('a', 5000), 'salt');`
`48`	`48`	`}`
`49`	`49`
`50`		`- /**`
`51`		`- * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException`
`52`		`- */`
`53`	`50`	`public function testCheckPasswordLength()`
`54`	`51`	`{`
`55`	`52`	`$encoder = new PlaintextPasswordEncoder();`
`56`	`53`
`57`		`- $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');`
	`54`	`+ $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));`
`58`	`55`	`}`
`59`	`56`	`}`