vendor/symfony/security-core/Encoder/EncoderFactory.php line 20

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Encoder;
  14. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherAwareInterface;
  15. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;
  16. use Symfony\Component\PasswordHasher\LegacyPasswordHasherInterface;
  17. use Symfony\Component\PasswordHasher\PasswordHasherInterface;
  18. use Symfony\Component\Security\Core\Exception\LogicException;
  20. trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" instead.', EncoderFactory::class, PasswordHasherFactory::class);
  22. /**
  23. * A generic encoder factory implementation.
  24. *
  25. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  26. *
  27. * @deprecated since Symfony 5.3, use {@link PasswordHasherFactory} instead
  28. */
  29. class EncoderFactory implements EncoderFactoryInterface
  30. {
  31. private $encoders;
  33. public function __construct(array $encoders)
  34. {
  35. $this->encoders = $encoders;
  36. }
  38. /**
  39. * {@inheritdoc}
  40. */
  41. public function getEncoder($user)
  42. {
  43. $encoderKey = null;
  45. if (($user instanceof PasswordHasherAwareInterface && null !== $encoderName = $user->getPasswordHasherName()) || ($user instanceof EncoderAwareInterface && null !== $encoderName = $user->getEncoderName())) {
  46. if (!\array_key_exists($encoderName, $this->encoders)) {
  47. throw new \RuntimeException(sprintf('The encoder "%s" was not configured.', $encoderName));
  48. }
  50. $encoderKey = $encoderName;
  51. } else {
  52. foreach ($this->encoders as $class => $encoder) {
  53. if ((\is_object($user) && $user instanceof $class) || (!\is_object($user) && (is_subclass_of($user, $class) || $user == $class))) {
  54. $encoderKey = $class;
  55. break;
  56. }
  57. }
  58. }
  60. if (null === $encoderKey) {
  61. throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', \is_object($user) ? get_debug_type($user) : $user));
  62. }
  64. if (!$this->encoders[$encoderKey] instanceof PasswordEncoderInterface) {
  65. if ($this->encoders[$encoderKey] instanceof LegacyPasswordHasherInterface) {
  66. $this->encoders[$encoderKey] = new LegacyPasswordHasherEncoder($this->encoders[$encoderKey]);
  67. } elseif ($this->encoders[$encoderKey] instanceof PasswordHasherInterface) {
  68. $this->encoders[$encoderKey] = new PasswordHasherEncoder($this->encoders[$encoderKey]);
  69. } else {
  70. $this->encoders[$encoderKey] = $this->createEncoder($this->encoders[$encoderKey]);
  71. }
  72. }
  74. return $this->encoders[$encoderKey];
  75. }
  77. /**
  78. * Creates the actual encoder instance.
  79. *
  80. * @throws \InvalidArgumentException
  81. */
  82. private function createEncoder(array $config, bool $isExtra = false): PasswordEncoderInterface
  83. {
  84. if (isset($config['algorithm'])) {
  85. $rawConfig = $config;
  86. $config = $this->getEncoderConfigFromAlgorithm($config);
  87. }
  88. if (!isset($config['class'])) {
  89. throw new \InvalidArgumentException('"class" must be set in '.json_encode($config));
  90. }
  91. if (!isset($config['arguments'])) {
  92. throw new \InvalidArgumentException('"arguments" must be set in '.json_encode($config));
  93. }
  95. $encoder = new $config['class'](...$config['arguments']);
  97. if ($isExtra || !\in_array($config['class'], [NativePasswordEncoder::class, SodiumPasswordEncoder::class], true)) {
  98. return $encoder;
  99. }
  101. if ($rawConfig ?? null) {
  102. $extraEncoders = array_map(function (string $algo) use ($rawConfig): PasswordEncoderInterface {
  103. $rawConfig['algorithm'] = $algo;
  105. return $this->createEncoder($rawConfig);
  106. }, ['pbkdf2', $rawConfig['hash_algorithm'] ?? 'sha512']);
  107. } else {
  108. $extraEncoders = [new Pbkdf2PasswordEncoder(), new MessageDigestPasswordEncoder()];
  109. }
  111. return new MigratingPasswordEncoder($encoder, ...$extraEncoders);
  112. }
  114. private function getEncoderConfigFromAlgorithm(array $config): array
  115. {
  116. if ('auto' === $config['algorithm']) {
  117. $encoderChain = [];
  118. // "plaintext" is not listed as any leaked hashes could then be used to authenticate directly
  119. foreach ([SodiumPasswordEncoder::isSupported() ? 'sodium' : 'native', 'pbkdf2', $config['hash_algorithm']] as $algo) {
  120. $config['algorithm'] = $algo;
  121. $encoderChain[] = $this->createEncoder($config, true);
  122. }
  124. return [
  125. 'class' => MigratingPasswordEncoder::class,
  126. 'arguments' => $encoderChain,
  127. ];
  128. }
  130. if ($fromEncoders = ($config['migrate_from'] ?? false)) {
  131. unset($config['migrate_from']);
  132. $encoderChain = [$this->createEncoder($config, true)];
  134. foreach ($fromEncoders as $name) {
  135. if ($encoder = $this->encoders[$name] ?? false) {
  136. $encoder = $encoder instanceof PasswordEncoderInterface ? $encoder : $this->createEncoder($encoder, true);
  137. } else {
  138. $encoder = $this->createEncoder(['algorithm' => $name], true);
  139. }
  141. $encoderChain[] = $encoder;
  142. }
  144. return [
  145. 'class' => MigratingPasswordEncoder::class,
  146. 'arguments' => $encoderChain,
  147. ];
  148. }
  150. switch ($config['algorithm']) {
  151. case 'plaintext':
  152. return [
  153. 'class' => PlaintextPasswordEncoder::class,
  154. 'arguments' => [$config['ignore_case']],
  155. ];
  157. case 'pbkdf2':
  158. return [
  159. 'class' => Pbkdf2PasswordEncoder::class,
  160. 'arguments' => [
  161. $config['hash_algorithm'] ?? 'sha512',
  162. $config['encode_as_base64'] ?? true,
  163. $config['iterations'] ?? 1000,
  164. $config['key_length'] ?? 40,
  165. ],
  166. ];
  168. case 'bcrypt':
  169. $config['algorithm'] = 'native';
  170. $config['native_algorithm'] = \PASSWORD_BCRYPT;
  172. return $this->getEncoderConfigFromAlgorithm($config);
  174. case 'native':
  175. return [
  176. 'class' => NativePasswordEncoder::class,
  177. 'arguments' => [
  178. $config['time_cost'] ?? null,
  179. (($config['memory_cost'] ?? 0) << 10) ?: null,
  180. $config['cost'] ?? null,
  181. ] + (isset($config['native_algorithm']) ? [3 => $config['native_algorithm']] : []),
  182. ];
  184. case 'sodium':
  185. return [
  186. 'class' => SodiumPasswordEncoder::class,
  187. 'arguments' => [
  188. $config['time_cost'] ?? null,
  189. (($config['memory_cost'] ?? 0) << 10) ?: null,
  190. ],
  191. ];
  193. case 'argon2i':
  194. if (SodiumPasswordEncoder::isSupported() && !\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
  195. $config['algorithm'] = 'sodium';
  196. } elseif (\defined('PASSWORD_ARGON2I')) {
  197. $config['algorithm'] = 'native';
  198. $config['native_algorithm'] = \PASSWORD_ARGON2I;
  199. } else {
  200. throw new LogicException(sprintf('Algorithm "argon2i" is not available. Either use %s"auto" or upgrade to PHP 7.2+ instead.', \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13') ? '"argon2id", ' : ''));
  201. }
  203. return $this->getEncoderConfigFromAlgorithm($config);
  205. case 'argon2id':
  206. if (($hasSodium = SodiumPasswordEncoder::isSupported()) && \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
  207. $config['algorithm'] = 'sodium';
  208. } elseif (\defined('PASSWORD_ARGON2ID')) {
  209. $config['algorithm'] = 'native';
  210. $config['native_algorithm'] = \PASSWORD_ARGON2ID;
  211. } else {
  212. throw new LogicException(sprintf('Algorithm "argon2id" is not available. Either use %s"auto", upgrade to PHP 7.3+ or use libsodium 1.0.15+ instead.', \defined('PASSWORD_ARGON2I') || $hasSodium ? '"argon2i", ' : ''));
  213. }
  215. return $this->getEncoderConfigFromAlgorithm($config);
  216. }
  218. return [
  219. 'class' => MessageDigestPasswordEncoder::class,
  220. 'arguments' => [
  221. $config['algorithm'],
  222. $config['encode_as_base64'] ?? true,
  223. $config['iterations'] ?? 5000,
  224. ],
  225. ];
  226. }
  227. }