Skip to content

[SecurityBundle] register alias for argument for password hasher #60371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chalasr merged 2 commits into from
Jun 11, 2025
Merged

[SecurityBundle] register alias for argument for password hasher #60371

chalasr merged 2 commits into from
Jun 11, 2025

Conversation

@lyrixx
Copy link
Member

@lyrixx lyrixx commented May 7, 2025
edited
Loading

Q A
Branch? 7.3
Bug fix? no
New feature? yes
Deprecations? no
Issues
License MIT

This is a new feature, but I want to gather feedback before finishing the PR (meta + doc + test)

I need to hash some sensitive data in my database (2FA recovery code).
They are not tied to a specific class. So I need a "raw hasher".

ATM, I'm able to write:

security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
        recovery_code: auto

But to get it, I need to write:

    public function homepage(PasswordHasherFactoryInterface $p): Response
    {
        $password = 'password';
        $hash = $p->getPasswordHasher('recovery_code')->hash($password);
        dd($hash);

There is an extra steps here (low of demeter...)

With this PR, I propose an alternative:

class HomepageController extends AbstractController
{
    public function __construct(
        #[Target('recovery_code')]
        private readonly PasswordHasherInterface $passwordHasher,
    ) {
    }

    #[Route('/')]
    public function index(): Response
    {
        dd($this->passwordHasher->hash('aaa'));

DX is extra smooth. If I forgot the Target Attribute:

image

@lyrixx lyrixx requested a review from chalasr as a code owner May 7, 2025 10:10
@carsonbot carsonbot added this to the 7.3 milestone May 7, 2025
@lyrixx lyrixx force-pushed the security-password-hasher branch from 2216356 to 576f604 Compare May 14, 2025 09:10
@lyrixx
Copy link
Member Author

lyrixx commented May 14, 2025

@nicolas-grekas I addressed your comments, added tests, and updated CHANGELOG.md

@lyrixx lyrixx force-pushed the security-password-hasher branch from 576f604 to 9b50bc9 Compare May 14, 2025 09:11
@lyrixx lyrixx force-pushed the security-password-hasher branch from 9b50bc9 to c6051e3 Compare May 14, 2025 09:38
chalasr
chalasr approved these changes May 14, 2025
View reviewed changes
Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great 👍

@fabpot fabpot modified the milestones: 7.3, 7.4 May 26, 2025
fabpot
fabpot requested changes May 29, 2025
View reviewed changes
@lyrixx lyrixx closed this Jun 4, 2025
@lyrixx lyrixx force-pushed the security-password-hasher branch from c6051e3 to c1d73b1 Compare June 4, 2025 09:40
@stof

This comment was marked as resolved.

Sign in to view
@lyrixx

This comment was marked as resolved.

Sign in to view
@lyrixx

This comment was marked as resolved.

Sign in to view
@lyrixx lyrixx reopened this Jun 4, 2025
chalasr
chalasr requested changes Jun 11, 2025
View reviewed changes
@chalasr
Copy link
Member

chalasr commented Jun 11, 2025

Thank you @lyrixx.

@chalasr chalasr merged commit 4331e59 into symfony:7.4 Jun 11, 2025
11 checks passed
@chalasr chalasr mentioned this pull request Jun 11, 2025
Closed
@lyrixx lyrixx deleted the security-password-hasher branch August 6, 2025 15:53
This was referenced Oct 27, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabpot fabpot fabpot requested changes

@chalasr chalasr chalasr requested changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@stof stof stof approved these changes

Assignees

No one assigned

Labels

Feature SecurityBundle Status: Reviewed

Projects

None yet

Milestone

7.4

Development

Successfully merging this pull request may close these issues.

6 participants

@lyrixx @stof @chalasr @fabpot @nicolas-grekas @carsonbot