vendor/symfony/security-core/Encoder/EncoderFactory.php line 20

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Core\Encoder;
  14. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherAwareInterface;
  15. use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;
  16. use Symfony\Component\PasswordHasher\LegacyPasswordHasherInterface;
  17. use Symfony\Component\PasswordHasher\PasswordHasherInterface;
  18. use Symfony\Component\Security\Core\Exception\LogicException;
  20. trigger_deprecation('symfony/security-core''5.3''The "%s" class is deprecated, use "%s" instead.'EncoderFactory::class, PasswordHasherFactory::class);
  22. /**
  23.  * A generic encoder factory implementation.
  24.  *
  25.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  26.  *
  27.  * @deprecated since Symfony 5.3, use {@link PasswordHasherFactory} instead
  28.  */
  29. class EncoderFactory implements EncoderFactoryInterface
  30. {
  31.     private $encoders;
  33.     public function __construct(array $encoders)
  34.     {
  35.         $this->encoders $encoders;
  36.     }
  38.     /**
  39.      * {@inheritdoc}
  40.      */
  41.     public function getEncoder($user)
  42.     {
  43.         $encoderKey null;
  45.         if (($user instanceof PasswordHasherAwareInterface && null !== $encoderName $user->getPasswordHasherName()) || ($user instanceof EncoderAwareInterface && null !== $encoderName $user->getEncoderName())) {
  46.             if (!\array_key_exists($encoderName$this->encoders)) {
  47.                 throw new \RuntimeException(sprintf('The encoder "%s" was not configured.'$encoderName));
  48.             }
  50.             $encoderKey $encoderName;
  51.         } else {
  52.             foreach ($this->encoders as $class => $encoder) {
  53.                 if ((\is_object($user) && $user instanceof $class) || (!\is_object($user) && (is_subclass_of($user$class) || $user == $class))) {
  54.                     $encoderKey $class;
  55.                     break;
  56.                 }
  57.             }
  58.         }
  60.         if (null === $encoderKey) {
  61.             throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".'\is_object($user) ? get_debug_type($user) : $user));
  62.         }
  64.         if (!$this->encoders[$encoderKey] instanceof PasswordEncoderInterface) {
  65.             if ($this->encoders[$encoderKey] instanceof LegacyPasswordHasherInterface) {
  66.                 $this->encoders[$encoderKey] = new LegacyPasswordHasherEncoder($this->encoders[$encoderKey]);
  67.             } elseif ($this->encoders[$encoderKey] instanceof PasswordHasherInterface) {
  68.                 $this->encoders[$encoderKey] = new PasswordHasherEncoder($this->encoders[$encoderKey]);
  69.             } else {
  70.                 $this->encoders[$encoderKey] = $this->createEncoder($this->encoders[$encoderKey]);
  71.             }
  72.         }
  74.         return $this->encoders[$encoderKey];
  75.     }
  77.     /**
  78.      * Creates the actual encoder instance.
  79.      *
  80.      * @throws \InvalidArgumentException
  81.      */
  82.     private function createEncoder(array $configbool $isExtra false): PasswordEncoderInterface
  83.     {
  84.         if (isset($config['algorithm'])) {
  85.             $rawConfig $config;
  86.             $config $this->getEncoderConfigFromAlgorithm($config);
  87.         }
  88.         if (!isset($config['class'])) {
  89.             throw new \InvalidArgumentException('"class" must be set in '.json_encode($config));
  90.         }
  91.         if (!isset($config['arguments'])) {
  92.             throw new \InvalidArgumentException('"arguments" must be set in '.json_encode($config));
  93.         }
  95.         $encoder = new $config['class'](...$config['arguments']);
  97.         if ($isExtra || !\in_array($config['class'], [NativePasswordEncoder::class, SodiumPasswordEncoder::class], true)) {
  98.             return $encoder;
  99.         }
  101.         if ($rawConfig ?? null) {
  102.             $extraEncoders array_map(function (string $algo) use ($rawConfig): PasswordEncoderInterface {
  103.                 $rawConfig['algorithm'] = $algo;
  105.                 return $this->createEncoder($rawConfig);
  106.             }, ['pbkdf2'$rawConfig['hash_algorithm'] ?? 'sha512']);
  107.         } else {
  108.             $extraEncoders = [new Pbkdf2PasswordEncoder(), new MessageDigestPasswordEncoder()];
  109.         }
  111.         return new MigratingPasswordEncoder($encoder, ...$extraEncoders);
  112.     }
  114.     private function getEncoderConfigFromAlgorithm(array $config): array
  115.     {
  116.         if ('auto' === $config['algorithm']) {
  117.             $encoderChain = [];
  118.             // "plaintext" is not listed as any leaked hashes could then be used to authenticate directly
  119.             foreach ([SodiumPasswordEncoder::isSupported() ? 'sodium' 'native''pbkdf2'$config['hash_algorithm']] as $algo) {
  120.                 $config['algorithm'] = $algo;
  121.                 $encoderChain[] = $this->createEncoder($configtrue);
  122.             }
  124.             return [
  125.                 'class' => MigratingPasswordEncoder::class,
  126.                 'arguments' => $encoderChain,
  127.             ];
  128.         }
  130.         if ($fromEncoders = ($config['migrate_from'] ?? false)) {
  131.             unset($config['migrate_from']);
  132.             $encoderChain = [$this->createEncoder($configtrue)];
  134.             foreach ($fromEncoders as $name) {
  135.                 if ($encoder $this->encoders[$name] ?? false) {
  136.                     $encoder $encoder instanceof PasswordEncoderInterface $encoder $this->createEncoder($encodertrue);
  137.                 } else {
  138.                     $encoder $this->createEncoder(['algorithm' => $name], true);
  139.                 }
  141.                 $encoderChain[] = $encoder;
  142.             }
  144.             return [
  145.                 'class' => MigratingPasswordEncoder::class,
  146.                 'arguments' => $encoderChain,
  147.             ];
  148.         }
  150.         switch ($config['algorithm']) {
  151.             case 'plaintext':
  152.                 return [
  153.                     'class' => PlaintextPasswordEncoder::class,
  154.                     'arguments' => [$config['ignore_case']],
  155.                 ];
  157.             case 'pbkdf2':
  158.                 return [
  159.                     'class' => Pbkdf2PasswordEncoder::class,
  160.                     'arguments' => [
  161.                         $config['hash_algorithm'] ?? 'sha512',
  162.                         $config['encode_as_base64'] ?? true,
  163.                         $config['iterations'] ?? 1000,
  164.                         $config['key_length'] ?? 40,
  165.                     ],
  166.                 ];
  168.             case 'bcrypt':
  169.                 $config['algorithm'] = 'native';
  170.                 $config['native_algorithm'] = \PASSWORD_BCRYPT;
  172.                 return $this->getEncoderConfigFromAlgorithm($config);
  174.             case 'native':
  175.                 return [
  176.                     'class' => NativePasswordEncoder::class,
  177.                     'arguments' => [
  178.                         $config['time_cost'] ?? null,
  179.                         (($config['memory_cost'] ?? 0) << 10) ?: null,
  180.                         $config['cost'] ?? null,
  181.                     ] + (isset($config['native_algorithm']) ? [=> $config['native_algorithm']] : []),
  182.                 ];
  184.             case 'sodium':
  185.                 return [
  186.                     'class' => SodiumPasswordEncoder::class,
  187.                     'arguments' => [
  188.                         $config['time_cost'] ?? null,
  189.                         (($config['memory_cost'] ?? 0) << 10) ?: null,
  190.                     ],
  191.                 ];
  193.             case 'argon2i':
  194.                 if (SodiumPasswordEncoder::isSupported() && !\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
  195.                     $config['algorithm'] = 'sodium';
  196.                 } elseif (\defined('PASSWORD_ARGON2I')) {
  197.                     $config['algorithm'] = 'native';
  198.                     $config['native_algorithm'] = \PASSWORD_ARGON2I;
  199.                 } else {
  200.                     throw new LogicException(sprintf('Algorithm "argon2i" is not available. Either use %s"auto" or upgrade to PHP 7.2+ instead.'\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13') ? '"argon2id", ' ''));
  201.                 }
  203.                 return $this->getEncoderConfigFromAlgorithm($config);
  205.             case 'argon2id':
  206.                 if (($hasSodium SodiumPasswordEncoder::isSupported()) && \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
  207.                     $config['algorithm'] = 'sodium';
  208.                 } elseif (\defined('PASSWORD_ARGON2ID')) {
  209.                     $config['algorithm'] = 'native';
  210.                     $config['native_algorithm'] = \PASSWORD_ARGON2ID;
  211.                 } else {
  212.                     throw new LogicException(sprintf('Algorithm "argon2id" is not available. Either use %s"auto", upgrade to PHP 7.3+ or use libsodium 1.0.15+ instead.'\defined('PASSWORD_ARGON2I') || $hasSodium '"argon2i", ' ''));
  213.                 }
  215.                 return $this->getEncoderConfigFromAlgorithm($config);
  216.         }
  218.         return [
  219.             'class' => MessageDigestPasswordEncoder::class,
  220.             'arguments' => [
  221.                 $config['algorithm'],
  222.                 $config['encode_as_base64'] ?? true,
  223.                 $config['iterations'] ?? 5000,
  224.             ],
  225.         ];
  226.     }
  227. }