[Security] Revise UserPasswordEncoderInterface::needsRehash()

ro0NL · nicolas-grekas · commit d761a33558fd · 2019-07-31T17:09:13.000+02:00
diff --git a/Encoder/UserPasswordEncoder.php b/Encoder/UserPasswordEncoder.php
@@ -50,10 +50,10 @@ public function isPasswordValid(UserInterface $user, $raw)
     /**
      * {@inheritdoc}
      */
-    public function needsRehash(UserInterface $user, string $encoded): bool
+    public function needsRehash(UserInterface $user): bool
     {
         $encoder = $this->encoderFactory->getEncoder($user);
 
-        return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($encoded);
+        return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword());
     }
 }
diff --git a/Encoder/UserPasswordEncoderInterface.php b/Encoder/UserPasswordEncoderInterface.php
@@ -18,7 +18,7 @@
  *
  * @author Ariel Ferrandini <arielferrandini@gmail.com>
  *
- * @method bool needsRehash(UserInterface $user, string $encoded)
+ * @method bool needsRehash(UserInterface $user)
  */
 interface UserPasswordEncoderInterface
 {
diff --git a/Tests/Encoder/UserPasswordEncoderTest.php b/Tests/Encoder/UserPasswordEncoderTest.php
@@ -85,9 +85,9 @@ public function testNeedsRehash()
 
         $passwordEncoder = new UserPasswordEncoder($mockEncoderFactory);
 
-        $hash = $passwordEncoder->encodePassword($user, 'foo', 'salt');
-        $this->assertFalse($passwordEncoder->needsRehash($user, $hash));
-        $this->assertTrue($passwordEncoder->needsRehash($user, $hash));
-        $this->assertFalse($passwordEncoder->needsRehash($user, $hash));
+        $user->setPassword($passwordEncoder->encodePassword($user, 'foo', 'salt'));
+        $this->assertFalse($passwordEncoder->needsRehash($user));
+        $this->assertTrue($passwordEncoder->needsRehash($user));
+        $this->assertFalse($passwordEncoder->needsRehash($user));
     }
 }
diff --git a/User/User.php b/User/User.php
@@ -164,4 +164,9 @@ public function isEqualTo(UserInterface $user)
 
         return true;
     }
+
+    public function setPassword(string $password)
+    {
+        $this->password = $password;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -50,10 +50,10 @@ public function isPasswordValid(UserInterface $user, $raw)`
`50`	`50`	`/**`
`51`	`51`	`* {@inheritdoc}`
`52`	`52`	`*/`
`53`		`- public function needsRehash(UserInterface $user, string $encoded): bool`
	`53`	`+ public function needsRehash(UserInterface $user): bool`
`54`	`54`	`{`
`55`	`55`	`$encoder = $this->encoderFactory->getEncoder($user);`
`56`	`56`
`57`		`- return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($encoded);`
	`57`	`+ return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword());`
`58`	`58`	`}`
`59`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`*`
`19`	`19`	`* @author Ariel Ferrandini <[email protected]>`
`20`	`20`	`*`
`21`		`- * @method bool needsRehash(UserInterface $user, string $encoded)`
	`21`	`+ * @method bool needsRehash(UserInterface $user)`
`22`	`22`	`*/`
`23`	`23`	`interface UserPasswordEncoderInterface`
`24`	`24`	`{`
Original file line number	Diff line number	Diff line change
`@@ -85,9 +85,9 @@ public function testNeedsRehash()`
`85`	`85`
`86`	`86`	`$passwordEncoder = new UserPasswordEncoder($mockEncoderFactory);`
`87`	`87`
`88`		`- $hash = $passwordEncoder->encodePassword($user, 'foo', 'salt');`
`89`		`- $this->assertFalse($passwordEncoder->needsRehash($user, $hash));`
`90`		`- $this->assertTrue($passwordEncoder->needsRehash($user, $hash));`
`91`		`- $this->assertFalse($passwordEncoder->needsRehash($user, $hash));`
	`88`	`+ $user->setPassword($passwordEncoder->encodePassword($user, 'foo', 'salt'));`
	`89`	`+ $this->assertFalse($passwordEncoder->needsRehash($user));`
	`90`	`+ $this->assertTrue($passwordEncoder->needsRehash($user));`
	`91`	`+ $this->assertFalse($passwordEncoder->needsRehash($user));`
`92`	`92`	`}`
`93`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -164,4 +164,9 @@ public function isEqualTo(UserInterface $user)`
`164`	`164`
`165`	`165`	`return true;`
`166`	`166`	`}`
	`167`	`+`
	`168`	`+ public function setPassword(string $password)`
	`169`	`+ {`
	`170`	`+ $this->password = $password;`
	`171`	`+ }`
`167`	`172`	`}`