issue-16: variable d'environnement transposées en configuration

2023-06-14 16:22:33 +02:00 · 2023-06-14 16:22:33 +02:00 · 36aaacfe26
parent ba63c271f9
commit 36aaacfe26
7 changed files with 33 additions and 14 deletions
--- a/.env
+++ b/.env
@ -23,14 +23,15 @@ DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
 # DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
 DB_USER="lasql"
 DB_PASSWORD="lasql"
-
+# url de l'hôte demandant la connexion
 ISSUER_URL="http://localhost:8000"
+# url de hydra sql
 BASE_URL='http://localhost:8080'
 # connexion hydra
 HYDRA_ADMIN_BASE_URL='http://hydra:4445'
 APP_LOCALES="fr,en"
-SECURITY_PATTERN=
-HASH_ALGO_LEGACY="sha256,ssha"
+DEFAULT_LOCALE=fr
+
 ###> symfony/lock ###
 # Choose one of the stores below
 # postgresql+advisory://db_user:db_password@localhost/db_name
--- a/config/services.yaml
+++ b/config/services.yaml
@ -10,8 +10,6 @@ parameters:
    database.password: "%env(resolve:DB_PASSWORD)%"

    # algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
-    env(HASH_ALGO_LEGACY): "sha256"
-    hashAlgoLegacy: '%env(resolve:HASH_ALGO_LEGACY)%'

    # adresse du site hote
    issuer_url: '%env(resolve:ISSUER_URL)%'
@ -22,12 +20,11 @@ parameters:
    default_locale: '%env(DEFAULT_LOCALE)%'
    env(DEFAULT_LOCALE): 'fr'

-    security_pattern: '%env(resolve:SECURITY_PATTERN)%'
    env(APP_LOCALES): "fr,en"
    locales: '%env(APP_LOCALES)%'
    app.supported_locales: ~

-    env(PEPPER): ""
+    env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
    pepper: '%env(resolve:PEPPER)%'
 services:
    # default configuration for services in *this* file
@ -71,7 +68,7 @@ services:
    App\Security\Hasher\PasswordEncoder:
        arguments:
            $pepper: '%pepper%'
-            $hashAlgoLegacy: '%hashAlgoLegacy%'
-            $securityPattern: '%security_pattern%'
+            $hashAlgoLegacy: []
+            $securityPattern: []
    # add more service definitions when explicit configuration is needed
    # please note that last definitions always *replace* previous ones
--- a/config/sql_login_configuration/sql_login.yaml
+++ b/config/sql_login_configuration/sql_login.yaml
@ -6,4 +6,13 @@ sql_login:
  data_to_fetch:
    - email
    - lastname
-    - firstname
+    - firstname
+# ordre des composants du hashage du mot de passe
+  security_pattern:
+    - password
+    - salt
+    - pepper
+  # liste des alogorythmes utilisés pour le hahshage de mot passe
+  hash_algo_list:
+   - ssha
+   - sha256
--- a/src/DependencyInjection/SQLLoginConfiguration.php
+++ b/src/DependencyInjection/SQLLoginConfiguration.php
@ -19,6 +19,12 @@ class SQLLoginConfiguration implements ConfigurationInterface
            ->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
                ->scalarPrototype()->end()
            ->end()
+            ->arrayNode(SQLLoginRequest::SECURITY_PATTERN)
+                ->scalarPrototype()->end()
+            ->end()
+            ->arrayNode(SQLLoginRequest::HASH_ALGO_LIST)
+                ->scalarPrototype()->end()
+            ->end()
        ->end();

        return $treeBuilder;
--- a/src/DependencyInjection/SQLLoginExtension.php
+++ b/src/DependencyInjection/SQLLoginExtension.php
@ -2,6 +2,7 @@

 namespace App\DependencyInjection;

+use App\Security\Hasher\PasswordEncoder;
 use App\SQLLogin\SQLLoginRequest;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@ -23,5 +24,8 @@ class SQLLoginExtension extends Extension implements CompilerPassInterface
    {
        $definition = $container->getDefinition(SQLLoginRequest::class);
        $definition->replaceArgument('$config', $this->sqlLoginConfig);
+        $definitionPasswordEncoder = $container->getDefinition(PasswordEncoder::class);
+        $definitionPasswordEncoder->replaceArgument('$hashAlgoLegacy', $this->sqlLoginConfig[SQLLoginRequest::HASH_ALGO_LIST]);
+        $definitionPasswordEncoder->replaceArgument('$securityPattern', $this->sqlLoginConfig[SQLLoginRequest::SECURITY_PATTERN]);
    }
 }
--- a/src/SQLLogin/SQLLoginRequest.php
+++ b/src/SQLLogin/SQLLoginRequest.php
@ -10,6 +10,8 @@ class SQLLoginRequest
    public const PASSWORD_COLUMN_NAME = 'password_column_name';
    public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
    public const TABLE_NAME = 'table_name';
+    public const SECURITY_PATTERN = 'security_pattern';
+    public const HASH_ALGO_LIST = 'hash_algo_list';

    protected array $config;
    protected string $dsn;
--- a/src/Security/Hasher/PasswordEncoder.php
+++ b/src/Security/Hasher/PasswordEncoder.php
@ -19,11 +19,11 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
    protected array $hashAlgoLegacy;
    protected array $securityPattern;

-    public function __construct(?string $pepper, string $hashAlgoLegacy, string $securityPattern)
+    public function __construct(?string $pepper, array $hashAlgoLegacy, array $securityPattern)
    {
        $this->pepper = $pepper;
-        $this->hashAlgoLegacy = explode(',', $hashAlgoLegacy);
-        $this->securityPattern = explode(',', $securityPattern);
+        $this->hashAlgoLegacy = $hashAlgoLegacy;
+        $this->securityPattern = $securityPattern;
    }

    /**
@ -90,7 +90,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
        ];

        foreach ($this->securityPattern as $term) {
-            if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
+            if (!isset($arrayRef[$term])) {
                throw new InvalidSQLLoginConfigurationException();
            }
        }