issue-16: variable d'environnement transposées en configuration
This commit is contained in:
parent
ba63c271f9
commit
36aaacfe26
7
.env
7
.env
|
@ -23,14 +23,15 @@ DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
|
|||
# DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
|
||||
DB_USER="lasql"
|
||||
DB_PASSWORD="lasql"
|
||||
|
||||
# url de l'hôte demandant la connexion
|
||||
ISSUER_URL="http://localhost:8000"
|
||||
# url de hydra sql
|
||||
BASE_URL='http://localhost:8080'
|
||||
# connexion hydra
|
||||
HYDRA_ADMIN_BASE_URL='http://hydra:4445'
|
||||
APP_LOCALES="fr,en"
|
||||
SECURITY_PATTERN=
|
||||
HASH_ALGO_LEGACY="sha256,ssha"
|
||||
DEFAULT_LOCALE=fr
|
||||
|
||||
###> symfony/lock ###
|
||||
# Choose one of the stores below
|
||||
# postgresql+advisory://db_user:db_password@localhost/db_name
|
||||
|
|
|
@ -10,8 +10,6 @@ parameters:
|
|||
database.password: "%env(resolve:DB_PASSWORD)%"
|
||||
|
||||
# algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
|
||||
env(HASH_ALGO_LEGACY): "sha256"
|
||||
hashAlgoLegacy: '%env(resolve:HASH_ALGO_LEGACY)%'
|
||||
|
||||
# adresse du site hote
|
||||
issuer_url: '%env(resolve:ISSUER_URL)%'
|
||||
|
@ -22,12 +20,11 @@ parameters:
|
|||
default_locale: '%env(DEFAULT_LOCALE)%'
|
||||
env(DEFAULT_LOCALE): 'fr'
|
||||
|
||||
security_pattern: '%env(resolve:SECURITY_PATTERN)%'
|
||||
env(APP_LOCALES): "fr,en"
|
||||
locales: '%env(APP_LOCALES)%'
|
||||
app.supported_locales: ~
|
||||
|
||||
env(PEPPER): ""
|
||||
env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
|
||||
pepper: '%env(resolve:PEPPER)%'
|
||||
services:
|
||||
# default configuration for services in *this* file
|
||||
|
@ -71,7 +68,7 @@ services:
|
|||
App\Security\Hasher\PasswordEncoder:
|
||||
arguments:
|
||||
$pepper: '%pepper%'
|
||||
$hashAlgoLegacy: '%hashAlgoLegacy%'
|
||||
$securityPattern: '%security_pattern%'
|
||||
$hashAlgoLegacy: []
|
||||
$securityPattern: []
|
||||
# add more service definitions when explicit configuration is needed
|
||||
# please note that last definitions always *replace* previous ones
|
||||
|
|
|
@ -6,4 +6,13 @@ sql_login:
|
|||
data_to_fetch:
|
||||
- email
|
||||
- lastname
|
||||
- firstname
|
||||
- firstname
|
||||
# ordre des composants du hashage du mot de passe
|
||||
security_pattern:
|
||||
- password
|
||||
- salt
|
||||
- pepper
|
||||
# liste des alogorythmes utilisés pour le hahshage de mot passe
|
||||
hash_algo_list:
|
||||
- ssha
|
||||
- sha256
|
|
@ -19,6 +19,12 @@ class SQLLoginConfiguration implements ConfigurationInterface
|
|||
->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
|
||||
->scalarPrototype()->end()
|
||||
->end()
|
||||
->arrayNode(SQLLoginRequest::SECURITY_PATTERN)
|
||||
->scalarPrototype()->end()
|
||||
->end()
|
||||
->arrayNode(SQLLoginRequest::HASH_ALGO_LIST)
|
||||
->scalarPrototype()->end()
|
||||
->end()
|
||||
->end();
|
||||
|
||||
return $treeBuilder;
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace App\DependencyInjection;
|
||||
|
||||
use App\Security\Hasher\PasswordEncoder;
|
||||
use App\SQLLogin\SQLLoginRequest;
|
||||
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
|
||||
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
||||
|
@ -23,5 +24,8 @@ class SQLLoginExtension extends Extension implements CompilerPassInterface
|
|||
{
|
||||
$definition = $container->getDefinition(SQLLoginRequest::class);
|
||||
$definition->replaceArgument('$config', $this->sqlLoginConfig);
|
||||
$definitionPasswordEncoder = $container->getDefinition(PasswordEncoder::class);
|
||||
$definitionPasswordEncoder->replaceArgument('$hashAlgoLegacy', $this->sqlLoginConfig[SQLLoginRequest::HASH_ALGO_LIST]);
|
||||
$definitionPasswordEncoder->replaceArgument('$securityPattern', $this->sqlLoginConfig[SQLLoginRequest::SECURITY_PATTERN]);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,6 +10,8 @@ class SQLLoginRequest
|
|||
public const PASSWORD_COLUMN_NAME = 'password_column_name';
|
||||
public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
|
||||
public const TABLE_NAME = 'table_name';
|
||||
public const SECURITY_PATTERN = 'security_pattern';
|
||||
public const HASH_ALGO_LIST = 'hash_algo_list';
|
||||
|
||||
protected array $config;
|
||||
protected string $dsn;
|
||||
|
|
|
@ -19,11 +19,11 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
|||
protected array $hashAlgoLegacy;
|
||||
protected array $securityPattern;
|
||||
|
||||
public function __construct(?string $pepper, string $hashAlgoLegacy, string $securityPattern)
|
||||
public function __construct(?string $pepper, array $hashAlgoLegacy, array $securityPattern)
|
||||
{
|
||||
$this->pepper = $pepper;
|
||||
$this->hashAlgoLegacy = explode(',', $hashAlgoLegacy);
|
||||
$this->securityPattern = explode(',', $securityPattern);
|
||||
$this->hashAlgoLegacy = $hashAlgoLegacy;
|
||||
$this->securityPattern = $securityPattern;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -90,7 +90,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
|||
];
|
||||
|
||||
foreach ($this->securityPattern as $term) {
|
||||
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
|
||||
if (!isset($arrayRef[$term])) {
|
||||
throw new InvalidSQLLoginConfigurationException();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue