From 36aaacfe26f8d4a4693b0a2ca9f866cdcd03ac68 Mon Sep 17 00:00:00 2001
From: rudy <rmasson@cadoles.com>
Date: Wed, 14 Jun 2023 16:22:33 +0200
Subject: [PATCH] =?UTF-8?q?issue-16:=20variable=20d'environnement=20transp?=
 =?UTF-8?q?os=C3=A9es=20en=20configuration?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env                                              |  7 ++++---
 config/services.yaml                              |  9 +++------
 config/sql_login_configuration/sql_login.yaml     | 11 ++++++++++-
 src/DependencyInjection/SQLLoginConfiguration.php |  6 ++++++
 src/DependencyInjection/SQLLoginExtension.php     |  4 ++++
 src/SQLLogin/SQLLoginRequest.php                  |  2 ++
 src/Security/Hasher/PasswordEncoder.php           |  8 ++++----
 7 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/.env b/.env
index 97e916a..75f88e0 100644
--- a/.env
+++ b/.env
@@ -23,14 +23,15 @@ DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
 # DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
 DB_USER="lasql"
 DB_PASSWORD="lasql"
-
+# url de l'hôte demandant la connexion
 ISSUER_URL="http://localhost:8000"
+# url de hydra sql
 BASE_URL='http://localhost:8080'
 # connexion hydra
 HYDRA_ADMIN_BASE_URL='http://hydra:4445'
 APP_LOCALES="fr,en"
-SECURITY_PATTERN=
-HASH_ALGO_LEGACY="sha256,ssha"
+DEFAULT_LOCALE=fr
+
 ###> symfony/lock ###
 # Choose one of the stores below
 # postgresql+advisory://db_user:db_password@localhost/db_name
diff --git a/config/services.yaml b/config/services.yaml
index 19a755d..b02033e 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -10,8 +10,6 @@ parameters:
     database.password: "%env(resolve:DB_PASSWORD)%"
 
     # algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
-    env(HASH_ALGO_LEGACY): "sha256"
-    hashAlgoLegacy: '%env(resolve:HASH_ALGO_LEGACY)%'
 
     # adresse du site hote
     issuer_url: '%env(resolve:ISSUER_URL)%'
@@ -22,12 +20,11 @@ parameters:
     default_locale: '%env(DEFAULT_LOCALE)%'
     env(DEFAULT_LOCALE): 'fr'
 
-    security_pattern: '%env(resolve:SECURITY_PATTERN)%'
     env(APP_LOCALES): "fr,en"
     locales: '%env(APP_LOCALES)%'
     app.supported_locales: ~
 
-    env(PEPPER): ""
+    env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
     pepper: '%env(resolve:PEPPER)%'
 services:
     # default configuration for services in *this* file
@@ -71,7 +68,7 @@ services:
     App\Security\Hasher\PasswordEncoder:
         arguments:
             $pepper: '%pepper%'
-            $hashAlgoLegacy: '%hashAlgoLegacy%'
-            $securityPattern: '%security_pattern%'
+            $hashAlgoLegacy: []
+            $securityPattern: []
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
diff --git a/config/sql_login_configuration/sql_login.yaml b/config/sql_login_configuration/sql_login.yaml
index 2a1d5c8..2ea9de1 100644
--- a/config/sql_login_configuration/sql_login.yaml
+++ b/config/sql_login_configuration/sql_login.yaml
@@ -6,4 +6,13 @@ sql_login:
   data_to_fetch:
     - email
     - lastname
-    - firstname
\ No newline at end of file
+    - firstname
+# ordre des composants du hashage du mot de passe
+  security_pattern:
+    - password
+    - salt
+    - pepper
+  # liste des alogorythmes utilisés pour le hahshage de mot passe
+  hash_algo_list:
+   - ssha
+   - sha256
\ No newline at end of file
diff --git a/src/DependencyInjection/SQLLoginConfiguration.php b/src/DependencyInjection/SQLLoginConfiguration.php
index 8262e2a..ce3e702 100644
--- a/src/DependencyInjection/SQLLoginConfiguration.php
+++ b/src/DependencyInjection/SQLLoginConfiguration.php
@@ -19,6 +19,12 @@ class SQLLoginConfiguration implements ConfigurationInterface
             ->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
                 ->scalarPrototype()->end()
             ->end()
+            ->arrayNode(SQLLoginRequest::SECURITY_PATTERN)
+                ->scalarPrototype()->end()
+            ->end()
+            ->arrayNode(SQLLoginRequest::HASH_ALGO_LIST)
+                ->scalarPrototype()->end()
+            ->end()
         ->end();
 
         return $treeBuilder;
diff --git a/src/DependencyInjection/SQLLoginExtension.php b/src/DependencyInjection/SQLLoginExtension.php
index c1fd858..3a434f4 100644
--- a/src/DependencyInjection/SQLLoginExtension.php
+++ b/src/DependencyInjection/SQLLoginExtension.php
@@ -2,6 +2,7 @@
 
 namespace App\DependencyInjection;
 
+use App\Security\Hasher\PasswordEncoder;
 use App\SQLLogin\SQLLoginRequest;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -23,5 +24,8 @@ class SQLLoginExtension extends Extension implements CompilerPassInterface
     {
         $definition = $container->getDefinition(SQLLoginRequest::class);
         $definition->replaceArgument('$config', $this->sqlLoginConfig);
+        $definitionPasswordEncoder = $container->getDefinition(PasswordEncoder::class);
+        $definitionPasswordEncoder->replaceArgument('$hashAlgoLegacy', $this->sqlLoginConfig[SQLLoginRequest::HASH_ALGO_LIST]);
+        $definitionPasswordEncoder->replaceArgument('$securityPattern', $this->sqlLoginConfig[SQLLoginRequest::SECURITY_PATTERN]);
     }
 }
diff --git a/src/SQLLogin/SQLLoginRequest.php b/src/SQLLogin/SQLLoginRequest.php
index 90fbba3..cc17b93 100644
--- a/src/SQLLogin/SQLLoginRequest.php
+++ b/src/SQLLogin/SQLLoginRequest.php
@@ -10,6 +10,8 @@ class SQLLoginRequest
     public const PASSWORD_COLUMN_NAME = 'password_column_name';
     public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
     public const TABLE_NAME = 'table_name';
+    public const SECURITY_PATTERN = 'security_pattern';
+    public const HASH_ALGO_LIST = 'hash_algo_list';
 
     protected array $config;
     protected string $dsn;
diff --git a/src/Security/Hasher/PasswordEncoder.php b/src/Security/Hasher/PasswordEncoder.php
index 5edaf71..4927f4c 100644
--- a/src/Security/Hasher/PasswordEncoder.php
+++ b/src/Security/Hasher/PasswordEncoder.php
@@ -19,11 +19,11 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
     protected array $hashAlgoLegacy;
     protected array $securityPattern;
 
-    public function __construct(?string $pepper, string $hashAlgoLegacy, string $securityPattern)
+    public function __construct(?string $pepper, array $hashAlgoLegacy, array $securityPattern)
     {
         $this->pepper = $pepper;
-        $this->hashAlgoLegacy = explode(',', $hashAlgoLegacy);
-        $this->securityPattern = explode(',', $securityPattern);
+        $this->hashAlgoLegacy = $hashAlgoLegacy;
+        $this->securityPattern = $securityPattern;
     }
 
     /**
@@ -90,7 +90,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
         ];
 
         foreach ($this->securityPattern as $term) {
-            if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
+            if (!isset($arrayRef[$term])) {
                 throw new InvalidSQLLoginConfigurationException();
             }
         }