Compare commits

...

1 Commits

Author SHA1 Message Date
Rudy Masson 36aaacfe26 issue-16: variable d'environnement transposées en configuration
Cadoles/hydra-sql/pipeline/pr-develop There was a failure building this commit Details
Cadoles/hydra-sql/pipeline/head This commit is unstable Details
2023-06-14 16:22:33 +02:00
7 changed files with 33 additions and 14 deletions

7
.env
View File

@ -23,14 +23,15 @@ DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
# DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
DB_USER="lasql"
DB_PASSWORD="lasql"
# url de l'hôte demandant la connexion
ISSUER_URL="http://localhost:8000"
# url de hydra sql
BASE_URL='http://localhost:8080'
# connexion hydra
HYDRA_ADMIN_BASE_URL='http://hydra:4445'
APP_LOCALES="fr,en"
SECURITY_PATTERN=
HASH_ALGO_LEGACY="sha256,ssha"
DEFAULT_LOCALE=fr
###> symfony/lock ###
# Choose one of the stores below
# postgresql+advisory://db_user:db_password@localhost/db_name

View File

@ -10,8 +10,6 @@ parameters:
database.password: "%env(resolve:DB_PASSWORD)%"
# algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
env(HASH_ALGO_LEGACY): "sha256"
hashAlgoLegacy: '%env(resolve:HASH_ALGO_LEGACY)%'
# adresse du site hote
issuer_url: '%env(resolve:ISSUER_URL)%'
@ -22,12 +20,11 @@ parameters:
default_locale: '%env(DEFAULT_LOCALE)%'
env(DEFAULT_LOCALE): 'fr'
security_pattern: '%env(resolve:SECURITY_PATTERN)%'
env(APP_LOCALES): "fr,en"
locales: '%env(APP_LOCALES)%'
app.supported_locales: ~
env(PEPPER): ""
env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
pepper: '%env(resolve:PEPPER)%'
services:
# default configuration for services in *this* file
@ -71,7 +68,7 @@ services:
App\Security\Hasher\PasswordEncoder:
arguments:
$pepper: '%pepper%'
$hashAlgoLegacy: '%hashAlgoLegacy%'
$securityPattern: '%security_pattern%'
$hashAlgoLegacy: []
$securityPattern: []
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones

View File

@ -6,4 +6,13 @@ sql_login:
data_to_fetch:
- email
- lastname
- firstname
- firstname
# ordre des composants du hashage du mot de passe
security_pattern:
- password
- salt
- pepper
# liste des alogorythmes utilisés pour le hahshage de mot passe
hash_algo_list:
- ssha
- sha256

View File

@ -19,6 +19,12 @@ class SQLLoginConfiguration implements ConfigurationInterface
->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
->scalarPrototype()->end()
->end()
->arrayNode(SQLLoginRequest::SECURITY_PATTERN)
->scalarPrototype()->end()
->end()
->arrayNode(SQLLoginRequest::HASH_ALGO_LIST)
->scalarPrototype()->end()
->end()
->end();
return $treeBuilder;

View File

@ -2,6 +2,7 @@
namespace App\DependencyInjection;
use App\Security\Hasher\PasswordEncoder;
use App\SQLLogin\SQLLoginRequest;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
@ -23,5 +24,8 @@ class SQLLoginExtension extends Extension implements CompilerPassInterface
{
$definition = $container->getDefinition(SQLLoginRequest::class);
$definition->replaceArgument('$config', $this->sqlLoginConfig);
$definitionPasswordEncoder = $container->getDefinition(PasswordEncoder::class);
$definitionPasswordEncoder->replaceArgument('$hashAlgoLegacy', $this->sqlLoginConfig[SQLLoginRequest::HASH_ALGO_LIST]);
$definitionPasswordEncoder->replaceArgument('$securityPattern', $this->sqlLoginConfig[SQLLoginRequest::SECURITY_PATTERN]);
}
}

View File

@ -10,6 +10,8 @@ class SQLLoginRequest
public const PASSWORD_COLUMN_NAME = 'password_column_name';
public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
public const TABLE_NAME = 'table_name';
public const SECURITY_PATTERN = 'security_pattern';
public const HASH_ALGO_LIST = 'hash_algo_list';
protected array $config;
protected string $dsn;

View File

@ -19,11 +19,11 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
protected array $hashAlgoLegacy;
protected array $securityPattern;
public function __construct(?string $pepper, string $hashAlgoLegacy, string $securityPattern)
public function __construct(?string $pepper, array $hashAlgoLegacy, array $securityPattern)
{
$this->pepper = $pepper;
$this->hashAlgoLegacy = explode(',', $hashAlgoLegacy);
$this->securityPattern = explode(',', $securityPattern);
$this->hashAlgoLegacy = $hashAlgoLegacy;
$this->securityPattern = $securityPattern;
}
/**
@ -90,7 +90,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
];
foreach ($this->securityPattern as $term) {
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
if (!isset($arrayRef[$term])) {
throw new InvalidSQLLoginConfigurationException();
}
}