Compare commits

...

1 Commits

Author SHA1 Message Date
Rudy Masson 36aaacfe26 issue-16: variable d'environnement transposées en configuration
Cadoles/hydra-sql/pipeline/pr-develop There was a failure building this commit Details
Cadoles/hydra-sql/pipeline/head This commit is unstable Details
2023-06-14 16:22:33 +02:00
7 changed files with 33 additions and 14 deletions

7
.env
View File

@ -23,14 +23,15 @@ DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
# DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;" # DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
DB_USER="lasql" DB_USER="lasql"
DB_PASSWORD="lasql" DB_PASSWORD="lasql"
# url de l'hôte demandant la connexion
ISSUER_URL="http://localhost:8000" ISSUER_URL="http://localhost:8000"
# url de hydra sql
BASE_URL='http://localhost:8080' BASE_URL='http://localhost:8080'
# connexion hydra # connexion hydra
HYDRA_ADMIN_BASE_URL='http://hydra:4445' HYDRA_ADMIN_BASE_URL='http://hydra:4445'
APP_LOCALES="fr,en" APP_LOCALES="fr,en"
SECURITY_PATTERN= DEFAULT_LOCALE=fr
HASH_ALGO_LEGACY="sha256,ssha"
###> symfony/lock ### ###> symfony/lock ###
# Choose one of the stores below # Choose one of the stores below
# postgresql+advisory://db_user:db_password@localhost/db_name # postgresql+advisory://db_user:db_password@localhost/db_name

View File

@ -10,8 +10,6 @@ parameters:
database.password: "%env(resolve:DB_PASSWORD)%" database.password: "%env(resolve:DB_PASSWORD)%"
# algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc. # algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
env(HASH_ALGO_LEGACY): "sha256"
hashAlgoLegacy: '%env(resolve:HASH_ALGO_LEGACY)%'
# adresse du site hote # adresse du site hote
issuer_url: '%env(resolve:ISSUER_URL)%' issuer_url: '%env(resolve:ISSUER_URL)%'
@ -22,12 +20,11 @@ parameters:
default_locale: '%env(DEFAULT_LOCALE)%' default_locale: '%env(DEFAULT_LOCALE)%'
env(DEFAULT_LOCALE): 'fr' env(DEFAULT_LOCALE): 'fr'
security_pattern: '%env(resolve:SECURITY_PATTERN)%'
env(APP_LOCALES): "fr,en" env(APP_LOCALES): "fr,en"
locales: '%env(APP_LOCALES)%' locales: '%env(APP_LOCALES)%'
app.supported_locales: ~ app.supported_locales: ~
env(PEPPER): "" env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
pepper: '%env(resolve:PEPPER)%' pepper: '%env(resolve:PEPPER)%'
services: services:
# default configuration for services in *this* file # default configuration for services in *this* file
@ -71,7 +68,7 @@ services:
App\Security\Hasher\PasswordEncoder: App\Security\Hasher\PasswordEncoder:
arguments: arguments:
$pepper: '%pepper%' $pepper: '%pepper%'
$hashAlgoLegacy: '%hashAlgoLegacy%' $hashAlgoLegacy: []
$securityPattern: '%security_pattern%' $securityPattern: []
# add more service definitions when explicit configuration is needed # add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones # please note that last definitions always *replace* previous ones

View File

@ -7,3 +7,12 @@ sql_login:
- email - email
- lastname - lastname
- firstname - firstname
# ordre des composants du hashage du mot de passe
security_pattern:
- password
- salt
- pepper
# liste des alogorythmes utilisés pour le hahshage de mot passe
hash_algo_list:
- ssha
- sha256

View File

@ -19,6 +19,12 @@ class SQLLoginConfiguration implements ConfigurationInterface
->arrayNode(SQLLoginRequest::DATA_TO_FETCH) ->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
->scalarPrototype()->end() ->scalarPrototype()->end()
->end() ->end()
->arrayNode(SQLLoginRequest::SECURITY_PATTERN)
->scalarPrototype()->end()
->end()
->arrayNode(SQLLoginRequest::HASH_ALGO_LIST)
->scalarPrototype()->end()
->end()
->end(); ->end();
return $treeBuilder; return $treeBuilder;

View File

@ -2,6 +2,7 @@
namespace App\DependencyInjection; namespace App\DependencyInjection;
use App\Security\Hasher\PasswordEncoder;
use App\SQLLogin\SQLLoginRequest; use App\SQLLogin\SQLLoginRequest;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\ContainerBuilder;
@ -23,5 +24,8 @@ class SQLLoginExtension extends Extension implements CompilerPassInterface
{ {
$definition = $container->getDefinition(SQLLoginRequest::class); $definition = $container->getDefinition(SQLLoginRequest::class);
$definition->replaceArgument('$config', $this->sqlLoginConfig); $definition->replaceArgument('$config', $this->sqlLoginConfig);
$definitionPasswordEncoder = $container->getDefinition(PasswordEncoder::class);
$definitionPasswordEncoder->replaceArgument('$hashAlgoLegacy', $this->sqlLoginConfig[SQLLoginRequest::HASH_ALGO_LIST]);
$definitionPasswordEncoder->replaceArgument('$securityPattern', $this->sqlLoginConfig[SQLLoginRequest::SECURITY_PATTERN]);
} }
} }

View File

@ -10,6 +10,8 @@ class SQLLoginRequest
public const PASSWORD_COLUMN_NAME = 'password_column_name'; public const PASSWORD_COLUMN_NAME = 'password_column_name';
public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade'; public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
public const TABLE_NAME = 'table_name'; public const TABLE_NAME = 'table_name';
public const SECURITY_PATTERN = 'security_pattern';
public const HASH_ALGO_LIST = 'hash_algo_list';
protected array $config; protected array $config;
protected string $dsn; protected string $dsn;

View File

@ -19,11 +19,11 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
protected array $hashAlgoLegacy; protected array $hashAlgoLegacy;
protected array $securityPattern; protected array $securityPattern;
public function __construct(?string $pepper, string $hashAlgoLegacy, string $securityPattern) public function __construct(?string $pepper, array $hashAlgoLegacy, array $securityPattern)
{ {
$this->pepper = $pepper; $this->pepper = $pepper;
$this->hashAlgoLegacy = explode(',', $hashAlgoLegacy); $this->hashAlgoLegacy = $hashAlgoLegacy;
$this->securityPattern = explode(',', $securityPattern); $this->securityPattern = $securityPattern;
} }
/** /**
@ -90,7 +90,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
]; ];
foreach ($this->securityPattern as $term) { foreach ($this->securityPattern as $term) {
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) { if (!isset($arrayRef[$term])) {
throw new InvalidSQLLoginConfigurationException(); throw new InvalidSQLLoginConfigurationException();
} }
} }