Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
Rudy Masson | 36aaacfe26 |
7
.env
7
.env
|
@ -23,14 +23,15 @@ DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
|
||||||
# DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
|
# DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
|
||||||
DB_USER="lasql"
|
DB_USER="lasql"
|
||||||
DB_PASSWORD="lasql"
|
DB_PASSWORD="lasql"
|
||||||
|
# url de l'hôte demandant la connexion
|
||||||
ISSUER_URL="http://localhost:8000"
|
ISSUER_URL="http://localhost:8000"
|
||||||
|
# url de hydra sql
|
||||||
BASE_URL='http://localhost:8080'
|
BASE_URL='http://localhost:8080'
|
||||||
# connexion hydra
|
# connexion hydra
|
||||||
HYDRA_ADMIN_BASE_URL='http://hydra:4445'
|
HYDRA_ADMIN_BASE_URL='http://hydra:4445'
|
||||||
APP_LOCALES="fr,en"
|
APP_LOCALES="fr,en"
|
||||||
SECURITY_PATTERN=
|
DEFAULT_LOCALE=fr
|
||||||
HASH_ALGO_LEGACY="sha256,ssha"
|
|
||||||
###> symfony/lock ###
|
###> symfony/lock ###
|
||||||
# Choose one of the stores below
|
# Choose one of the stores below
|
||||||
# postgresql+advisory://db_user:db_password@localhost/db_name
|
# postgresql+advisory://db_user:db_password@localhost/db_name
|
||||||
|
|
|
@ -10,8 +10,6 @@ parameters:
|
||||||
database.password: "%env(resolve:DB_PASSWORD)%"
|
database.password: "%env(resolve:DB_PASSWORD)%"
|
||||||
|
|
||||||
# algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
|
# algorythme de hashage utilisé "md5", "sha256", "haval160,4", etc.
|
||||||
env(HASH_ALGO_LEGACY): "sha256"
|
|
||||||
hashAlgoLegacy: '%env(resolve:HASH_ALGO_LEGACY)%'
|
|
||||||
|
|
||||||
# adresse du site hote
|
# adresse du site hote
|
||||||
issuer_url: '%env(resolve:ISSUER_URL)%'
|
issuer_url: '%env(resolve:ISSUER_URL)%'
|
||||||
|
@ -22,12 +20,11 @@ parameters:
|
||||||
default_locale: '%env(DEFAULT_LOCALE)%'
|
default_locale: '%env(DEFAULT_LOCALE)%'
|
||||||
env(DEFAULT_LOCALE): 'fr'
|
env(DEFAULT_LOCALE): 'fr'
|
||||||
|
|
||||||
security_pattern: '%env(resolve:SECURITY_PATTERN)%'
|
|
||||||
env(APP_LOCALES): "fr,en"
|
env(APP_LOCALES): "fr,en"
|
||||||
locales: '%env(APP_LOCALES)%'
|
locales: '%env(APP_LOCALES)%'
|
||||||
app.supported_locales: ~
|
app.supported_locales: ~
|
||||||
|
|
||||||
env(PEPPER): ""
|
env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
|
||||||
pepper: '%env(resolve:PEPPER)%'
|
pepper: '%env(resolve:PEPPER)%'
|
||||||
services:
|
services:
|
||||||
# default configuration for services in *this* file
|
# default configuration for services in *this* file
|
||||||
|
@ -71,7 +68,7 @@ services:
|
||||||
App\Security\Hasher\PasswordEncoder:
|
App\Security\Hasher\PasswordEncoder:
|
||||||
arguments:
|
arguments:
|
||||||
$pepper: '%pepper%'
|
$pepper: '%pepper%'
|
||||||
$hashAlgoLegacy: '%hashAlgoLegacy%'
|
$hashAlgoLegacy: []
|
||||||
$securityPattern: '%security_pattern%'
|
$securityPattern: []
|
||||||
# add more service definitions when explicit configuration is needed
|
# add more service definitions when explicit configuration is needed
|
||||||
# please note that last definitions always *replace* previous ones
|
# please note that last definitions always *replace* previous ones
|
||||||
|
|
|
@ -7,3 +7,12 @@ sql_login:
|
||||||
- email
|
- email
|
||||||
- lastname
|
- lastname
|
||||||
- firstname
|
- firstname
|
||||||
|
# ordre des composants du hashage du mot de passe
|
||||||
|
security_pattern:
|
||||||
|
- password
|
||||||
|
- salt
|
||||||
|
- pepper
|
||||||
|
# liste des alogorythmes utilisés pour le hahshage de mot passe
|
||||||
|
hash_algo_list:
|
||||||
|
- ssha
|
||||||
|
- sha256
|
|
@ -19,6 +19,12 @@ class SQLLoginConfiguration implements ConfigurationInterface
|
||||||
->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
|
->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
|
||||||
->scalarPrototype()->end()
|
->scalarPrototype()->end()
|
||||||
->end()
|
->end()
|
||||||
|
->arrayNode(SQLLoginRequest::SECURITY_PATTERN)
|
||||||
|
->scalarPrototype()->end()
|
||||||
|
->end()
|
||||||
|
->arrayNode(SQLLoginRequest::HASH_ALGO_LIST)
|
||||||
|
->scalarPrototype()->end()
|
||||||
|
->end()
|
||||||
->end();
|
->end();
|
||||||
|
|
||||||
return $treeBuilder;
|
return $treeBuilder;
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace App\DependencyInjection;
|
namespace App\DependencyInjection;
|
||||||
|
|
||||||
|
use App\Security\Hasher\PasswordEncoder;
|
||||||
use App\SQLLogin\SQLLoginRequest;
|
use App\SQLLogin\SQLLoginRequest;
|
||||||
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
|
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
|
||||||
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
||||||
|
@ -23,5 +24,8 @@ class SQLLoginExtension extends Extension implements CompilerPassInterface
|
||||||
{
|
{
|
||||||
$definition = $container->getDefinition(SQLLoginRequest::class);
|
$definition = $container->getDefinition(SQLLoginRequest::class);
|
||||||
$definition->replaceArgument('$config', $this->sqlLoginConfig);
|
$definition->replaceArgument('$config', $this->sqlLoginConfig);
|
||||||
|
$definitionPasswordEncoder = $container->getDefinition(PasswordEncoder::class);
|
||||||
|
$definitionPasswordEncoder->replaceArgument('$hashAlgoLegacy', $this->sqlLoginConfig[SQLLoginRequest::HASH_ALGO_LIST]);
|
||||||
|
$definitionPasswordEncoder->replaceArgument('$securityPattern', $this->sqlLoginConfig[SQLLoginRequest::SECURITY_PATTERN]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,8 @@ class SQLLoginRequest
|
||||||
public const PASSWORD_COLUMN_NAME = 'password_column_name';
|
public const PASSWORD_COLUMN_NAME = 'password_column_name';
|
||||||
public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
|
public const PASSWORD_NEED_UPGRADE = 'password_need_upgrade';
|
||||||
public const TABLE_NAME = 'table_name';
|
public const TABLE_NAME = 'table_name';
|
||||||
|
public const SECURITY_PATTERN = 'security_pattern';
|
||||||
|
public const HASH_ALGO_LIST = 'hash_algo_list';
|
||||||
|
|
||||||
protected array $config;
|
protected array $config;
|
||||||
protected string $dsn;
|
protected string $dsn;
|
||||||
|
|
|
@ -19,11 +19,11 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
||||||
protected array $hashAlgoLegacy;
|
protected array $hashAlgoLegacy;
|
||||||
protected array $securityPattern;
|
protected array $securityPattern;
|
||||||
|
|
||||||
public function __construct(?string $pepper, string $hashAlgoLegacy, string $securityPattern)
|
public function __construct(?string $pepper, array $hashAlgoLegacy, array $securityPattern)
|
||||||
{
|
{
|
||||||
$this->pepper = $pepper;
|
$this->pepper = $pepper;
|
||||||
$this->hashAlgoLegacy = explode(',', $hashAlgoLegacy);
|
$this->hashAlgoLegacy = $hashAlgoLegacy;
|
||||||
$this->securityPattern = explode(',', $securityPattern);
|
$this->securityPattern = $securityPattern;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -90,7 +90,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach ($this->securityPattern as $term) {
|
foreach ($this->securityPattern as $term) {
|
||||||
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
|
if (!isset($arrayRef[$term])) {
|
||||||
throw new InvalidSQLLoginConfigurationException();
|
throw new InvalidSQLLoginConfigurationException();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue