Merge branch '6.4' into 7.0

nicolas-grekas · nicolas-grekas · commit d2da68c2f7a2 · 2023-11-07T11:26:03.000+01:00
* 6.4: (28 commits) [Serializer] Fix `@method` annotation fix compatibility with Doctrine DBAL 4 ensure string type with mbstring func overloading enabled [HttpKernel] Fix quotes expectations in tests [Validator] updated Greek translation [Cache][HttpFoundation][Lock] Fix empty username/password for PDO PostgreSQL [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded render newline in front of all script elements fix test fixture fix tests [Cache] Fix property types in PdoAdapter PHP files cannot be executable without shebang [TwigBridge] Mark CodeExtension as @internal Remove full DSNs from exception messages [Yaml] Fix uid binary parsing Disable the "Copy as cURL" button when the debug info are disabled [HttpClient] Replace `escapeshellarg` to prevent overpassing `ARG_MAX` Fix missing `profile` option for console commands [HttpFoundation][Lock] Makes MongoDB adapters usable with `ext-mongodb` only [HttpKernel] Preventing error 500 when function putenv is disabled ...
diff --git a/Tests/Hasher/NativePasswordHasherTest.php b/Tests/Hasher/NativePasswordHasherTest.php
@@ -51,25 +51,25 @@ public function testValidation()
     {
         $hasher = new NativePasswordHasher();
         $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
-        $this->assertFalse($hasher->verify($result, 'anotherPassword', null));
-        $this->assertFalse($hasher->verify($result, '', null));
+        $this->assertTrue($hasher->verify($result, 'password'));
+        $this->assertFalse($hasher->verify($result, 'anotherPassword'));
+        $this->assertFalse($hasher->verify($result, ''));
     }
 
     public function testNonArgonValidation()
     {
         $hasher = new NativePasswordHasher();
-        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
-        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
-        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
-        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
+        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password'));
+        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword'));
+        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password'));
+        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword'));
     }
 
     public function testConfiguredAlgorithm()
     {
         $hasher = new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT);
-        $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
         $this->assertStringStartsWith('$2', $result);
     }
 
@@ -84,8 +84,8 @@ public function testDefaultAlgorithm()
     public function testConfiguredAlgorithmWithLegacyConstValue()
     {
         $hasher = new NativePasswordHasher(null, null, null, '1');
-        $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
         $this->assertStringStartsWith('$2', $result);
     }
 
@@ -94,17 +94,17 @@ public function testBcryptWithLongPassword()
         $hasher = new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT);
         $plainPassword = str_repeat('a', 100);
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword));
     }
 
     public function testBcryptWithNulByte()
     {
         $hasher = new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT);
         $plainPassword = "a\0b";
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword));
     }
 
     public function testNeedsRehash()
@@ -113,7 +113,7 @@ public function testNeedsRehash()
 
         $this->assertTrue($hasher->needsRehash('dummyhash'));
 
-        $hash = $hasher->hash('foo', 'salt');
+        $hash = $hasher->hash('foo');
         $this->assertFalse($hasher->needsRehash($hash));
 
         $hasher = new NativePasswordHasher(5, 11000, 5);
diff --git a/Tests/Hasher/PasswordHasherFactoryTest.php b/Tests/Hasher/PasswordHasherFactoryTest.php
@@ -109,7 +109,7 @@ public function testGetNamedHasherForHasherAware()
             'hasher_name' => new MessageDigestPasswordHasher('sha1'),
         ]);
 
-        $hasher = $factory->getPasswordHasher(new HasherAwareUser('user', 'pass'));
+        $hasher = $factory->getPasswordHasher(new HasherAwareUser());
         $expectedHasher = new MessageDigestPasswordHasher('sha1');
         $this->assertEquals($expectedHasher->hash('foo', ''), $hasher->hash('foo', ''));
     }
@@ -121,7 +121,7 @@ public function testGetNullNamedHasherForHasherAware()
             'hasher_name' => new MessageDigestPasswordHasher('sha256'),
         ]);
 
-        $user = new HasherAwareUser('mathilde', 'krogulec');
+        $user = new HasherAwareUser();
         $user->hasherName = null;
         $hasher = $factory->getPasswordHasher($user);
         $expectedHasher = new MessageDigestPasswordHasher('sha1');
@@ -136,7 +136,7 @@ public function testGetInvalidNamedHasherForHasherAware()
             'hasher_name' => new MessageDigestPasswordHasher('sha256'),
         ]);
 
-        $user = new HasherAwareUser('user', 'pass');
+        $user = new HasherAwareUser();
         $user->hasherName = 'invalid_hasher_name';
         $factory->getPasswordHasher($user);
     }
@@ -167,9 +167,9 @@ public function testMigrateFrom()
         $hasher = $factory->getPasswordHasher(SomeUser::class);
         $this->assertInstanceOf(MigratingPasswordHasher::class, $hasher);
 
-        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo', null), 'foo', null));
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo', null), 'foo', null));
-        $this->assertTrue($hasher->verify($digest->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo'), 'foo', null));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo'), 'foo', null));
+        $this->assertTrue($hasher->verify($digest->hash('foo'), 'foo', null));
         $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $hasher->hash('foo', null));
     }
 
diff --git a/Tests/Hasher/SodiumPasswordHasherTest.php b/Tests/Hasher/SodiumPasswordHasherTest.php
@@ -28,65 +28,65 @@ protected function setUp(): void
     public function testValidation()
     {
         $hasher = new SodiumPasswordHasher();
-        $result = $hasher->hash('password', null);
-        $this->assertTrue($hasher->verify($result, 'password', null));
-        $this->assertFalse($hasher->verify($result, 'anotherPassword', null));
-        $this->assertFalse($hasher->verify($result, '', null));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
+        $this->assertFalse($hasher->verify($result, 'anotherPassword'));
+        $this->assertFalse($hasher->verify($result, ''));
     }
 
     public function testBcryptValidation()
     {
         $hasher = new SodiumPasswordHasher();
-        $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
+        $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc'));
     }
 
     public function testNonArgonValidation()
     {
         $hasher = new SodiumPasswordHasher();
-        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
-        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
-        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
-        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
+        $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password'));
+        $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword'));
+        $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password'));
+        $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword'));
     }
 
     public function testHashLength()
     {
         $this->expectException(InvalidPasswordException::class);
         $hasher = new SodiumPasswordHasher();
-        $hasher->hash(str_repeat('a', 4097), 'salt');
+        $hasher->hash(str_repeat('a', 4097));
     }
 
     public function testCheckPasswordLength()
     {
         $hasher = new SodiumPasswordHasher();
-        $result = $hasher->hash(str_repeat('a', 4096), null);
-        $this->assertFalse($hasher->verify($result, str_repeat('a', 4097), null));
-        $this->assertTrue($hasher->verify($result, str_repeat('a', 4096), null));
+        $result = $hasher->hash(str_repeat('a', 4096));
+        $this->assertFalse($hasher->verify($result, str_repeat('a', 4097)));
+        $this->assertTrue($hasher->verify($result, str_repeat('a', 4096)));
     }
 
     public function testBcryptWithLongPassword()
     {
-        $hasher = new SodiumPasswordHasher(null, null, 4);
+        $hasher = new SodiumPasswordHasher(null, null);
         $plainPassword = str_repeat('a', 100);
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));
     }
 
     public function testBcryptWithNulByte()
     {
-        $hasher = new SodiumPasswordHasher(null, null, 4);
+        $hasher = new SodiumPasswordHasher(null, null);
         $plainPassword = "a\0b";
 
-        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));
+        $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));
     }
 
     public function testUserProvidedSaltIsNotUsed()
     {
         $hasher = new SodiumPasswordHasher();
-        $result = $hasher->hash('password', 'salt');
-        $this->assertTrue($hasher->verify($result, 'password', 'anotherSalt'));
+        $result = $hasher->hash('password');
+        $this->assertTrue($hasher->verify($result, 'password'));
     }
 
     public function testNeedsRehash()
@@ -95,7 +95,7 @@ public function testNeedsRehash()
 
         $this->assertTrue($hasher->needsRehash('dummyhash'));
 
-        $hash = $hasher->hash('foo', 'salt');
+        $hash = $hasher->hash('foo');
         $this->assertFalse($hasher->needsRehash($hash));
 
         $hasher = new SodiumPasswordHasher(5, 11000);

Original file line number	Diff line number	Diff line change
`@@ -28,65 +28,65 @@ protected function setUp(): void`
`28`	`28`	`public function testValidation()`
`29`	`29`	`{`
`30`	`30`	`$hasher = new SodiumPasswordHasher();`
`31`		`- $result = $hasher->hash('password', null);`
`32`		`- $this->assertTrue($hasher->verify($result, 'password', null));`
`33`		`- $this->assertFalse($hasher->verify($result, 'anotherPassword', null));`
`34`		`- $this->assertFalse($hasher->verify($result, '', null));`
	`31`	`+ $result = $hasher->hash('password');`
	`32`	`+ $this->assertTrue($hasher->verify($result, 'password'));`
	`33`	`+ $this->assertFalse($hasher->verify($result, 'anotherPassword'));`
	`34`	`+ $this->assertFalse($hasher->verify($result, ''));`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`public function testBcryptValidation()`
`38`	`38`	`{`
`39`	`39`	`$hasher = new SodiumPasswordHasher();`
`40`		`- $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));`
	`40`	`+ $this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc'));`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`public function testNonArgonValidation()`
`44`	`44`	`{`
`45`	`45`	`$hasher = new SodiumPasswordHasher();`
`46`		`- $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));`
`47`		`- $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));`
`48`		`- $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));`
`49`		`- $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));`
	`46`	`+ $this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password'));`
	`47`	`+ $this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword'));`
	`48`	`+ $this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password'));`
	`49`	`+ $this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword'));`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`public function testHashLength()`
`53`	`53`	`{`
`54`	`54`	`$this->expectException(InvalidPasswordException::class);`
`55`	`55`	`$hasher = new SodiumPasswordHasher();`
`56`		`- $hasher->hash(str_repeat('a', 4097), 'salt');`
	`56`	`+ $hasher->hash(str_repeat('a', 4097));`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`public function testCheckPasswordLength()`
`60`	`60`	`{`
`61`	`61`	`$hasher = new SodiumPasswordHasher();`
`62`		`- $result = $hasher->hash(str_repeat('a', 4096), null);`
`63`		`- $this->assertFalse($hasher->verify($result, str_repeat('a', 4097), null));`
`64`		`- $this->assertTrue($hasher->verify($result, str_repeat('a', 4096), null));`
	`62`	`+ $result = $hasher->hash(str_repeat('a', 4096));`
	`63`	`+ $this->assertFalse($hasher->verify($result, str_repeat('a', 4097)));`
	`64`	`+ $this->assertTrue($hasher->verify($result, str_repeat('a', 4096)));`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`public function testBcryptWithLongPassword()`
`68`	`68`	`{`
`69`		`- $hasher = new SodiumPasswordHasher(null, null, 4);`
	`69`	`+ $hasher = new SodiumPasswordHasher(null, null);`
`70`	`70`	`$plainPassword = str_repeat('a', 100);`
`71`	`71`
`72`		`- $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));`
`73`		`- $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));`
	`72`	`+ $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));`
	`73`	`+ $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`public function testBcryptWithNulByte()`
`77`	`77`	`{`
`78`		`- $hasher = new SodiumPasswordHasher(null, null, 4);`
	`78`	`+ $hasher = new SodiumPasswordHasher(null, null);`
`79`	`79`	`$plainPassword = "a\0b";`
`80`	`80`
`81`		`- $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));`
`82`		`- $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword, 'salt'));`
	`81`	`+ $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));`
	`82`	`+ $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`public function testUserProvidedSaltIsNotUsed()`
`86`	`86`	`{`
`87`	`87`	`$hasher = new SodiumPasswordHasher();`
`88`		`- $result = $hasher->hash('password', 'salt');`
`89`		`- $this->assertTrue($hasher->verify($result, 'password', 'anotherSalt'));`
	`88`	`+ $result = $hasher->hash('password');`
	`89`	`+ $this->assertTrue($hasher->verify($result, 'password'));`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`public function testNeedsRehash()`
`@@ -95,7 +95,7 @@ public function testNeedsRehash()`
`95`	`95`
`96`	`96`	`$this->assertTrue($hasher->needsRehash('dummyhash'));`
`97`	`97`
`98`		`- $hash = $hasher->hash('foo', 'salt');`
	`98`	`+ $hash = $hasher->hash('foo');`
`99`	`99`	`$this->assertFalse($hasher->needsRehash($hash));`
`100`	`100`
`101`	`101`	`$hasher = new SodiumPasswordHasher(5, 11000);`