Skip to content

Commit c5e0664

Browse files
fabpotfabpot
committed
Merge branch '4.4' into 5.0
* 4.4: Add missing use statements [Translation] Add missing use statement [Translation] Add missing use statement [Config][XmlReferenceDumper] Prevent potential \TypeError [Mailer] Fix broken mandrill http send for recipients with names [Translation] prefer intl domain when adding messages to catalogue Fix CS Fix CS Fail on empty password verification (without warning on any implementation) [Translation][Debug] Add installation and minimal example to README [Validator] try to call __get method if property is uninitialized Show both missing packages in the same error message Fix handling of empty_data's \Closure value in Date/Time form types
2 parents 7415690 + f8c6850 commit c5e0664

File tree

4 files changed

+10
-0
lines changed

4 files changed

+10
-0
lines changed

Encoder/NativePasswordEncoder.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,10 @@ public function encodePassword(string $raw, ?string $salt): string
7676
*/
7777
public function isPasswordValid(string $encoded, string $raw, ?string $salt): bool
7878
{
79+
if ('' === $raw) {
80+
return false;
81+
}
82+
7983
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
8084
return false;
8185
}

Encoder/SodiumPasswordEncoder.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,10 @@ public function encodePassword(string $raw, ?string $salt): string
7676
*/
7777
public function isPasswordValid(string $encoded, string $raw, ?string $salt): bool
7878
{
79+
if ('' === $raw) {
80+
return false;
81+
}
82+
7983
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
8084
return false;
8185
}

Tests/Encoder/NativePasswordEncoderTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ public function testValidation()
5353
$result = $encoder->encodePassword('password', null);
5454
$this->assertTrue($encoder->isPasswordValid($result, 'password', null));
5555
$this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
56+
$this->assertFalse($encoder->isPasswordValid($result, '', null));
5657
}
5758

5859
public function testNonArgonValidation()

Tests/Encoder/SodiumPasswordEncoderTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ public function testValidation()
2929
$result = $encoder->encodePassword('password', null);
3030
$this->assertTrue($encoder->isPasswordValid($result, 'password', null));
3131
$this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
32+
$this->assertFalse($encoder->isPasswordValid($result, '', null));
3233
}
3334

3435
public function testBCryptValidation()

0 commit comments

Comments
 (0)