Bug #32726
Cryptography Strategies don't have Singleton annotation
| Status: | Closed | Start date: | 2011-12-20 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assignee: | Adrian Föder | % Done: | 100% |
|
| Category: | Security | |||
| Target version: | TYPO3 Flow Base Distribution - 1.0.3 | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | FLOW3 version affected: | FLOW3 1.0.1 | |
| Votes: | 0 |
Description
e.g. \TYPO3\FLOW3\Security\Cryptography\Pbkdf2HashingStrategy doesn't have @FLOW3\Scope("singleton") annotation which leads to
#1265370540: Cannot set instance of object "TYPO3\FLOW3\Security\Cryptography\PasswordHashingStrategyInterface" because it is of scope prototype. Only session and singleton instances can be set.
Adding that annotation fixes the issue.
Due to the fact that Pbkdf2 isn't default anymore it's likely that it hasn't been discovered earlier, but I wonder BCrypt also hasn't that annotation set and it seems to work?
History
Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7436
Updated by Adrian Föder over 1 year ago
add. information:Objects.yaml is set to
TYPO3\FLOW3\Security\Cryptography\PasswordHashingStrategyInterface: className: TYPO3\FLOW3\Security\Cryptography\Pbkdf2HashingStrategy
Updated by Karsten Dambekalns over 1 year ago
Ok, what you want to do is set the default hashing strategy. But your approach is wrong. Change the default instead in Settings.yaml:
TYPO3:
FLOW3:
security:
cryptography:
hashingStrategies:
default: pbkdf2The fact that the strategies miss the singleton scope annotation is something that is still a valid issue, though.
Updated by Adrian Föder over 1 year ago
ah, ok, thanks a lot... That's funny because my "solution" also works... but thanks; I'll change it.
Do you need further information regarding the scope annotation?
Updated by Karsten Dambekalns over 1 year ago
- Target version set to 1.0.2
- FLOW3 version affected changed from Git master to FLOW3 1.0.1
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7436
Updated by Karsten Dambekalns over 1 year ago
- Target version changed from 1.0.2 to 1.0.3
Updated by Sebastian Kurfuerst over 1 year ago
Karsten Dambekalns wrote:
Ok, what you want to do is set the default hashing strategy. But your approach is wrong. Change the default instead in
Settings.yaml: [...] The fact that the strategies miss the singleton scope annotation is something that is still a valid issue, though.
Hey Karsten,
can you point me to the place where this is evaluated? I just grepped the full FLOW3 source for "hashingStrategies", and did not find anything!
IMHO the strategies should be allowed to be prototypes...
Greets,
Sebastian
Updated by Christopher Hlubek over 1 year ago
This should work without changing the scope annotation since it is prototype by intent (to allow different configurations). The strategy interface should not be used directly as a singleton anymore (see HashService for example). If a direct access is needed use the specific strategy (which is still configured in Objects.yaml) or introduce a custom marker interface or factory.
Updated by Karsten Dambekalns over 1 year ago
- Status changed from Under Review to Closed
- % Done changed from 0 to 100
Updated by Karsten Dambekalns over 1 year ago
Sebastian Kurfuerst wrote:
can you point me to the place where this is evaluated? I just grepped the full FLOW3 source for "hashingStrategies", and did not find anything!
It is used in HashingService.