feature symfony#1703 [make:user] Hash passwords using crc32c and deprecate eraseCredentials() (nicolas-grekas)

kbond · William Pinaud · commit a585c6768206 · 2025-06-04T14:05:09.000+02:00
This PR was merged into the 1.x branch. Discussion ---------- [make:user] Hash passwords using crc32c and deprecate eraseCredentials() Fix symfony#1700 Replace #symfony#1701 Commits ------- 75886fb [make:user] Hash passwords using crc32c and deprecate eraseCredentials()
diff --git a/composer.json b/composer.json
@@ -34,6 +34,7 @@
         "symfony/http-client": "^6.4|^7.0",
         "symfony/phpunit-bridge": "^6.4.1|^7.0",
         "symfony/security-core": "^6.4|^7.0",
+        "symfony/security-http": "^6.4|^7.0",
         "symfony/yaml": "^6.4|^7.0",
         "twig/twig": "^3.0|^4.x-dev"
     },
diff --git a/src/Security/UserClassBuilder.php b/src/Security/UserClassBuilder.php
@@ -17,6 +17,7 @@
 use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Attribute\IsGrantedContext;
 
 /**
  * Adds logic to implement UserInterface to an existing User class.
@@ -37,7 +38,13 @@ public function addUserInterfaceImplementation(ClassSourceManipulator $manipulat
 
         $this->addPasswordImplementation($manipulator, $userClassConfig);
 
-        $this->addEraseCredentials($manipulator);
+        if (class_exists(IsGrantedContext::class)) {
+            $this->addSerialize($manipulator);
+        }
+
+        if (method_exists(UserInterface::class, 'eraseCredentials')) {
+            $this->addEraseCredentials($manipulator);
+        }
     }
 
     private function addPasswordImplementation(ClassSourceManipulator $manipulator, UserClassConfiguration $userClassConfig): void
@@ -245,17 +252,80 @@ private function addEraseCredentials(ClassSourceManipulator $manipulator): void
         $builder = $manipulator->createMethodBuilder(
             'eraseCredentials',
             'void',
-            false,
-            ['@see UserInterface']
+            false
         );
+        $builder->addAttribute(new Node\Attribute(new Node\Name('\Deprecated')));
         $builder->addStmt(
             $manipulator->createMethodLevelCommentNode(
-                'If you store any temporary, sensitive data on the user, clear it here'
+                '@deprecated, to be removed when upgrading to Symfony 8'
             )
         );
+
+        $manipulator->addMethodBuilder($builder);
+    }
+
+    private function addSerialize(ClassSourceManipulator $manipulator): void
+    {
+        $builder = $manipulator->createMethodBuilder(
+            '__serialize',
+            'array',
+            false,
+            [
+                'Ensure the session doesn\'t contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.',
+            ]
+        );
+
+        // $data = (array) $this;
         $builder->addStmt(
-            $manipulator->createMethodLevelCommentNode(
-                '$this->plainPassword = null;'
+            new Node\Stmt\Expression(
+                new Node\Expr\Assign(
+                    new Node\Expr\Variable('data'),
+                    new Node\Expr\Cast\Array_(
+                        new Node\Expr\Variable('this')
+                    )
+                )
+            )
+        );
+
+        // $data["\0".self::class."\0password"] = hash('crc32c', $this->password);
+        $builder->addStmt(
+            new Node\Stmt\Expression(
+                new Node\Expr\Assign(
+                    new Node\Expr\ArrayDimFetch(
+                        new Node\Expr\Variable('data'),
+                        new Node\Expr\BinaryOp\Concat(
+                            new Node\Expr\BinaryOp\Concat(
+                                new Node\Scalar\String_("\0", ['kind' => Node\Scalar\String_::KIND_DOUBLE_QUOTED]),
+                                new Node\Expr\ClassConstFetch(
+                                    new Node\Name('self'),
+                                    'class'
+                                )
+                            ),
+                            new Node\Scalar\String_("\0password", ['kind' => Node\Scalar\String_::KIND_DOUBLE_QUOTED]),
+                        )
+                    ),
+                    new Node\Expr\FuncCall(
+                        new Node\Name('hash'),
+                        [
+                            new Node\Arg(new Node\Scalar\String_('crc32c')),
+                            new Node\Arg(
+                                new Node\Expr\PropertyFetch(
+                                    new Node\Expr\Variable('this'),
+                                    'password'
+                                )
+                            ),
+                        ]
+                    )
+                )
+            )
+        );
+
+        $builder->addStmt(new Node\Stmt\Nop());
+
+        // return $data;
+        $builder->addStmt(
+            new Node\Stmt\Return_(
+                new Node\Expr\Variable('data')
             )
         );
 
diff --git a/src/Util/PrettyPrinter.php b/src/Util/PrettyPrinter.php
@@ -59,6 +59,7 @@ protected function pStmt_ClassMethod(Stmt\ClassMethod $node): string
         if ($node->returnType) {
             $classMethod = str_replace(') :', '):', $classMethod);
         }
+        $classMethod = str_replace('\x00', '\0', $classMethod);
 
         return $classMethod;
     }
diff --git a/tests/Security/UserClassBuilderTest.php b/tests/Security/UserClassBuilderTest.php
@@ -15,6 +15,8 @@
 use Symfony\Bundle\MakerBundle\Security\UserClassBuilder;
 use Symfony\Bundle\MakerBundle\Security\UserClassConfiguration;
 use Symfony\Bundle\MakerBundle\Util\ClassSourceManipulator;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Attribute\IsGrantedContext;
 
 class UserClassBuilderTest extends TestCase
 {
@@ -31,6 +33,14 @@ public function testAddUserInterfaceImplementation(UserClassConfiguration $userC
         $expectedPath = $this->getExpectedPath($expectedFilename, null);
         $expectedSource = file_get_contents($expectedPath);
 
+        if (!class_exists(IsGrantedContext::class)) {
+            $expectedSource = preg_replace('/\n\n(.+\n)+.+function __serialize[^}]++}/', '', $expectedSource);
+        }
+
+        if (!method_exists(UserInterface::class, 'eraseCredentials')) {
+            $expectedSource = preg_replace('/\n\n(.+\n)+.+function eraseCredentials[^}]++}/', '', $expectedSource);
+        }
+
         self::assertSame($expectedSource, $manipulator->getSourceCode());
     }
 
diff --git a/tests/Security/fixtures/expected/UserEntityWithEmailAsIdentifier.php b/tests/Security/fixtures/expected/UserEntityWithEmailAsIdentifier.php
@@ -95,11 +95,19 @@ public function setPassword(string $password): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/Security/fixtures/expected/UserEntityWithPassword.php b/tests/Security/fixtures/expected/UserEntityWithPassword.php
@@ -90,11 +90,19 @@ public function setPassword(string $password): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/Security/fixtures/expected/UserEntityWithUser_IdentifierAsIdentifier.php b/tests/Security/fixtures/expected/UserEntityWithUser_IdentifierAsIdentifier.php
@@ -90,11 +90,19 @@ public function setPassword(string $password): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/Security/fixtures/expected/UserEntityWithoutPassword.php b/tests/Security/fixtures/expected/UserEntityWithoutPassword.php
@@ -68,11 +68,19 @@ public function setRoles(array $roles): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/Security/fixtures/expected/UserModelWithEmailAsIdentifier.php b/tests/Security/fixtures/expected/UserModelWithEmailAsIdentifier.php
@@ -79,11 +79,19 @@ public function setPassword(string $password): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/Security/fixtures/expected/UserModelWithPassword.php b/tests/Security/fixtures/expected/UserModelWithPassword.php
@@ -74,11 +74,19 @@ public function setPassword(string $password): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/Security/fixtures/expected/UserModelWithoutPassword.php b/tests/Security/fixtures/expected/UserModelWithoutPassword.php
@@ -53,11 +53,19 @@ public function setRoles(array $roles): static
     }
 
     /**
-     * @see UserInterface
+     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
      */
+    public function __serialize(): array
+    {
+        $data = (array) $this;
+        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
+        
+        return $data;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
-        // If you store any temporary, sensitive data on the user, clear it here
-        // $this->plainPassword = null;
+        // @deprecated, to be removed when upgrading to Symfony 8
     }
 }
diff --git a/tests/fixtures/make-crud/expected/WithCustomRepository.php b/tests/fixtures/make-crud/expected/WithCustomRepository.php
@@ -38,7 +38,7 @@ public function new(Request $request, EntityManagerInterface $entityManager): Re
 
         return $this->render('sweet_food/new.html.twig', [
             'sweet_food' => $sweetFood,
-            'form' => $form,
+            'form' => $form->createView(),
         ]);
     }
 
@@ -64,7 +64,7 @@ public function edit(Request $request, SweetFood $sweetFood, EntityManagerInterf
 
         return $this->render('sweet_food/edit.html.twig', [
             'sweet_food' => $sweetFood,
-            'form' => $form,
+            'form' => $form->createView(),
         ]);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@ protected function pStmt_ClassMethod(Stmt\ClassMethod $node): string`
`59`	`59`	`if ($node->returnType) {`
`60`	`60`	`$classMethod = str_replace(') :', '):', $classMethod);`
`61`	`61`	`}`
	`62`	`+ $classMethod = str_replace('\x00', '\0', $classMethod);`
`62`	`63`
`63`	`64`	`return $classMethod;`
`64`	`65`	`}`
Original file line number	Diff line number	Diff line change
`@@ -95,11 +95,19 @@ public function setPassword(string $password): static`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`/**`
`98`		`- * @see UserInterface`
	`98`	`+ * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.`
`99`	`99`	`*/`
	`100`	`+ public function __serialize(): array`
	`101`	`+ {`
	`102`	`+ $data = (array) $this;`
	`103`	`+ $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);`
	`104`	`+`
	`105`	`+ return $data;`
	`106`	`+ }`
	`107`	`+`
	`108`	`+ #[\Deprecated]`
`100`	`109`	`public function eraseCredentials(): void`
`101`	`110`	`{`
`102`		`- // If you store any temporary, sensitive data on the user, clear it here`
`103`		`- // $this->plainPassword = null;`
	`111`	`+ // @deprecated, to be removed when upgrading to Symfony 8`
`104`	`112`	`}`
`105`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -90,11 +90,19 @@ public function setPassword(string $password): static`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`/**`
`93`		`- * @see UserInterface`
	`93`	`+ * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.`
`94`	`94`	`*/`
	`95`	`+ public function __serialize(): array`
	`96`	`+ {`
	`97`	`+ $data = (array) $this;`
	`98`	`+ $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);`
	`99`	`+`
	`100`	`+ return $data;`
	`101`	`+ }`
	`102`	`+`
	`103`	`+ #[\Deprecated]`
`95`	`104`	`public function eraseCredentials(): void`
`96`	`105`	`{`
`97`		`- // If you store any temporary, sensitive data on the user, clear it here`
`98`		`- // $this->plainPassword = null;`
	`106`	`+ // @deprecated, to be removed when upgrading to Symfony 8`
`99`	`107`	`}`
`100`	`108`	`}`
Original file line number	Diff line number	Diff line change
`@@ -68,11 +68,19 @@ public function setRoles(array $roles): static`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`/**`
`71`		`- * @see UserInterface`
	`71`	`+ * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.`
`72`	`72`	`*/`
	`73`	`+ public function __serialize(): array`
	`74`	`+ {`
	`75`	`+ $data = (array) $this;`
	`76`	`+ $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);`
	`77`	`+`
	`78`	`+ return $data;`
	`79`	`+ }`
	`80`	`+`
	`81`	`+ #[\Deprecated]`
`73`	`82`	`public function eraseCredentials(): void`
`74`	`83`	`{`
`75`		`- // If you store any temporary, sensitive data on the user, clear it here`
`76`		`- // $this->plainPassword = null;`
	`84`	`+ // @deprecated, to be removed when upgrading to Symfony 8`
`77`	`85`	`}`
`78`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -79,11 +79,19 @@ public function setPassword(string $password): static`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`/**`
`82`		`- * @see UserInterface`
	`82`	`+ * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.`
`83`	`83`	`*/`
	`84`	`+ public function __serialize(): array`
	`85`	`+ {`
	`86`	`+ $data = (array) $this;`
	`87`	`+ $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);`
	`88`	`+`
	`89`	`+ return $data;`
	`90`	`+ }`
	`91`	`+`
	`92`	`+ #[\Deprecated]`
`84`	`93`	`public function eraseCredentials(): void`
`85`	`94`	`{`
`86`		`- // If you store any temporary, sensitive data on the user, clear it here`
`87`		`- // $this->plainPassword = null;`
	`95`	`+ // @deprecated, to be removed when upgrading to Symfony 8`
`88`	`96`	`}`
`89`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -74,11 +74,19 @@ public function setPassword(string $password): static`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`/**`
`77`		`- * @see UserInterface`
	`77`	`+ * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.`
`78`	`78`	`*/`
	`79`	`+ public function __serialize(): array`
	`80`	`+ {`
	`81`	`+ $data = (array) $this;`
	`82`	`+ $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);`
	`83`	`+`
	`84`	`+ return $data;`
	`85`	`+ }`
	`86`	`+`
	`87`	`+ #[\Deprecated]`
`79`	`88`	`public function eraseCredentials(): void`
`80`	`89`	`{`
`81`		`- // If you store any temporary, sensitive data on the user, clear it here`
`82`		`- // $this->plainPassword = null;`
	`90`	`+ // @deprecated, to be removed when upgrading to Symfony 8`
`83`	`91`	`}`
`84`	`92`	`}`