Commit20bc2c2

committed

Use bcrypt as default password hash algorithm for "native" and "auto"

1 parent163df1e commit20bc2c2Copy full SHA for 20bc2c2

File tree

+24

-6

lines changed

+24

-6

lines changed

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,3 +2,4 @@`
`2`	`2`	`---`
`3`	`3`
`4`	`4`	`* Add the component`
	`5`	+* Use`bcrypt` as default algorithm in`NativePasswordHasher`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ final class NativePasswordHasher implements PasswordHasherInterface`
`29`	`29`	`private$options;`
`30`	`30`
`31`	`31`	`/**`
`32`		`- * @param string\|null $algo An algorithm supported by password_hash() or null to use thestronger available algorithm`
	`32`	`+ * @param string\|null $algo An algorithm supported by password_hash() or null to use thebest available algorithm`
`33`	`33`	`*/`
`34`	`34`	`publicfunction__construct(int$opsLimit =null,int$memLimit =null,int$cost =null, ?string$algo =null)`
`35`	`35`	`{`
`@@ -52,15 +52,18 @@ public function __construct(int $opsLimit = null, int $memLimit = null, int $cos`
`52`	`52`	`$algos = [1 => \PASSWORD_BCRYPT,'2y' => \PASSWORD_BCRYPT];`
`53`	`53`
`54`	`54`	`if (\defined('PASSWORD_ARGON2I')) {`
`55`		`-$this->algo =$algos[2] =$algos['argon2i'] = (string) \PASSWORD_ARGON2I;`
	`55`	`+$algos[2] =$algos['argon2i'] = (string) \PASSWORD_ARGON2I;`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`if (\defined('PASSWORD_ARGON2ID')) {`
`59`		`-$this->algo =$algos[3] =$algos['argon2id'] = (string) \PASSWORD_ARGON2ID;`
	`59`	`+$algos[3] =$algos['argon2id'] = (string) \PASSWORD_ARGON2ID;`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`if (null !==$algo) {`
`63`	`63`	`$this->algo =$algos[$algo] ??$algo;`
	`64`	`+ }else {`
	`65`	`+// use bcrypt as default`
	`66`	`+$this->algo =$algos[1];`
`64`	`67`	`}`
`65`	`68`
`66`	`69`	`$this->options = [`

Lines changed: 9 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,9 @@`
`11`	`11`
`12`	`12`	`namespaceSymfony\Component\PasswordHasher\Hasher;`
`13`	`13`
`14`		`-useSymfony\Component\Security\Core\Encoder\EncoderAwareInterface;`
`15`	`14`	`useSymfony\Component\PasswordHasher\Exception\LogicException;`
`16`	`15`	`useSymfony\Component\PasswordHasher\PasswordHasherInterface;`
	`16`	`+useSymfony\Component\Security\Core\Encoder\EncoderAwareInterface;`
`17`	`17`
`18`	`18`	`/**`
`19`	`19`	`* A generic hasher factory implementation.`
`@@ -103,9 +103,15 @@ private function createHasher(array $config, bool $isExtra = false): PasswordHas`
`103`	`103`	`privatefunctiongetHasherConfigFromAlgorithm(array$config):array`
`104`	`104`	`{`
`105`	`105`	`if ('auto' ===$config['algorithm']) {`
`106`		`-$hasherChain = [];`
`107`	`106`	`// "plaintext" is not listed as any leaked hashes could then be used to authenticate directly`
`108`		`-foreach ([SodiumPasswordHasher::isSupported() ?'sodium' :'native','pbkdf2',$config['hash_algorithm']]as$algo) {`
	`107`	`+if (SodiumPasswordHasher::isSupported()) {`
	`108`	`+$algos = ['native','sodium','pbkdf2',$config['hash_algorithm']];`
	`109`	`+ }else {`
	`110`	`+$algos = ['native','pbkdf2',$config['hash_algorithm']];`
	`111`	`+ }`
	`112`	`+`
	`113`	`+$hasherChain = [];`
	`114`	`+foreach ($algosas$algo) {`
`109`	`115`	`$config['algorithm'] =$algo;`
`110`	`116`	`$hasherChain[] =$this->createHasher($config,true);`
`111`	`117`	`}`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,14 @@ public function testConfiguredAlgorithm()`
`73`	`73`	`$this->assertStringStartsWith('$2',$result);`
`74`	`74`	`}`
`75`	`75`
	`76`	`+publicfunctiontestDefaultAlgorithm()`
	`77`	`+ {`
	`78`	`+$hasher =newNativePasswordHasher(null,null,null, \PASSWORD_BCRYPT);`
	`79`	`+$result =$hasher->hash('password',null);`
	`80`	`+$this->assertTrue($hasher->verify($result,'password',null));`
	`81`	`+$this->assertStringStartsWith('$2',$result);`
	`82`	`+ }`
	`83`	`+`
`76`	`84`	`publicfunctiontestConfiguredAlgorithmWithLegacyConstValue()`
`77`	`85`	`{`
`78`	`86`	`$hasher =newNativePasswordHasher(null,null,null,'1');`

Comments

(0)