Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding WeakPasswordHasher as a substitute for the old Simple one
This will help pepople not get completely stranded when migrating to 3.0, a future change will be introduced to help them migrate their existing database of users.
- Loading branch information
Showing
2 changed files
with
112 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?php | ||
/** | ||
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org) | ||
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* | ||
* Licensed under The MIT License | ||
* For full copyright and license information, please see the LICENSE.txt | ||
* Redistributions of files must retain the above copyright notice. | ||
* | ||
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* @link http://cakephp.org CakePHP(tm) Project | ||
* @since 3.0 | ||
* @license http://www.opensource.org/licenses/mit-license.php MIT License | ||
*/ | ||
namespace Cake\Controller\Component\Auth; | ||
|
||
use Cake\Controller\Component\Auth\AbstractPasswordHasher; | ||
use Cake\Utility\Security; | ||
|
||
/** | ||
* Password hashing class that use weak hashing algorithms. This class is | ||
* intended only to be used with legacy databases where passwords have not | ||
* been migrated yet to a stronger algorithm. | ||
* | ||
*/ | ||
class WeakPasswordHasher extends AbstractPasswordHasher { | ||
|
||
/** | ||
* Default config for this object. | ||
* | ||
* @var array | ||
*/ | ||
protected $_defaultConfig = [ | ||
'hashType' => null | ||
]; | ||
|
||
/** | ||
* Generates password hash. | ||
* | ||
* @param string $password Plain text password to hash. | ||
* @return string Password hash | ||
*/ | ||
public function hash($password) { | ||
return Security::hash($password, $this->_config['hashType'], true); | ||
} | ||
|
||
/** | ||
* Check hash. Generate hash for user provided password and check against existing hash. | ||
* | ||
* @param string $password Plain text password to hash. | ||
* @param string $hashedPassword Existing hashed password. | ||
* @return bool True if hashes match else false. | ||
*/ | ||
public function check($password, $hashedPassword) { | ||
return $hashedPassword === $this->hash($password); | ||
} | ||
|
||
} |
54 changes: 54 additions & 0 deletions
54
tests/TestCase/Controller/Component/Auth/WeakPasswordHasherTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
<?php | ||
/** | ||
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org) | ||
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* | ||
* Licensed under The MIT License | ||
* For full copyright and license information, please see the LICENSE.txt | ||
* Redistributions of files must retain the above copyright notice. | ||
* | ||
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* @link http://cakephp.org CakePHP(tm) Project | ||
* @since 3.0 | ||
* @license http://www.opensource.org/licenses/mit-license.php MIT License | ||
*/ | ||
namespace Cake\Test\TestCase\Controller\Component\Auth; | ||
|
||
use Cake\Controller\Component\Auth\WeakPasswordHasher; | ||
use Cake\TestSuite\TestCase; | ||
|
||
/** | ||
* Test case for WeakPasswordHasher | ||
* | ||
*/ | ||
class WeakPasswordHasherTest extends TestCase { | ||
|
||
/** | ||
* Tests that any password not produced by WeakPasswordHasher needs | ||
* to be rehashed | ||
* | ||
* @return void | ||
*/ | ||
public function testNeedsRehash() { | ||
$hasher = new WeakPasswordHasher(); | ||
$this->assertTrue($hasher->needsRehash(md5('foo'))); | ||
$this->assertTrue($hasher->needsRehash('bar')); | ||
} | ||
|
||
/** | ||
* Tests hash() and check() | ||
* | ||
* @return void | ||
*/ | ||
public function testHashAndCheck() { | ||
$hasher = new WeakPasswordHasher(); | ||
$hasher->config('hashType', 'md5'); | ||
$password = $hasher->hash('foo'); | ||
$this->assertTrue($hasher->check('foo', $password)); | ||
$this->assertFalse($hasher->check('bar', $password)); | ||
|
||
$hasher->config('hashType', 'sha1'); | ||
$this->assertFalse($hasher->check('foo', $password)); | ||
} | ||
|
||
} |