Adding WeakPasswordHasher as a substitute for the old Simple one

This will help pepople not get completely stranded when migrating to
3.0, a future change will be introduced to help them migrate their
existing database of users.

src/Controller/Component/Auth/WeakPasswordHasher.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://cakephp.org CakePHP(tm) Project
+ * @since         3.0
+ * @license       http://www.opensource.org/licenses/mit-license.php MIT License
+ */
+namespace Cake\Controller\Component\Auth;
+
+use Cake\Controller\Component\Auth\AbstractPasswordHasher;
+use Cake\Utility\Security;
+
+/**
+ * Password hashing class that use weak hashing algorithms. This class is
+ * intended only to be used with legacy databases where passwords have not
+ * been migrated yet to a stronger algorithm.
+ *
+ */
+class WeakPasswordHasher extends AbstractPasswordHasher {
+
+/**
+ * Default config for this object.
+ *
+ * @var array
+ */
+	protected $_defaultConfig = [
+		'hashType' => null
+	];
+
+/**
+ * Generates password hash.
+ *
+ * @param string $password Plain text password to hash.
+ * @return string Password hash
+ */
+	public function hash($password) {
+		return Security::hash($password, $this->_config['hashType'], true);
+	}
+
+/**
+ * Check hash. Generate hash for user provided password and check against existing hash.
+ *
+ * @param string $password Plain text password to hash.
+ * @param string $hashedPassword Existing hashed password.
+ * @return bool True if hashes match else false.
+ */
+	public function check($password, $hashedPassword) {
+		return $hashedPassword === $this->hash($password);
+	}
+
+}

tests/TestCase/Controller/Component/Auth/WeakPasswordHasherTest.php

@@ -0,0 +1,54 @@
+<?php
+/**
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://cakephp.org CakePHP(tm) Project
+ * @since         3.0
+ * @license       http://www.opensource.org/licenses/mit-license.php MIT License
+ */
+namespace Cake\Test\TestCase\Controller\Component\Auth;
+
+use Cake\Controller\Component\Auth\WeakPasswordHasher;
+use Cake\TestSuite\TestCase;
+
+/**
+ * Test case for WeakPasswordHasher
+ *
+ */
+class WeakPasswordHasherTest extends TestCase {
+
+/**
+ * Tests that any password not produced by WeakPasswordHasher needs
+ * to be rehashed
+ *
+ * @return void
+ */
+	public function testNeedsRehash() {
+		$hasher = new WeakPasswordHasher();
+		$this->assertTrue($hasher->needsRehash(md5('foo')));
+		$this->assertTrue($hasher->needsRehash('bar'));
+	}
+
+/**
+ * Tests hash() and check()
+ *
+ * @return void
+ */
+	public function testHashAndCheck() {
+		$hasher = new WeakPasswordHasher();
+		$hasher->config('hashType', 'md5');
+		$password = $hasher->hash('foo');
+		$this->assertTrue($hasher->check('foo', $password));
+		$this->assertFalse($hasher->check('bar', $password));
+
+		$hasher->config('hashType', 'sha1');
+		$this->assertFalse($hasher->check('foo', $password));
+	}
+
+}