Skip to content
Permalink
Browse files

Cleanup Security::hash().

  • Loading branch information...
ADmad committed Jul 5, 2014
1 parent 804ad32 commit 5c378080f860f09afa49cba93c7f0ee2a55ad98c
Showing with 16 additions and 33 deletions.
  1. +14 −26 src/Utility/Security.php
  2. +2 −7 tests/TestCase/Utility/SecurityTest.php
@@ -47,16 +47,14 @@ public static function generateAuthKey() {
}
/**
* Create a hash from string using given method or fallback on next available method.
* Create a hash from string using given method.
*
* #### Using Blowfish
*
* - Creating Hashes: *Do not supply a salt*. Cake handles salt creation for
* you ensuring that each hashed password will have a *unique* salt.
* you ensuring that each hashed password will have a *unique* salt.
* - Comparing Hashes: Simply pass the originally hashed password as the salt.
* The salt is prepended to the hash and php handles the parsing automagically.
* For convenience the `BlowfishPasswordHasher` class is available for use with
* the AuthComponent.
* The salt is prepended to the hash and php handles the parsing automagically.
* - Do NOT use a constant salt for blowfish!
*
* Creating a blowfish/bcrypt hash:
@@ -66,17 +64,21 @@ public static function generateAuthKey() {
* }}}
*
* @param string $string String to hash
* @param string $type Method to use (sha1/sha256/md5/blowfish)
* @param string $type Hashing algo to use (i.e. md5, sha1, sha256 etc.).
* Can be any valid algo included in list returned by hash_algos() or 'blowfish'.
* @param mixed $salt If true, automatically prepends the application's salt
* value to $string (Security.salt). If you are using blowfish the salt
* must be false or a previously generated salt.
* value to $string (Security.salt). If you are using blowfish the salt
* must be false or a previously generated salt.
* @return string Hash
* @link http://book.cakephp.org/2.0/en/core-utility-libraries/security.html#Security::hash
*/
public static function hash($string, $type = null, $salt = false) {
if (empty($type)) {
$type = static::$hashType;
}
if (empty($type)) {
$type = 'sha1';
}
$type = strtolower($type);
if ($type === 'blowfish') {
@@ -89,28 +91,14 @@ public static function hash($string, $type = null, $salt = false) {
$string = $salt . $string;
}
if (!$type || $type === 'sha1') {
if (function_exists('sha1')) {
return sha1($string);
}
$type = 'sha256';
}
if ($type === 'sha256' && function_exists('mhash')) {
return bin2hex(mhash(MHASH_SHA256, $string));
}
if (function_exists('hash')) {
return hash($type, $string);
}
return md5($string);
return hash($type, $string);
}
/**
* Sets the default hash method for the Security object. This affects all objects using
* Security::hash().
* Sets the default hash method for the Security object. This affects all objects
* using Security::hash().
*
* @param string $hash Method to use (sha1/sha256/md5/blowfish)
* @param string $hash Method to use (sha1/sha256/md5/blowfish etc.)
* @return void
* @see Security::hash()
*/
@@ -109,13 +109,8 @@ public function testHash() {
$this->assertSame(32, strlen(Security::hash($key, null, false)));
$this->assertSame(32, strlen(Security::hash($key, null, true)));
if (!function_exists('hash') && !function_exists('mhash')) {
$this->assertSame(32, strlen(Security::hash($key, 'sha256', false)));
$this->assertSame(32, strlen(Security::hash($key, 'sha256', true)));
} else {
$this->assertSame(64, strlen(Security::hash($key, 'sha256', false)));
$this->assertSame(64, strlen(Security::hash($key, 'sha256', true)));
}
$this->assertSame(64, strlen(Security::hash($key, 'sha256', false)));
$this->assertSame(64, strlen(Security::hash($key, 'sha256', true)));
Security::setHash($_hashType);
}

0 comments on commit 5c37808

Please sign in to comment.
You can’t perform that action at this time.