Skip to content
Permalink
Browse files

DefaultPasswordHasher with changed options enables needsRehash

  • Loading branch information...
Joris Vaesen
Joris Vaesen committed Jul 26, 2017
1 parent d254ead commit c23acbdef79d4dfd58256122453659aad4a3879d
Showing with 16 additions and 1 deletion.
  1. +1 −1 src/Auth/DefaultPasswordHasher.php
  2. +15 −0 tests/TestCase/Auth/DefaultPasswordHasherTest.php
@@ -74,6 +74,6 @@ public function check($password, $hashedPassword)
*/
public function needsRehash($password)
{
return password_needs_rehash($password, $this->_config['hashType']);
return password_needs_rehash($password, $this->_config['hashType'], $this->_config['hashOptions']);
}
}
@@ -36,4 +36,19 @@ public function testNeedsRehash()
$password = $hasher->hash('foo');
$this->assertFalse($hasher->needsRehash($password));
}
/**
* Tests that when the hash options change, the password needs
* to be rehashed
*
* @return void
*/
public function testNeedsRehashWithDifferentOptions()
{
$defaultHasher = new DefaultPasswordHasher(['hashType' => PASSWORD_BCRYPT, 'hashOptions' => ['cost' => 10]]);
$updatedHasher = new DefaultPasswordHasher(['hashType' => PASSWORD_BCRYPT, 'hashOptions' => ['cost' => 12]]);
$password = $defaultHasher->hash('foo');
$this->assertTrue($updatedHasher->needsRehash($password));
}
}

0 comments on commit c23acbd

Please sign in to comment.
You can’t perform that action at this time.