[3.9] Add Argon2id Password Support (#20855)

* Add support for Argon2id in PHP 7.3 * add test case * fix order thanks @HLeithner
joomla · Aug 28, 2018 · e8652f7 · e8652f7
1 parent 9a12f28
commit e8652f7
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 0 deletions.
diff --git a/libraries/src/User/UserHelper.php b/libraries/src/User/UserHelper.php
@@ -343,6 +343,16 @@ public static function verifyPassword($password, $hash, $user_id = 0)
 
 			$rehash = true;
 		}
+		// Check for Argon2id hashes
+		elseif (strpos($hash, '$argon2id') === 0)
+		{
+			// This implementation is not supported through any existing polyfills
+			$match = password_verify($password, $hash);
+
+			$rehash = password_needs_rehash($hash, PASSWORD_ARGON2ID);
+
+			$passwordAlgorithm = PASSWORD_ARGON2ID;
+		}
 		// Check for Argon2i hashes
 		elseif (strpos($hash, '$argon2i') === 0)
 		{

diff --git a/tests/unit/suites/libraries/joomla/user/JUserHelperTest.php b/tests/unit/suites/libraries/joomla/user/JUserHelperTest.php
@@ -349,6 +349,29 @@ public function testHashPasswordArgon2i()
 		);
 	}
 
+	/**
+	 * Testing hashPassword() for argon2id hashing support.
+	 *
+	 * @covers  JUserHelper::hashPassword
+	 * @return  void
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 * @requires  PHP 7.3
+	 */
+	public function testHashPasswordArgon2id()
+	{
+		if (!defined('PASSWORD_ARGON2ID'))
+		{
+			$this->markTestSkipped('Argon2id algorithm not supported.');
+		}
+
+		$this->assertEquals(
+			strpos(JUserHelper::hashPassword('mySuperSecretPassword', PASSWORD_ARGON2ID), '$argon2id'),
+			0,
+			'The password is hashed using the specified hashing algorithm'
+		);
+	}
+
 	/**
 	 * Testing verifyPassword().
 	 *