-
-
Notifications
You must be signed in to change notification settings - Fork 187
/
PrecomposedHashProvider.php
58 lines (50 loc) · 1.42 KB
/
PrecomposedHashProvider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
declare(strict_types=1);
namespace Neos\Flow\Security\Cryptography;
/*
* This file is part of the Neos.Flow package.
*
* (c) Contributors of the Neos Project - www.neos.io
*
* This package is Open Source Software. For the full copyright and license
* information, please view the LICENSE file which was distributed with this
* source code.
*/
use Neos\Cache\Frontend\StringFrontend;
use Neos\Flow\Annotations as Flow;
use Neos\Flow\Utility\Algorithms as UtilityAlgorithms;
/**
* Precomposes a hash to be used to prevent timing attacks
*
* @Flow\Scope("singleton")
*/
class PrecomposedHashProvider
{
/**
* @var HashService
* @Flow\Inject
*/
protected $hashService;
/**
* The Cache have to be injected non-lazy to prevent timing differences
*
* @var StringFrontend
* @Flow\Inject(lazy=false)
*/
protected $cache;
public function getPrecomposedHash(): string
{
$hash = $this->cache->get('precomposed_hash');
if (!$hash) {
$hash = $this->precomposeHash();
}
return $hash;
}
public function precomposeHash(): string
{
$randomPassword = UtilityAlgorithms::generateRandomString(16, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./');
$hash = $this->hashService->hashPassword($randomPassword);
$this->cache->set('precomposed_hash', $hash);
return $hash;
}
}