/**
* Decrypt then verify a password
*
* @param string $password - The user-provided password
* @param string $stored - The encrypted password hash
* @param Key $secret_key - The master key for all passwords
* @return boolean
*/
public static function verify($password, $stored, \ParagonIE\Halite\Contract\CryptoKeyInterface $secret_key)
{
// First let's decrypt the hash
$hash_str = Symmetric::decrypt($stored, $secret_key);
// And now to verify the hash
return \Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($hash_str, $password);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = [])
{
if (\Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($hashedValue, $value)) {
\Sodium\memzero($value);
return true;
} else {
\Sodium\memzero($value);
return false;
}
}
/**
* Decrypt then verify a password
*
* @param string $password - The user-provided password
* @param string $stored - The encrypted password hash
* @param EncryptionKey $secret_key - The master key for all passwords
* @return boolean
*/
public static function verify($password, $stored, KeyInterface $secret_key)
{
if (!$secret_key instanceof EncryptionKey) {
throw new \ParagonIE\Halite\Alerts\InvalidKey('Argument 3: Expected an instance of EncryptionKey');
}
// First let's decrypt the hash
$hash_str = Crypto::decrypt($stored, $secret_key);
// Upon successful decryption, verify the password is correct
return \Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($hash_str, $password);
}
/**
* Decrypt then verify a password
*
* @param string $password - The user-provided password
* @param string $stored - The encrypted password hash
* @param EncryptionKey $secret_key - The master key for all passwords
* @return boolean
*/
public static function verify(string $password, string $stored, EncryptionKey $secret_key) : bool
{
// First let's decrypt the hash
$hash_str = Crypto::decrypt($stored, $secret_key);
// Upon successful decryption, verify the password is correct
$isArgon2 = \hash_equals(CryptoUtil::safeSubstr($hash_str, 0, 9), \Sodium\CRYPTO_PWHASH_STRPREFIX);
$isScrypt = \hash_equals(CryptoUtil::safeSubstr($hash_str, 0, 3), \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX);
if ($isArgon2) {
return \Sodium\crypto_pwhash_str_verify($hash_str, $password);
} elseif ($isScrypt) {
return \Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($hash_str, $password);
}
return false;
}
/**
* Login using credentials.
*
* @param array $credentials.
*
* @return bool
*/
public function login($credentials)
{
$currentUserID = $this->findIDByUsername($credentials['username']);
if ($currentUserID) {
$key_user = $this->usersprefix . $currentUserID;
//$this->redis->hget("userlist", $username);
$hash_str = $this->redis->hget($key_user, 'password');
if (\Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($hash_str, $credentials['password'])) {
\Sodium\memzero($credentials['password']);
$this->addFeedback("LOGGED IN.");
$_SESSION['user'] = ['id' => $currentUserID, 'username' => $credentials['username']];
$this->sessionTimeoutRestart();
return true;
} else {
\Sodium\memzero($credentials['password']);
$this->addFeedback("FAILED LOG IN for " . $key_user);
return false;
}
} else {
// Run a fake to take time.
$hash_str = $this->redis->hget("userID:0", 'password');
\Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($hash_str, $password);
// session_unset();
$this->addFeedback("FAILED LOG IN.");
return false;
}
}
/**
* Test if a password is valid against it's stored hash.
*
* @param string $password The client provided password to check.
* @param string $passwordHash The saved password hash for comparison.
* @return bool
* @throws Exceptions\InvalidTypeException
*/
public static function verifyPassword($password, $passwordHash)
{
# Test the message and key for string validity.
Helpers::isString($password, 'Hash', 'verifyPassword');
Helpers::isString($passwordHash, 'Hash', 'verifyPassword');
if (\Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($passwordHash, $password)) {
\Sodium\memzero($password);
return true;
} else {
\Sodium\memzero($password);
return false;
}
}
