Passwords hashed with a different cost can be validated by using the cost parameter of the
hashed password and salt.
public validatePassword ( string $password, string $hashedPasswordAndSalt, string $staticSalt = null ) : boolean | ||
$password | string | The cleartext password |
$hashedPasswordAndSalt | string | The derived key and salt in as returned by crypt() for verification |
$staticSalt | string | Optional static salt that will be appended to the dynamic salt |
return | boolean | TRUE if the given password matches the hashed password |
/** * @test */ public function validatePasswordWithInvalidHashFails() { $strategy = new BCryptHashingStrategy(10); $this->assertFalse($strategy->validatePassword('password', '')); $this->assertFalse($strategy->validatePassword('password', '$1$abc')); $this->assertFalse($strategy->validatePassword('password', '$2x$01$012345678901234567890123456789')); }