public function testVerifyPasswordHash() { $password = '******'; $prefix = Blowfish::getPrefix(); $crypt = new PasswordLib(); $test = $crypt->createPasswordHash($password, $prefix); $this->assertTrue($crypt->verifyPasswordHash($password, $test)); }
/** * @param string $password * * @return string|null */ protected function getHashedPassword($password) { if ($password === null || Blowfish::detect($password)) { return $password; } $password = password_hash($password, PASSWORD_BCRYPT); if ($password === false) { throw new \RuntimeException('Unable to hash password.'); } return $password; }
public static function provideTestCreate() { return array(array(Blowfish::getPrefix(), 60), array('$apr1$', 37), array('$S$', 98), array('$P$', 34), array('$H$', 34), array('$pbkdf$', 74)); }
/** * Check a user login request for username/password combinations. * * @param string $userName * @param string $password * @param AccessControlEvent $event * * @return bool */ protected function loginCheckPassword($userName, $password, AccessControlEvent $event) { if (!($userEntity = $this->getUserEntity($userName))) { $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID)); return false; } $userAuth = $this->getRepositoryUsers()->getUserAuthData($userEntity->getId()); if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') { $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled')); $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } if ((bool) $userEntity->getEnabled() === false) { $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled')); $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } $isValid = $this->passwordFactory->verifyHash($password, $userAuth->getPassword()); if (!$isValid) { $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD)); return $this->loginFailed($userEntity); } // Rehash password if not using Blowfish algorithm if (!Blowfish::detect($userAuth->getPassword())) { $userEntity->setPassword($this->passwordFactory->createHash($password, '$2y$')); try { $this->getRepositoryUsers()->update($userEntity); } catch (NotNullConstraintViolationException $e) { // Database needs updating } } $this->dispatcher->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched()); return $this->loginFinish($userEntity); }
public function providePreSaveAlreadyHashed() { return [[Blowfish::getPrefix() . '07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi'], ['$P$ABCDEFGHIJKLMNOPQRSTUVWXYZ01234']]; }
/** * @covers PasswordLib\Password\Implementation\Blowfish */ public function testCreateAndVerify() { $hash = new Blowfish(array('cost' => 10)); $test = $hash->create('Foobar'); $this->assertTrue($hash->verify('Foobar', $test)); }
/** * Return a valid hash for a password, of if the password is already hashed * just return as is. * * @param string $password * * @throws AccessControlException * * @return string */ private function getValidHash($password) { if (Password\Blowfish::detect($password)) { return $password; } if (Password\PHPASS::detect($password)) { return $password; } if (strlen($password) < 6) { throw new AccessControlException('Can not save a password with a length shorter than 6 characters!'); } return $this->passwordFactory->createHash($password, '$2y$'); }
/** * @covers PasswordLib\Password\Implementation\Blowfish::verify * @dataProvider provideTestVerify * @group Vectors */ public function testVerify($pass, $expect, $value) { $apr = new Blowfish(); $this->assertEquals($value, $apr->verify($pass, $expect)); }
/** * Check to see if a provided password is valid. * * @param Entity\Oauth $oauth * @param string $requestPassword * * @return bool */ protected function isValidPassword(Entity\Oauth $oauth, $requestPassword) { if (!Blowfish::detect($oauth->getPassword())) { return false; } // We have a Blowfish hash, verify return password_verify($requestPassword, $oauth->getPassword()); }
/** * Check a user login request for username/password combinations. * * @param string $userName * @param string $password * @param AccessControlEvent $event * * @return bool */ protected function loginCheckPassword($userName, $password, AccessControlEvent $event) { if (!($userEntity = $this->getUserEntity($userName))) { $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID)); return false; } $userAuth = $this->repositoryUsers->getUserAuthData($userEntity->getId()); if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') { $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('Your account is disabled. Sorry about that.')); $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } if ((bool) $userEntity->getEnabled() === false) { $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('Your account is disabled. Sorry about that.')); $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } $isValid = $this->app['password_factory']->verifyHash($password, $userAuth->getPassword()); if (!$isValid) { $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD)); return $this->loginFailed($userEntity); } // Rehash password if not using Blowfish algorithm if (!Blowfish::detect($userAuth->getPassword())) { $userEntity->setPassword($this->app['password_factory']->createHash($password, '$2y$')); $this->repositoryUsers->update($userEntity); } $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched()); return $this->loginFinish($userEntity); }