Exemplo n.º 1
0
 /**
  * Compares whether two strings are equal. To prevent guessing of the string
  * length this is done by comparing two hashes against each other and afterwards
  * a comparison of the real string to prevent against the unlikely chance of
  * collisions.
  * @param string $expected The expected value
  * @param string $input The input to compare against
  * @return bool True if the two strings are equal, otherwise false.
  */
 public static function equals($expected, $input)
 {
     return \OC\Security\StringUtils::equals($expected, $input);
 }
Exemplo n.º 2
0
 /**
  * @dataProvider dataProvider
  */
 function testTrueEquals($string, $expected)
 {
     $this->assertTrue(StringUtils::equals($string, $expected));
 }
Exemplo n.º 3
0
 /**
  * Verify legacy hashes
  * @param string $message Message to verify
  * @param string $hash Assumed hash of the message
  * @param null|string &$newHash Reference will contain the updated hash
  * @return bool Whether $hash is a valid hash of $message
  */
 protected function legacyHashVerify($message, $hash, &$newHash = null)
 {
     if (empty($this->legacySalt)) {
         $this->legacySalt = $this->config->getSystemValue('passwordsalt', '');
     }
     // Verify whether it matches a legacy PHPass or SHA1 string
     $hashLength = strlen($hash);
     if ($hashLength === 60 && password_verify($message . $this->legacySalt, $hash) || $hashLength === 40 && StringUtils::equals($hash, sha1($message))) {
         $newHash = $this->hash($message);
         return true;
     }
     return false;
 }