Passwords hashed with a different cost can be validated by using the cost parameter of the
hashed password and salt.
| public validatePassword ( string $password, string $hashedPasswordAndSalt, string $staticSalt = null ) : boolean | ||
| $password | string | The cleartext password |
| $hashedPasswordAndSalt | string | The derived key and salt in as returned by crypt() for verification |
| $staticSalt | string | Optional static salt that will be appended to the dynamic salt |
| return | boolean | TRUE if the given password matches the hashed password |
/**
* @test
*/
public function validatePasswordWithInvalidHashFails()
{
$strategy = new BCryptHashingStrategy(10);
$this->assertFalse($strategy->validatePassword('password', ''));
$this->assertFalse($strategy->validatePassword('password', '$1$abc'));
$this->assertFalse($strategy->validatePassword('password', '$2x$01$012345678901234567890123456789'));
}
