/**
* Verify password. Optionally re-hash the password if needed.
*
* Re-hash will be performed if PHP's password_hash default params (algorithm, cost) differ
* from the ones which were used to create the hash (e.g. cost was increased from 10 to 12).
* In this case, the hash will be re-calculated with the new parameters and saved back to the object.
*
* @param $password
* @param Object\AbstractObject $object
* @param bool|true $updateHash
* @return bool
*/
public function verifyPassword($password, Object\AbstractObject $object, $updateHash = true)
{
$getter = 'get' . ucfirst($this->getName());
$setter = 'set' . ucfirst($this->getName());
$objectHash = $object->{$getter}();
if (null === $objectHash || empty($objectHash)) {
return false;
}
$result = false;
if ($this->getAlgorithm() === static::HASH_FUNCTION_PASSWORD_HASH) {
$result = true === password_verify($password, $objectHash);
if ($result && $updateHash) {
// password needs rehash (e.g PASSWORD_DEFAULT changed to a stronger algorithm)
if (true === password_needs_rehash($objectHash, PASSWORD_DEFAULT)) {
$newHash = $this->calculateHash($password);
$object->{$setter}($newHash);
$object->save();
}
}
} else {
$hash = $this->calculateHash($password);
$result = $hash === $objectHash;
}
return $result;
}