+++ /dev/null
-<?php
-
-namespace Wallabag\CoreBundle\Security\Authentication\Encoder;
-
-use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder;
-use Symfony\Component\Security\Core\Exception\BadCredentialsException;
-
-/**
- * This override just add en extra variable (username) to be able to salt the password
- * the way Wallabag v1 does. It will avoid to break compatibility with Wallabag v1.
- */
-class WallabagPasswordEncoder extends BasePasswordEncoder
-{
- private $algorithm;
- private $encodeHashAsBase64;
- private $iterations;
- private $username = null;
-
- /**
- * Constructor.
- *
- * @param string $algorithm The digest algorithm to use
- * @param bool $encodeHashAsBase64 Whether to base64 encode the password hash
- * @param int $iterations The number of iterations to use to stretch the password hash
- */
- public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $iterations = 5000)
- {
- $this->algorithm = $algorithm;
- $this->encodeHashAsBase64 = $encodeHashAsBase64;
- $this->iterations = $iterations;
- }
-
- public function setUsername($username)
- {
- $this->username = $username;
- }
-
- /**
- * {@inheritdoc}
- */
- public function encodePassword($raw, $salt)
- {
- if ($this->isPasswordTooLong($raw)) {
- throw new BadCredentialsException('Invalid password.');
- }
-
- if (!in_array($this->algorithm, hash_algos(), true)) {
- throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
- }
-
- $salted = $this->mergePasswordAndSalt($raw, $salt);
- $digest = hash($this->algorithm, $salted, true);
-
- // "stretch" hash
- for ($i = 1; $i < $this->iterations; ++$i) {
- $digest = hash($this->algorithm, $digest.$salted, true);
- }
-
- return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
- }
-
- /**
- * {@inheritdoc}
- *
- * We inject the username inside the salted password
- */
- protected function mergePasswordAndSalt($password, $salt)
- {
- if (null === $this->username) {
- throw new \LogicException('We can not check the password without a username.');
- }
-
- if (empty($salt)) {
- return $password;
- }
-
- return $password.$this->username.$salt;
- }
-
- /**
- * {@inheritdoc}
- */
- public function isPasswordValid($encoded, $raw, $salt)
- {
- return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
- }
-}