diff options
Diffstat (limited to 'src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php')
-rw-r--r-- | src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php b/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php deleted file mode 100644 index 98b4e86b..00000000 --- a/src/Wallabag/CoreBundle/Security/Authentication/Encoder/WallabagPasswordEncoder.php +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\CoreBundle\Security\Authentication\Encoder; | ||
4 | |||
5 | use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder; | ||
6 | use Symfony\Component\Security\Core\Exception\BadCredentialsException; | ||
7 | |||
8 | /** | ||
9 | * This override just add en extra variable (username) to be able to salt the password | ||
10 | * the way Wallabag v1 does. It will avoid to break compatibility with Wallabag v1. | ||
11 | */ | ||
12 | class WallabagPasswordEncoder extends BasePasswordEncoder | ||
13 | { | ||
14 | private $algorithm; | ||
15 | private $encodeHashAsBase64; | ||
16 | private $iterations; | ||
17 | private $username = null; | ||
18 | |||
19 | /** | ||
20 | * Constructor. | ||
21 | * | ||
22 | * @param string $algorithm The digest algorithm to use | ||
23 | * @param bool $encodeHashAsBase64 Whether to base64 encode the password hash | ||
24 | * @param int $iterations The number of iterations to use to stretch the password hash | ||
25 | */ | ||
26 | public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $iterations = 5000) | ||
27 | { | ||
28 | $this->algorithm = $algorithm; | ||
29 | $this->encodeHashAsBase64 = $encodeHashAsBase64; | ||
30 | $this->iterations = $iterations; | ||
31 | } | ||
32 | |||
33 | public function setUsername($username) | ||
34 | { | ||
35 | $this->username = $username; | ||
36 | } | ||
37 | |||
38 | /** | ||
39 | * {@inheritdoc} | ||
40 | */ | ||
41 | public function encodePassword($raw, $salt) | ||
42 | { | ||
43 | if ($this->isPasswordTooLong($raw)) { | ||
44 | throw new BadCredentialsException('Invalid password.'); | ||
45 | } | ||
46 | |||
47 | if (!in_array($this->algorithm, hash_algos(), true)) { | ||
48 | throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); | ||
49 | } | ||
50 | |||
51 | $salted = $this->mergePasswordAndSalt($raw, $salt); | ||
52 | $digest = hash($this->algorithm, $salted, true); | ||
53 | |||
54 | // "stretch" hash | ||
55 | for ($i = 1; $i < $this->iterations; ++$i) { | ||
56 | $digest = hash($this->algorithm, $digest.$salted, true); | ||
57 | } | ||
58 | |||
59 | return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest); | ||
60 | } | ||
61 | |||
62 | /** | ||
63 | * {@inheritdoc} | ||
64 | * | ||
65 | * We inject the username inside the salted password | ||
66 | */ | ||
67 | protected function mergePasswordAndSalt($password, $salt) | ||
68 | { | ||
69 | if (null === $this->username) { | ||
70 | throw new \LogicException('We can not check the password without a username.'); | ||
71 | } | ||
72 | |||
73 | if (empty($salt)) { | ||
74 | return $password; | ||
75 | } | ||
76 | |||
77 | return $password.$this->username.$salt; | ||
78 | } | ||
79 | |||
80 | /** | ||
81 | * {@inheritdoc} | ||
82 | */ | ||
83 | public function isPasswordValid($encoded, $raw, $salt) | ||
84 | { | ||
85 | return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); | ||
86 | } | ||
87 | } | ||