BcryptPasswordHash.php

Go to the documentation of this file.

<?php
 
declare(strict_types=1);
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Core\Crypto\PasswordHashing;
 
class ‪BcryptPasswordHash implements ‪PasswordHashInterface
{
    protected const ‪PREFIX = '$2y$';
 
    protected ‪$options = [
        'cost' => 12,
    ];
 
    public function ‪__construct(array ‪$options = [])
    {
        $newOptions = ‪$this->options;
        // Check options for validity
        if (isset(‪$options['cost'])) {
            if (!$this->‪isValidBcryptCost((int)‪$options['cost'])) {
                throw new \InvalidArgumentException(
                    'cost must not be lower than ' . PASSWORD_BCRYPT_DEFAULT_COST . ' or higher than 31',
                    1533902002
                );
            }
            $newOptions['cost'] = (int)‪$options['cost'];
        }
        $this->options = $newOptions;
    }
 
    public function ‪isAvailable(): bool
    {
        return defined('PASSWORD_BCRYPT')
            && PASSWORD_BCRYPT
            && function_exists('hash')
            && function_exists('hash_algos')
            && in_array('sha384', hash_algos());
    }
 
    public function ‪checkPassword(string $plainPW, string $saltedHashPW): bool
    {
        return password_verify($this->‪processPlainPassword($plainPW), $saltedHashPW);
    }
 
    public function ‪getHashedPassword(string $password)
    {
        $hashedPassword = null;
        if ($password !== '') {
            $password = $this->‪processPlainPassword($password);
            $hashedPassword = password_hash($password, PASSWORD_BCRYPT, $this->options);
            if (!is_string($hashedPassword) || empty($hashedPassword)) {
                throw new InvalidPasswordHashException('Cannot generate password, probably invalid options', 1517174114);
            }
        }
        return $hashedPassword;
    }
 
    public function ‪isValidSaltedPW(string $saltedPW): bool
    {
        $result = false;
        $passwordInfo = password_get_info($saltedPW);
        // Validate the cost value, password_get_info() does not check it
        $cost = (int)substr($saltedPW, 4, 2);
        if (isset($passwordInfo['algo'])
            && $passwordInfo['algo'] === PASSWORD_BCRYPT
            && strncmp($saltedPW, static::PREFIX, strlen(static::PREFIX)) === 0
            && $this->‪isValidBcryptCost($cost)
        ) {
            $result = true;
        }
        return $result;
    }
    public function ‪isHashUpdateNeeded(string $passString): bool
    {
        return password_needs_rehash($passString, PASSWORD_BCRYPT, $this->options);
    }
 
    protected function ‪processPlainPassword(string $password): string
    {
        return base64_encode(hash('sha384', $password, true));
    }
 
    protected function ‪isValidBcryptCost(int $cost): bool
    {
        return $cost >= PASSWORD_BCRYPT_DEFAULT_COST && $cost <= 31;
    }
}