AbstractArgon2PasswordHash.php

Go to the documentation of this file.

<?php
 
declare(strict_types=1);
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Core\Crypto\PasswordHashing;
 
abstract class ‪AbstractArgon2PasswordHash implements ‪PasswordHashInterface, ‪Argon2PasswordHashInterface
{
    protected ‪$options = [
        'memory_cost' => 65536,
        'time_cost' => 16,
    ];
 
    public function ‪__construct(array ‪$options = [])
    {
        $newOptions = ‪$this->options;
        if (isset(‪$options['memory_cost'])) {
            if ((int)‪$options['memory_cost'] < PASSWORD_ARGON2_DEFAULT_MEMORY_COST) {
                throw new \InvalidArgumentException(
                    'memory_cost must not be lower than ' . PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
                    1533899612
                );
            }
            $newOptions['memory_cost'] = (int)‪$options['memory_cost'];
        }
        if (isset(‪$options['time_cost'])) {
            if ((int)‪$options['time_cost'] < PASSWORD_ARGON2_DEFAULT_TIME_COST) {
                throw new \InvalidArgumentException(
                    'time_cost must not be lower than ' . PASSWORD_ARGON2_DEFAULT_TIME_COST,
                    1533899613
                );
            }
            $newOptions['time_cost'] = (int)‪$options['time_cost'];
        }
        if (isset(‪$options['threads'])) {
            if (extension_loaded('sodium')) {
                // Libsodium does not support threads, so ignore the
                // options and force single-thread.
                $newOptions['threads'] = 1;
            } elseif ((int)‪$options['threads'] < PASSWORD_ARGON2_DEFAULT_THREADS) {
                throw new \InvalidArgumentException(
                    'threads must not be lower than ' . PASSWORD_ARGON2_DEFAULT_THREADS,
                    1533899614
                );
            } else {
                $newOptions['threads'] = (int)‪$options['threads'];
            }
        }
        $this->options = $newOptions;
    }
 
    protected function ‪getPasswordAlgorithm()
    {
        return constant($this->‪getPasswordAlgorithmName());
    }
 
    public function ‪checkPassword(string $plainPW, string $saltedHashPW): bool
    {
        return password_verify($plainPW, $saltedHashPW);
    }
 
    public function ‪isAvailable(): bool
    {
        return defined($this->‪getPasswordAlgorithmName()) && $this->‪getPasswordAlgorithm();
    }
 
    public function ‪getHashedPassword(string $password)
    {
        $hashedPassword = null;
        if ($password !== '') {
            $hashedPassword = password_hash($password, $this->‪getPasswordAlgorithm(), $this->options);
            if (!is_string($hashedPassword) || empty($hashedPassword)) {
                throw new ‪InvalidPasswordHashException('Cannot generate password, probably invalid options', 1526052118);
            }
        }
        return $hashedPassword;
    }
 
    public function ‪isHashUpdateNeeded(string $passString): bool
    {
        return password_needs_rehash($passString, $this->‪getPasswordAlgorithm(), $this->options);
    }
 
    public function ‪isValidSaltedPW(string $saltedPW): bool
    {
        $passwordInfo = password_get_info($saltedPW);
 
        return
            isset($passwordInfo['algo'])
            && $passwordInfo['algo'] === $this->‪getPasswordAlgorithm()
            && strncmp($saltedPW, $this->‪getPasswordHashPrefix(), strlen($this->‪getPasswordHashPrefix())) === 0;
    }
}