‪TYPO3CMS  9.5
BcryptPasswordHash.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace ‪TYPO3\CMS\Core\Crypto\PasswordHashing;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
29 class ‪BcryptPasswordHash implements ‪PasswordHashInterface
30 {
34  protected const ‪PREFIX = '$2y$';
35 
44  protected ‪$options = [
45  'cost' => 12,
46  ];
47 
54  public function ‪__construct(array ‪$options = [])
55  {
56  $newOptions = ‪$this->options;
57  // Check options for validity
58  if (isset(‪$options['cost'])) {
59  if (!$this->‪isValidBcryptCost((int)‪$options['cost'])) {
60  throw new \InvalidArgumentException(
61  'cost must not be lower than ' . PASSWORD_BCRYPT_DEFAULT_COST . ' or higher than 31',
62  1533902002
63  );
64  }
65  $newOptions['cost'] = (int)‪$options['cost'];
66  }
67  $this->options = $newOptions;
68  }
69 
75  public function ‪isAvailable(): bool
76  {
77  return defined('PASSWORD_BCRYPT')
78  && PASSWORD_BCRYPT
79  && function_exists('hash')
80  && function_exists('hash_algos')
81  && in_array('sha384', hash_algos());
82  }
83 
92  public function ‪checkPassword(string $plainPW, string $saltedHashPW): bool
93  {
94  return password_verify($this->‪processPlainPassword($plainPW), $saltedHashPW);
95  }
96 
104  public function ‪getHashedPassword(string $password, string $salt = null)
105  {
106  if ($salt !== null) {
107  trigger_error(static::class . ': using a custom salt is deprecated in PHP password api and thus ignored.', E_USER_DEPRECATED);
108  }
109  $hashedPassword = null;
110  if ($password !== '') {
111  $password = $this->‪processPlainPassword($password);
112  $hashedPassword = password_hash($password, PASSWORD_BCRYPT, $this->options);
113  if (!is_string($hashedPassword) || empty($hashedPassword)) {
114  throw new InvalidPasswordHashException('Cannot generate password, probably invalid options', 1517174114);
115  }
116  }
117  return $hashedPassword;
118  }
119 
126  public function ‪isValidSaltedPW(string $saltedPW): bool
127  {
128  $result = false;
129  $passwordInfo = password_get_info($saltedPW);
130  // Validate the cost value, password_get_info() does not check it
131  $cost = (int)substr($saltedPW, 4, 2);
132  if (isset($passwordInfo['algo'])
133  && $passwordInfo['algo'] === PASSWORD_BCRYPT
134  && strncmp($saltedPW, static::PREFIX, strlen(static::PREFIX)) === 0
135  && $this->‪isValidBcryptCost($cost)
136  ) {
137  $result = true;
138  }
139  return $result;
140  }
147  public function ‪isHashUpdateNeeded(string $passString): bool
148  {
149  return password_needs_rehash($passString, PASSWORD_BCRYPT, $this->options);
150  }
151 
163  protected function ‪processPlainPassword(string $password): string
164  {
165  return base64_encode(hash('sha384', $password, true));
166  }
167 
173  protected function ‪isValidBcryptCost(int $cost): bool
174  {
175  return $cost >= PASSWORD_BCRYPT_DEFAULT_COST && $cost <= 31;
176  }
177 
182  public function ‪getOptions(): array
183  {
184  trigger_error('This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
185  return ‪$this->options;
186  }
187 
194  public function ‪setOptions(array ‪$options): void
195  {
196  trigger_error('This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
197  $newOptions = [];
198 
199  // Check options for validity, else use hard coded defaults
200  if (isset(‪$options['cost'])) {
201  if (!$this->‪isValidBcryptCost((int)$options['cost'])) {
202  throw new \InvalidArgumentException(
203  'cost must not be lower than ' . PASSWORD_BCRYPT_DEFAULT_COST . ' or higher than 31',
204  1526042084
205  );
206  }
207  $newOptions['cost'] = (int)‪$options['cost'];
208  } else {
209  $newOptions['cost'] = 12;
210  }
211 
212  $this->options = $newOptions;
213  }
214 }
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isHashUpdateNeeded
‪bool isHashUpdateNeeded(string $passString)
Definition: BcryptPasswordHash.php:146
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash
Definition: BcryptPasswordHash.php:30
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\getHashedPassword
‪string getHashedPassword(string $password, string $salt=null)
Definition: BcryptPasswordHash.php:103
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\checkPassword
‪bool checkPassword(string $plainPW, string $saltedHashPW)
Definition: BcryptPasswordHash.php:91
‪TYPO3\CMS\Core\Crypto\PasswordHashing
Definition: AbstractComposedSalt.php:3
‪TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException
Definition: InvalidPasswordHashException.php:22
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isValidSaltedPW
‪bool isValidSaltedPW(string $saltedPW)
Definition: BcryptPasswordHash.php:125
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isAvailable
‪bool isAvailable()
Definition: BcryptPasswordHash.php:74
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\processPlainPassword
‪string processPlainPassword(string $password)
Definition: BcryptPasswordHash.php:162
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\__construct
‪__construct(array $options=[])
Definition: BcryptPasswordHash.php:53
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\setOptions
‪setOptions(array $options)
Definition: BcryptPasswordHash.php:193
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isValidBcryptCost
‪bool isValidBcryptCost(int $cost)
Definition: BcryptPasswordHash.php:172
‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
Definition: PasswordHashInterface.php:23
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\PREFIX
‪const PREFIX
Definition: BcryptPasswordHash.php:34
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\getOptions
‪array getOptions()
Definition: BcryptPasswordHash.php:181
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\$options
‪array $options
Definition: BcryptPasswordHash.php:43