| public validatePassword ( string $password, string $hashedPasswordAndSalt, string $staticSalt = null ) : boolean | ||
| $password | string | The cleartext password |
| $hashedPasswordAndSalt | string | The derived key and salt in Base64 encoding as returned by hashPassword for verification |
| $staticSalt | string | Static salt that will be appended to the dynamic salt |
| return | boolean | TRUE if the given password matches the hashed password |
public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null)
{
$parts = explode(',', $hashedPasswordAndSalt);
if (count($parts) !== 2) {
throw new \InvalidArgumentException('The derived key with salt must contain a salt, separated with a comma from the derived key', 1306172911);
}
$dynamicSalt = base64_decode($parts[0]);
$derivedKey = base64_decode($parts[1]);
$derivedKeyLength = strlen($derivedKey);
return $derivedKey === CryptographyAlgorithms::pbkdf2($password, $dynamicSalt . $staticSalt, $this->iterationCount, $derivedKeyLength, $this->algorithm);
} /**
* @test
*/
public function hashAndValidatePasswordWithNotMatchingPasswordOrParametersFails()
{
$strategy = new Pbkdf2HashingStrategy(8, 1000, 64, 'sha256');
$derivedKeyWithSalt = $strategy->hashPassword('password', 'MyStaticSalt');
$this->assertFalse($strategy->validatePassword('pass', $derivedKeyWithSalt, 'MyStaticSalt'), 'Different password should not match');
$this->assertFalse($strategy->validatePassword('password', $derivedKeyWithSalt, 'SomeSalt'), 'Different static salt should not match');
$strategy = new Pbkdf2HashingStrategy(8, 99, 64, 'sha256');
$this->assertFalse($strategy->validatePassword('password', $derivedKeyWithSalt, 'MyStaticSalt'), 'Different iteration should not match');
}