public validatePassword ( string $password, string $hashedPasswordAndSalt, string $staticSalt = null ) : boolean | ||
$password | string | The cleartext password |
$hashedPasswordAndSalt | string | The derived key and salt in Base64 encoding as returned by hashPassword for verification |
$staticSalt | string | Static salt that will be appended to the dynamic salt |
리턴 | boolean | TRUE if the given password matches the hashed password |
public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null)
{
$parts = explode(',', $hashedPasswordAndSalt);
if (count($parts) !== 2) {
throw new \InvalidArgumentException('The derived key with salt must contain a salt, separated with a comma from the derived key', 1306172911);
}
$dynamicSalt = base64_decode($parts[0]);
$derivedKey = base64_decode($parts[1]);
$derivedKeyLength = strlen($derivedKey);
return $derivedKey === CryptographyAlgorithms::pbkdf2($password, $dynamicSalt . $staticSalt, $this->iterationCount, $derivedKeyLength, $this->algorithm);
}
/** * @test */ public function hashAndValidatePasswordWithNotMatchingPasswordOrParametersFails() { $strategy = new Pbkdf2HashingStrategy(8, 1000, 64, 'sha256'); $derivedKeyWithSalt = $strategy->hashPassword('password', 'MyStaticSalt'); $this->assertFalse($strategy->validatePassword('pass', $derivedKeyWithSalt, 'MyStaticSalt'), 'Different password should not match'); $this->assertFalse($strategy->validatePassword('password', $derivedKeyWithSalt, 'SomeSalt'), 'Different static salt should not match'); $strategy = new Pbkdf2HashingStrategy(8, 99, 64, 'sha256'); $this->assertFalse($strategy->validatePassword('password', $derivedKeyWithSalt, 'MyStaticSalt'), 'Different iteration should not match'); }