Neos\Flow\Security\Cryptography\BCryptHashingStrategy::validatePassword PHP Method

BCryptHashingStrategy Class Documentation Usage Examples Of Neos\Flow\Security\Cryptography\BCryptHashingStrategy::validatePassword Show file Open project: neos/flow-development-collection

validatePassword() public method

Passwords hashed with a different cost can be validated by using the cost parameter of the hashed password and salt.

public validatePassword ( string $password, string $hashedPasswordAndSalt, string $staticSalt = null ) : boolean
$password	string	The cleartext password
$hashedPasswordAndSalt	string	The derived key and salt in as returned by crypt() for verification
$staticSalt	string	Optional static salt that will be appended to the dynamic salt
return	boolean	TRUE if the given password matches the hashed password

    public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null)
    {
        if (strlen($hashedPasswordAndSalt) < 29 || strpos($hashedPasswordAndSalt, '$2a$') !== 0) {
            return false;
        }
        $cryptSalt = '$2a$' . substr($hashedPasswordAndSalt, 4, 26);
        return crypt($password, $cryptSalt) === $hashedPasswordAndSalt;
    }

Usage Example

Example #1

Show file

File: BCryptHashingStrategyTest.php Project: neos/flow-development-collection

 /**
  * @test
  */
 public function validatePasswordWithInvalidHashFails()
 {
     $strategy = new BCryptHashingStrategy(10);
     $this->assertFalse($strategy->validatePassword('password', ''));
     $this->assertFalse($strategy->validatePassword('password', '$1$abc'));
     $this->assertFalse($strategy->validatePassword('password', '$2x$01$012345678901234567890123456789'));
 }

BCryptHashingStrategy

__construct

hashPassword

validatePassword