Neos\Flow\Security\Cryptography\HashService::validatePassword PHP Method

validatePassword() public method

Validate a hashed password using the configured password hashing strategy
public validatePassword ( string $password, string $hashedPasswordAndSalt ) : boolean
$password string The cleartext password
$hashedPasswordAndSalt string The hashed password with salt (if used) and an optional strategy identifier
return boolean TRUE if the given password matches the hashed password
    public function validatePassword($password, $hashedPasswordAndSalt)
    {
        $strategyIdentifier = 'default';
        if (strpos($hashedPasswordAndSalt, '=>') !== false) {
            list($strategyIdentifier, $hashedPasswordAndSalt) = explode('=>', $hashedPasswordAndSalt, 2);
        }
        /** @var $passwordHashingStrategy PasswordHashingStrategyInterface */
        list($passwordHashingStrategy, ) = $this->getPasswordHashingStrategyAndIdentifier($strategyIdentifier);
        return $passwordHashingStrategy->validatePassword($password, $hashedPasswordAndSalt, $this->getEncryptionKey());
    }

Usage Example

 /**
  * Checks the given token for validity and sets the token authentication status
  * accordingly (success, wrong credentials or no credentials given).
  *
  * @param TokenInterface $authenticationToken The token to be authenticated
  * @return void
  * @throws UnsupportedAuthenticationTokenException
  */
 public function authenticate(TokenInterface $authenticationToken)
 {
     if (!$authenticationToken instanceof UsernamePassword) {
         throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
     }
     /** @var $account Account */
     $account = null;
     $credentials = $authenticationToken->getCredentials();
     if ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
         $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
     }
     if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) {
         return;
     }
     $providerName = $this->name;
     $accountRepository = $this->accountRepository;
     $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
         $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
     });
     $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
     if ($account === null) {
         $this->hashService->validatePassword($credentials['password'], 'bcrypt=>$2a$14$DummySaltToPreventTim,.ingAttacksOnThisProvider');
         return;
     }
     if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
         $account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL);
         $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
         $authenticationToken->setAccount($account);
     } else {
         $account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS);
     }
     $this->accountRepository->update($account);
     $this->persistenceManager->whitelistObject($account);
 }
All Usage Examples Of Neos\Flow\Security\Cryptography\HashService::validatePassword