vendor/symfony/security-core/Encoder/MessageDigestPasswordEncoder.php line 17

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <[email protected]>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Encoder;
  14. use Symfony\Component\PasswordHasher\Hasher\MessageDigestPasswordHasher;
  15. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  17. trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" instead.', MessageDigestPasswordEncoder::class, MessageDigestPasswordHasher::class);
  19. /**
  20. * MessageDigestPasswordEncoder uses a message digest algorithm.
  21. *
  22. * @author Fabien Potencier <[email protected]>
  23. *
  24. * @deprecated since Symfony 5.3, use {@link MessageDigestPasswordHasher} instead
  25. */
  26. class MessageDigestPasswordEncoder extends BasePasswordEncoder
  27. {
  28. private $algorithm;
  29. private $encodeHashAsBase64;
  30. private $iterations = 1;
  31. private $encodedLength = -1;
  33. /**
  34. * @param string $algorithm The digest algorithm to use
  35. * @param bool $encodeHashAsBase64 Whether to base64 encode the password hash
  36. * @param int $iterations The number of iterations to use to stretch the password hash
  37. */
  38. public function __construct(string $algorithm = 'sha512', bool $encodeHashAsBase64 = true, int $iterations = 5000)
  39. {
  40. $this->algorithm = $algorithm;
  41. $this->encodeHashAsBase64 = $encodeHashAsBase64;
  43. try {
  44. $this->encodedLength = \strlen($this->encodePassword('', 'salt'));
  45. } catch (\LogicException $e) {
  46. // ignore algorithm not supported
  47. }
  49. $this->iterations = $iterations;
  50. }
  52. /**
  53. * {@inheritdoc}
  54. */
  55. public function encodePassword(string $raw, ?string $salt)
  56. {
  57. if ($this->isPasswordTooLong($raw)) {
  58. throw new BadCredentialsException('Invalid password.');
  59. }
  61. if (!\in_array($this->algorithm, hash_algos(), true)) {
  62. throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
  63. }
  65. $salted = $this->mergePasswordAndSalt($raw, $salt);
  66. $digest = hash($this->algorithm, $salted, true);
  68. // "stretch" hash
  69. for ($i = 1; $i < $this->iterations; ++$i) {
  70. $digest = hash($this->algorithm, $digest.$salted, true);
  71. }
  73. return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
  74. }
  76. /**
  77. * {@inheritdoc}
  78. */
  79. public function isPasswordValid(string $encoded, string $raw, ?string $salt)
  80. {
  81. if (\strlen($encoded) !== $this->encodedLength || str_contains($encoded, '$')) {
  82. return false;
  83. }
  85. return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
  86. }
  87. }