1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
<?php
/* --------------------------------------------------------------
PasswordHashStrategy.inc.php 2016-08-08
Gambio GmbH
http://www.gambio.de
Copyright (c) 2016 Gambio GmbH
Released under the GNU General Public License (Version 2)
[http://www.gnu.org/licenses/gpl-2.0.html]
--------------------------------------------------------------
*/
/**
* Class PasswordHashStrategy
*
* @category System
* @package Authentication
* @subpackage Strategies
*/
class PasswordHashStrategy implements AuthStrategyInterface
{
/**
* Verifies a given password by its stored hash from the current hashing algorithm.
*
* @param StringType $password Password that should be verified.
* @param NonEmptyStringType $hash Stored Hash of a password.
* @param AuthStrategyCollection $alternativeAlgorithmCollection Collection of alternative hashing algorithms.
*
* @return bool Returns true if $password matches $hash, false otherwise.
*/
public function verify(StringType $password,
NonEmptyStringType $hash,
AuthStrategyCollection $alternativeAlgorithmCollection = null)
{
if(password_verify($password->asString(), $hash->asString()))
{
return true;
}
if($alternativeAlgorithmCollection !== null)
{
/** @var AuthStrategyInterface $algorithm */
foreach($alternativeAlgorithmCollection->getArray() as $algorithm)
{
if($algorithm->verify($password, $hash))
{
return true;
}
}
}
return false;
}
/**
* Generates a hash by given password string.
*
* @param StringType $password String that should be hashed.
*
* @throws RuntimeException if password_hash() could not create a hash.
*
* @return string Resulting hash.
*/
public function getHash(StringType $password)
{
$hash = password_hash($password->asString(), PASSWORD_DEFAULT);
if($hash === false)
{
throw new RuntimeException('password_hash() could not create a hash.');
}
return $hash;
}
/**
* Returns a rehashed password hash if it does not match the currently used hashing algorithm.
*
* @param StringType $password Password that should be rehashed by a new
* algorithm.
* @param NonEmptyStringType $hash Current password hash.
* @param AuthStrategyCollection|null $alternativeAlgorithmCollection Collection of alternative hashing algorithms.
*
* @return string The new password hash.
*/
public function getRehashedPassword(StringType $password,
NonEmptyStringType $hash,
AuthStrategyCollection $alternativeAlgorithmCollection = null)
{
if($this->verify($password, $hash) && password_needs_rehash($hash->asString(), PASSWORD_DEFAULT))
{
return $this->getHash($password);
}
if($alternativeAlgorithmCollection !== null)
{
/** @var AuthStrategyInterface $algorithm */
foreach($alternativeAlgorithmCollection->getArray() as $algorithm)
{
if($algorithm->verify($password, $hash))
{
return $this->getHash($password);
}
}
}
return $hash->asString();
}
}