diff options
Diffstat (limited to 'Core')
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 4 | ||||
| -rw-r--r-- | Core/Encoder/BasePasswordEncoder.php | 4 | ||||
| -rw-r--r-- | Core/Encoder/Pbkdf2PasswordEncoder.php | 26 | ||||
| -rw-r--r-- | Core/Tests/Util/StringUtilsTest.php | 2 | ||||
| -rw-r--r-- | Core/Util/StringUtils.php | 39 | ||||
| -rw-r--r-- | Core/composer.json | 12 |
6 files changed, 18 insertions, 69 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index d2b0319..c0c8fe0 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -34,10 +34,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function __construct($cost) { - if (!function_exists('password_hash')) { - throw new \RuntimeException('To use the BCrypt encoder, you need to upgrade to PHP 5.5 or install the "ircmaxell/password-compat" via Composer.'); - } - $cost = (int) $cost; if ($cost < 4 || $cost > 31) { throw new \InvalidArgumentException('Cost must be in the range of 4-31.'); diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index 1c9ada1..12126d8 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\Util\StringUtils; - /** * BasePasswordEncoder is the base class for all password encoders. * @@ -83,7 +81,7 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface */ protected function comparePasswords($password1, $password2) { - return StringUtils::equals($password1, $password2); + return hash_equals($password1, $password2); } /** diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php index 6f24c4f..8422a4b 100644 --- a/Core/Encoder/Pbkdf2PasswordEncoder.php +++ b/Core/Encoder/Pbkdf2PasswordEncoder.php @@ -64,11 +64,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); } - if (function_exists('hash_pbkdf2')) { - $digest = hash_pbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length, true); - } else { - $digest = $this->hashPbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length); - } + $digest = hash_pbkdf2($this->algorithm, $raw, $salt, $this->iterations, $this->length, true); return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest); } @@ -80,24 +76,4 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder { return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } - - private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) - { - // Number of blocks needed to create the derived key - $blocks = ceil($length / strlen(hash($algorithm, null, true))); - $digest = ''; - - for ($i = 1; $i <= $blocks; ++$i) { - $ib = $block = hash_hmac($algorithm, $salt.pack('N', $i), $password, true); - - // Iterations - for ($j = 1; $j < $iterations; ++$j) { - $ib ^= ($block = hash_hmac($algorithm, $block, $password, true)); - } - - $digest .= $ib; - } - - return substr($digest, 0, $this->length); - } } diff --git a/Core/Tests/Util/StringUtilsTest.php b/Core/Tests/Util/StringUtilsTest.php index faeaf25..78d9b05 100644 --- a/Core/Tests/Util/StringUtilsTest.php +++ b/Core/Tests/Util/StringUtilsTest.php @@ -15,6 +15,8 @@ use Symfony\Component\Security\Core\Util\StringUtils; /** * Data from PHP.net's hash_equals tests. + * + * @group legacy */ class StringUtilsTest extends \PHPUnit_Framework_TestCase { diff --git a/Core/Util/StringUtils.php b/Core/Util/StringUtils.php index 343585c..5900812 100644 --- a/Core/Util/StringUtils.php +++ b/Core/Util/StringUtils.php @@ -11,10 +11,16 @@ namespace Symfony\Component\Security\Core\Util; +@trigger_error('The '.__NAMESPACE__.'\\StringUtils class is deprecated since version 2.8 and will be removed in 3.0. Use hash_equals() instead.', E_USER_DEPRECATED); + +use Symfony\Component\Polyfill\Util\Binary; + /** * String utility functions. * * @author Fabien Potencier <fabien@symfony.com> + * + * @deprecated since 2.8, to be removed in 3.0. */ class StringUtils { @@ -47,25 +53,7 @@ class StringUtils $userInput = (string) $userInput; } - if (function_exists('hash_equals')) { - return hash_equals($knownString, $userInput); - } - - $knownLen = self::safeStrlen($knownString); - $userLen = self::safeStrlen($userInput); - - if ($userLen !== $knownLen) { - return false; - } - - $result = 0; - - for ($i = 0; $i < $knownLen; ++$i) { - $result |= (ord($knownString[$i]) ^ ord($userInput[$i])); - } - - // They are only identical strings if $result is exactly 0... - return 0 === $result; + return hash_equals($knownString, $userInput); } /** @@ -77,17 +65,6 @@ class StringUtils */ public static function safeStrlen($string) { - // Premature optimization - // Since this cannot be changed at runtime, we can cache it - static $funcExists = null; - if (null === $funcExists) { - $funcExists = function_exists('mb_strlen'); - } - - if ($funcExists) { - return mb_strlen($string, '8bit'); - } - - return strlen($string); + return Binary::strlen($string); } } diff --git a/Core/composer.json b/Core/composer.json index 31b4653..c75d2d5 100644 --- a/Core/composer.json +++ b/Core/composer.json @@ -17,25 +17,25 @@ ], "require": { "php": ">=5.3.9", - "paragonie/random_compat": "~1.0" + "symfony/polyfill-php55": "~1.0", + "symfony/polyfill-php56": "~1.0", + "symfony/polyfill-util": "~1.0" }, "require-dev": { "symfony/event-dispatcher": "~2.1|~3.0.0", "symfony/expression-language": "~2.6|~3.0.0", "symfony/http-foundation": "~2.4|~3.0.0", + "symfony/ldap": "~2.8|~3.0.0", "symfony/translation": "~2.0,>=2.0.5|~3.0.0", "symfony/validator": "~2.5,>=2.5.5|~3.0.0", - "psr/log": "~1.0", - "ircmaxell/password-compat": "1.0.*", - "symfony/ldap": "~2.8|~3.0.0" + "psr/log": "~1.0" }, "suggest": { "symfony/event-dispatcher": "", "symfony/http-foundation": "", "symfony/validator": "For using the user password constraint", "symfony/expression-language": "For using the expression voter", - "symfony/ldap": "For using LDAP integration", - "ircmaxell/password-compat": "For using the BCrypt password encoder in PHP <5.5" + "symfony/ldap": "For using LDAP integration" }, "autoload": { "psr-4": { "Symfony\\Component\\Security\\Core\\": "" } |