MediaWiki
1.34.0
|
Represents a password hash for use in authentication. More...
Public Member Functions | |
__construct (PasswordFactory $factory, array $config, $hash=null) | |
Construct the Password object using a string hash. More... | |
crypt ( $password) | |
Hash a password and store the result in this object. More... | |
equals ( $other) | |
Compare one Password object to this object. More... | |
getType () | |
Get the type name of the password. More... | |
needsUpdate () | |
Determine if the hash needs to be updated. More... | |
toString () | |
Convert this hash to a string that can be stored in the database. More... | |
verify ( $password) | |
Checks whether the given password matches the hash stored in this object. More... | |
Public Attributes | |
const | MAX_HASH_SIZE = 255 |
Hash must fit in user_password, which is a tinyblob. More... | |
Protected Member Functions | |
assertIsSafeSize ( $hash) | |
Assert that hash will fit in a tinyblob field. More... | |
isSupported () | |
Whether current password type is supported on this system. More... | |
parseHash ( $hash) | |
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating. More... | |
Protected Attributes | |
array | $config |
Array of configuration variables injected from the constructor. More... | |
PasswordFactory | $factory |
Factory that created the object. More... | |
string | $hash |
String representation of the hash without the type. More... | |
Represents a password hash for use in authentication.
Note: All password types are transparently prefixed with :<TYPE>:, where <TYPE> is the registered type of the hash. This prefix is stripped in the constructor and is added back in the toString() function.
When inheriting this class, there are a couple of expectations to be fulfilled:
The abstract functions that must be overridden are:
After creating a new password hash type, it can be registered using the static Password::register() method. The default type is set using the Password::setDefaultType() type. Types must be registered before they can be set as the default.
Definition at line 61 of file Password.php.
|
final |
Construct the Password object using a string hash.
It is strongly recommended not to call this function directly unless you have a reason to. Use the PasswordFactory class instead.
MWException | If $config does not contain required parameters |
PasswordFactory | $factory | Factory object that created the password |
array | $config | Array of engine configuration options for hashing |
string | null | $hash | The raw hash, including the type |
Definition at line 96 of file Password.php.
References $config, $factory, $hash, isSupported(), and parseHash().
|
finalprotected |
Assert that hash will fit in a tinyblob field.
This prevents MW from inserting it into the DB and having MySQL silently truncating it, locking the user out of their account.
string | $hash | The hash in question. |
PasswordError | If hash does not fit in DB. |
Definition at line 218 of file Password.php.
References $hash.
Referenced by ParameterizedPassword\toString(), Argon2Password\toString(), and toString().
|
abstract |
Hash a password and store the result in this object.
The result of the password hash should be put into the internal state of the hash object.
string | $password | Password to hash |
PasswordError | If an internal error occurs in hashing |
Reimplemented in MWSaltedPassword, MWOldPassword, InvalidPassword, Argon2Password, LayeredParameterizedPassword, BcryptPassword, Pbkdf2Password, and EncryptedPassword.
Referenced by LayeredParameterizedPassword\partialCrypt().
Password::equals | ( | $other | ) |
Compare one Password object to this object.
By default, do a timing-safe string comparison on the result of Password::toString() for each object. This can be overridden to do custom comparison, but it is not recommended unless necessary.
Password | string | $other | The other password |
Reimplemented in Argon2Password, and InvalidPassword.
Definition at line 163 of file Password.php.
References toString(), verify(), and wfDeprecated().
|
final |
Get the type name of the password.
Definition at line 120 of file Password.php.
Referenced by PasswordFactory\needsUpdate().
|
protected |
Whether current password type is supported on this system.
Reimplemented in Argon2Password.
Definition at line 129 of file Password.php.
Referenced by __construct().
|
abstract |
Determine if the hash needs to be updated.
Reimplemented in Argon2Password, ParameterizedPassword, and InvalidPassword.
Referenced by PasswordFactory\needsUpdate().
|
protected |
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating.
string | $hash | The hash, with the :<TYPE>: prefix stripped |
PasswordError | If there is an error in parsing the hash |
Reimplemented in ParameterizedPassword, and BcryptPassword.
Definition at line 140 of file Password.php.
Referenced by __construct().
Password::toString | ( | ) |
Convert this hash to a string that can be stored in the database.
The resulting string should be considered the seralized representation of this hash, i.e., if the return value were recycled back into PasswordFactory::newFromCiphertext, the returned object would be equivalent to this; also, if two objects return the same value from this function, they are considered equivalent.
PasswordError | if password cannot be serialized to fit a tinyblob. |
Reimplemented in Argon2Password, ParameterizedPassword, and InvalidPassword.
Definition at line 202 of file Password.php.
References $hash, and assertIsSafeSize().
Password::verify | ( | $password | ) |
Checks whether the given password matches the hash stored in this object.
string | $password | Password to check |
Reimplemented in Argon2Password, and InvalidPassword.
Definition at line 179 of file Password.php.
References toString().
Referenced by equals().
|
protected |
Array of configuration variables injected from the constructor.
Definition at line 77 of file Password.php.
Referenced by __construct().
|
protected |
Factory that created the object.
Definition at line 65 of file Password.php.
Referenced by __construct().
|
protected |
String representation of the hash without the type.
Definition at line 71 of file Password.php.
Referenced by __construct(), assertIsSafeSize(), Pbkdf2Password\crypt(), BcryptPassword\crypt(), LayeredParameterizedPassword\crypt(), BcryptPassword\parseHash(), ParameterizedPassword\parseHash(), LayeredParameterizedPassword\partialCrypt(), ParameterizedPassword\toString(), and toString().
const Password::MAX_HASH_SIZE = 255 |
Hash must fit in user_password, which is a tinyblob.
Definition at line 82 of file Password.php.