MediaWiki REL1_34
Password.php
Go to the documentation of this file.
1<?php
23use Wikimedia\Assert\Assert;
24
61abstract class Password {
65 protected $factory;
66
71 protected $hash;
72
77 protected $config;
78
82 const MAX_HASH_SIZE = 255;
83
96 final public function __construct( PasswordFactory $factory, array $config, $hash = null ) {
97 if ( !$this->isSupported() ) {
98 throw new Exception( 'PHP support not found for ' . get_class( $this ) );
99 }
100 if ( !isset( $config['type'] ) ) {
101 throw new Exception( 'Password configuration must contain a type name.' );
102 }
103 $this->config = $config;
104 $this->factory = $factory;
105
106 if ( $hash !== null && strlen( $hash ) >= 3 ) {
107 // Strip the type from the hash for parsing
108 $hash = substr( $hash, strpos( $hash, ':', 1 ) + 1 );
109 }
110
111 $this->hash = $hash;
112 $this->parseHash( $hash );
113 }
114
120 final public function getType() {
121 return $this->config['type'];
122 }
123
129 protected function isSupported() {
130 return true;
131 }
132
140 protected function parseHash( $hash ) {
141 }
142
148 abstract public function needsUpdate();
149
163 public function equals( $other ) {
164 wfDeprecated( __METHOD__, '1.33' );
165
166 if ( is_string( $other ) ) {
167 return $this->verify( $other );
168 }
169
170 return hash_equals( $this->toString(), $other->toString() );
171 }
172
179 public function verify( $password ) {
180 Assert::parameterType( 'string', $password, '$password' );
181
182 // No need to use the factory because we're definitely making
183 // an object of the same type.
184 $obj = clone $this;
185 $obj->crypt( $password );
186
187 return hash_equals( $this->toString(), $obj->toString() );
188 }
189
202 public function toString() {
203 $result = ':' . $this->config['type'] . ':' . $this->hash;
204 $this->assertIsSafeSize( $result );
205 return $result;
206 }
207
218 final protected function assertIsSafeSize( $hash ) {
219 if ( strlen( $hash ) > self::MAX_HASH_SIZE ) {
220 throw new PasswordError( "Password hash is too big" );
221 }
222 }
223
233 abstract public function crypt( $password );
234}
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1044
PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:26
PasswordFactory
Factory class for creating and checking Password objects.
Definition PasswordFactory.php:28
Password
Represents a password hash for use in authentication.
Definition Password.php:61
Password\verify
verify( $password)
Checks whether the given password matches the hash stored in this object.
Definition Password.php:179
Password\getType
getType()
Get the type name of the password.
Definition Password.php:120
Password\parseHash
parseHash( $hash)
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for see...
Definition Password.php:140
Password\crypt
crypt( $password)
Hash a password and store the result in this object.
Password\MAX_HASH_SIZE
const MAX_HASH_SIZE
Hash must fit in user_password, which is a tinyblob.
Definition Password.php:82
Password\isSupported
isSupported()
Whether current password type is supported on this system.
Definition Password.php:129
Password\needsUpdate
needsUpdate()
Determine if the hash needs to be updated.
Password\__construct
__construct(PasswordFactory $factory, array $config, $hash=null)
Construct the Password object using a string hash.
Definition Password.php:96
Password\assertIsSafeSize
assertIsSafeSize( $hash)
Assert that hash will fit in a tinyblob field.
Definition Password.php:218
Password\$hash
string $hash
String representation of the hash without the type.
Definition Password.php:71
Password\equals
equals( $other)
Compare one Password object to this object.
Definition Password.php:163
Password\toString
toString()
Convert this hash to a string that can be stored in the database.
Definition Password.php:202
Password\$config
array $config
Array of configuration variables injected from the constructor.
Definition Password.php:77
Password\$factory
PasswordFactory $factory
Factory that created the object.
Definition Password.php:65