MediaWiki  master
Password.php
Go to the documentation of this file.
1 <?php
24 
61 abstract class Password {
65  protected $factory;
66 
71  protected $hash;
72 
77  protected $config;
78 
82  const MAX_HASH_SIZE = 255;
83 
96  final public function __construct( PasswordFactory $factory, array $config, $hash = null ) {
97  if ( !$this->isSupported() ) {
98  throw new Exception( 'PHP support not found for ' . get_class( $this ) );
99  }
100  if ( !isset( $config['type'] ) ) {
101  throw new Exception( 'Password configuration must contain a type name.' );
102  }
103  $this->config = $config;
104  $this->factory = $factory;
105 
106  if ( $hash !== null && strlen( $hash ) >= 3 ) {
107  // Strip the type from the hash for parsing
108  $hash = substr( $hash, strpos( $hash, ':', 1 ) + 1 );
109  }
110 
111  $this->hash = $hash;
112  $this->parseHash( $hash );
113  }
114 
120  final public function getType() {
121  return $this->config['type'];
122  }
123 
129  protected function isSupported() {
130  return true;
131  }
132 
140  protected function parseHash( $hash ) {
141  }
142 
148  abstract public function needsUpdate();
149 
163  public function equals( $other ) {
164  wfDeprecated( __METHOD__, '1.33' );
165 
166  if ( is_string( $other ) ) {
167  return $this->verify( $other );
168  }
169 
170  return hash_equals( $this->toString(), $other->toString() );
171  }
172 
179  public function verify( $password ) {
180  Assert::parameterType( 'string', $password, '$password' );
181 
182  // No need to use the factory because we're definitely making
183  // an object of the same type.
184  $obj = clone $this;
185  $obj->crypt( $password );
186 
187  return hash_equals( $this->toString(), $obj->toString() );
188  }
189 
202  public function toString() {
203  $result = ':' . $this->config['type'] . ':' . $this->hash;
204  $this->assertIsSafeSize( $result );
205  return $result;
206  }
207 
218  final protected function assertIsSafeSize( $hash ) {
219  if ( strlen( $hash ) > self::MAX_HASH_SIZE ) {
220  throw new PasswordError( "Password hash is too big" );
221  }
222  }
223 
233  abstract public function crypt( $password );
234 }
needsUpdate()
Determine if the hash needs to be updated.
equals( $other)
Compare one Password object to this object.
Definition: Password.php:163
const MAX_HASH_SIZE
Hash must fit in user_password, which is a tinyblob.
Definition: Password.php:82
__construct(PasswordFactory $factory, array $config, $hash=null)
Construct the Password object using a string hash.
Definition: Password.php:96
getType()
Get the type name of the password.
Definition: Password.php:120
isSupported()
Whether current password type is supported on this system.
Definition: Password.php:129
array $config
Array of configuration variables injected from the constructor.
Definition: Password.php:77
toString()
Convert this hash to a string that can be stored in the database.
Definition: Password.php:202
verify( $password)
Checks whether the given password matches the hash stored in this object.
Definition: Password.php:179
crypt( $password)
Hash a password and store the result in this object.
assertIsSafeSize( $hash)
Assert that hash will fit in a tinyblob field.
Definition: Password.php:218
string $hash
String representation of the hash without the type.
Definition: Password.php:71
Show an error when any operation involving passwords fails to run.
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
PasswordFactory $factory
Factory that created the object.
Definition: Password.php:65
parseHash( $hash)
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for see...
Definition: Password.php:140