MediaWiki
master
|
Represents a password hash for use in authentication. More...
Public Member Functions | |
__construct (PasswordFactory $factory, array $config, string $hash=null) | |
Construct the Password object using a string hash. More... | |
crypt (string $password) | |
Hash a password and store the result in this object. More... | |
getType () | |
Get the type name of the password. More... | |
needsUpdate () | |
Determine if the hash needs to be updated. More... | |
toString () | |
Convert this hash to a string that can be stored in the database. More... | |
verify (string $password) | |
Checks whether the given password matches the hash stored in this object. More... | |
Protected Member Functions | |
assertIsSafeSize (string $hash) | |
Assert that hash will fit in a tinyblob field. More... | |
isSupported () | |
Whether current password type is supported on this system. More... | |
parseHash (?string $hash) | |
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating. More... | |
Protected Attributes | |
array | $config |
Array of configuration variables injected from the constructor. More... | |
PasswordFactory | $factory |
Factory that created the object. More... | |
string null | $hash |
String representation of the hash without the type. More... | |
Represents a password hash for use in authentication.
Note: All password types are transparently prefixed with :<TYPE>:, where <TYPE> is the registered type of the hash. This prefix is stripped in the constructor and is added back in the toString() function.
When inheriting this class, there are a couple of expectations to be fulfilled:
The abstract functions that must be overridden are:
After creating a new password hash type, it can be registered using the static Password::register() method. The default type is set using the Password::setDefaultType() type. Types must be registered before they can be set as the default.
Definition at line 61 of file Password.php.
|
final |
Construct the Password object using a string hash.
It is strongly recommended not to call this function directly unless you have a reason to. Use the PasswordFactory class instead.
MWException | If $config does not contain required parameters |
PasswordFactory | $factory | Factory object that created the password |
array | $config | Array of engine configuration options for hashing |
string | null | $hash | The raw hash, including the type |
Definition at line 96 of file Password.php.
References $config, $factory, $hash, isSupported(), and parseHash().
|
finalprotected |
Assert that hash will fit in a tinyblob field.
This prevents MW from inserting it into the DB and having MySQL silently truncating it, locking the user out of their account.
string | $hash | The hash in question. |
PasswordError | If hash does not fit in DB. |
Definition at line 193 of file Password.php.
|
abstract |
Hash a password and store the result in this object.
The result of the password hash should be put into the internal state of the hash object.
string | $password | Password to hash |
PasswordError | If an internal error occurs in hashing |
Reimplemented in MWSaltedPassword, MWOldPassword, InvalidPassword, LayeredParameterizedPassword, EncryptedPassword, BcryptPassword, Argon2Password, and AbstractPbkdf2Password.
Referenced by LayeredParameterizedPassword\partialCrypt().
|
final |
Get the type name of the password.
Definition at line 120 of file Password.php.
|
protected |
Whether current password type is supported on this system.
Reimplemented in Pbkdf2PasswordUsingOpenSSL, and Argon2Password.
Definition at line 129 of file Password.php.
Referenced by __construct().
|
abstract |
Determine if the hash needs to be updated.
Reimplemented in ParameterizedPassword, InvalidPassword, and Argon2Password.
|
protected |
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating.
string | null | $hash | The hash, with the :<TYPE>: prefix stripped |
PasswordError | If there is an error in parsing the hash |
Reimplemented in ParameterizedPassword, and BcryptPassword.
Definition at line 140 of file Password.php.
Referenced by __construct().
Password::toString | ( | ) |
Convert this hash to a string that can be stored in the database.
The resulting string should be considered the serialized representation of this hash, i.e., if the return value were recycled back into PasswordFactory::newFromCiphertext, the returned object would be equivalent to this; also, if two objects return the same value from this function, they are considered equivalent.
PasswordError | if password cannot be serialized to fit a tinyblob. |
Reimplemented in ParameterizedPassword, InvalidPassword, and Argon2Password.
Definition at line 177 of file Password.php.
Password::verify | ( | string | $password | ) |
Checks whether the given password matches the hash stored in this object.
string | $password | Password to check |
Reimplemented in InvalidPassword, and Argon2Password.
Definition at line 156 of file Password.php.
|
protected |
Array of configuration variables injected from the constructor.
Definition at line 77 of file Password.php.
Referenced by __construct(), and AbstractPbkdf2Password\newInstance().
|
protected |
Factory that created the object.
Definition at line 65 of file Password.php.
Referenced by __construct(), and AbstractPbkdf2Password\newInstance().
|
protected |
String representation of the hash without the type.
Definition at line 71 of file Password.php.
Referenced by __construct(), and AbstractPbkdf2Password\newInstance().