Merge pull request 'ajout d'une methode spécifique à ssha' (#7) from method-ssha into develop
Cadoles/hydra-sql/pipeline/head This commit looks good
Details
Cadoles/hydra-sql/pipeline/head This commit looks good
Details
Reviewed-on: #7
This commit is contained in:
commit
b9648231ba
|
@ -27,7 +27,7 @@ parameters:
|
||||||
locales: '%env(APP_LOCALES)%'
|
locales: '%env(APP_LOCALES)%'
|
||||||
app.supported_locales: ~
|
app.supported_locales: ~
|
||||||
|
|
||||||
env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
|
env(PEPPER): ""
|
||||||
pepper: '%env(resolve:PEPPER)%'
|
pepper: '%env(resolve:PEPPER)%'
|
||||||
services:
|
services:
|
||||||
# default configuration for services in *this* file
|
# default configuration for services in *this* file
|
||||||
|
|
|
@ -47,6 +47,9 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
||||||
$completedPassword = $this->getPasswordToHash($plainPassword, $salt);
|
$completedPassword = $this->getPasswordToHash($plainPassword, $salt);
|
||||||
|
|
||||||
foreach ($this->hashAlgoLegacy as $algo) {
|
foreach ($this->hashAlgoLegacy as $algo) {
|
||||||
|
if ('ssha' === $algo) {
|
||||||
|
return $this->compareSsha($hashedPassword, $completedPassword);
|
||||||
|
}
|
||||||
if ($this->isObsoleteAlgo($algo)) {
|
if ($this->isObsoleteAlgo($algo)) {
|
||||||
if (hash_equals(hash($algo, $completedPassword), $hashedPassword)) {
|
if (hash_equals(hash($algo, $completedPassword), $hashedPassword)) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -98,4 +101,17 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
||||||
|
|
||||||
return $completedPlainPassword;
|
return $completedPlainPassword;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function compareSsha($hashPassword, $plainPassword)
|
||||||
|
{
|
||||||
|
$base_64_hash_with_salt = substr($hashPassword, 6);
|
||||||
|
$hash_with_salt = base64_decode($base_64_hash_with_salt);
|
||||||
|
$hash = substr($hash_with_salt, 0, 20);
|
||||||
|
$salt = substr($hash_with_salt, 20);
|
||||||
|
|
||||||
|
// hash given password
|
||||||
|
$hash_given = sha1($plainPassword.$salt, true);
|
||||||
|
|
||||||
|
return $hash == $hash_given;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue