Compare commits

..

No commits in common. "b9648231baa9b6c387bbc10147167c200b26e83a" and "437a40e309c49b515565445948f938f3bb7efef9" have entirely different histories.

2 changed files with 1 additions and 17 deletions

View File

@ -27,7 +27,7 @@ parameters:
locales: '%env(APP_LOCALES)%' locales: '%env(APP_LOCALES)%'
app.supported_locales: ~ app.supported_locales: ~
env(PEPPER): "" env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
pepper: '%env(resolve:PEPPER)%' pepper: '%env(resolve:PEPPER)%'
services: services:
# default configuration for services in *this* file # default configuration for services in *this* file

View File

@ -47,9 +47,6 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
$completedPassword = $this->getPasswordToHash($plainPassword, $salt); $completedPassword = $this->getPasswordToHash($plainPassword, $salt);
foreach ($this->hashAlgoLegacy as $algo) { foreach ($this->hashAlgoLegacy as $algo) {
if ('ssha' === $algo) {
return $this->compareSsha($hashedPassword, $completedPassword);
}
if ($this->isObsoleteAlgo($algo)) { if ($this->isObsoleteAlgo($algo)) {
if (hash_equals(hash($algo, $completedPassword), $hashedPassword)) { if (hash_equals(hash($algo, $completedPassword), $hashedPassword)) {
return true; return true;
@ -101,17 +98,4 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
return $completedPlainPassword; return $completedPlainPassword;
} }
protected function compareSsha($hashPassword, $plainPassword)
{
$base_64_hash_with_salt = substr($hashPassword, 6);
$hash_with_salt = base64_decode($base_64_hash_with_salt);
$hash = substr($hash_with_salt, 0, 20);
$salt = substr($hash_with_salt, 20);
// hash given password
$hash_given = sha1($plainPassword.$salt, true);
return $hash == $hash_given;
}
} }