silverstripe-framework/src/Security/PasswordEncryptor.php

106 lines
3.0 KiB
PHP
Raw Normal View History

<?php
2016-06-23 11:37:22 +12:00
namespace SilverStripe\Security;
use ReflectionClass;
2017-06-09 15:07:35 +12:00
use SilverStripe\Core\Config\Config;
2016-06-23 11:37:22 +12:00
/**
* Allows pluggable password encryption.
* By default, this might be PHP's integrated sha1()
* function, but could also be more sophisticated to facilitate
* password migrations from other systems.
* Use {@link register()} to add new implementations.
2014-08-15 18:53:05 +12:00
*
* Used in {@link Security::encrypt_password()}.
*/
2016-11-29 12:31:16 +13:00
abstract class PasswordEncryptor
{
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
/**
* @var array
* @config
*/
private static $encryptors = array();
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
/**
* @return array Map of encryptor code to the used class.
*/
public static function get_encryptors()
{
return Config::inst()->get(self::class, 'encryptors');
2016-11-29 12:31:16 +13:00
}
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
/**
* @param String $algorithm
* @return PasswordEncryptor
* @throws PasswordEncryptor_NotFoundException
*/
public static function create_for_algorithm($algorithm)
{
$encryptors = self::get_encryptors();
if (!isset($encryptors[$algorithm])) {
throw new PasswordEncryptor_NotFoundException(
sprintf('No implementation found for "%s"', $algorithm)
);
}
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
$class=key($encryptors[$algorithm]);
if (!class_exists($class)) {
throw new PasswordEncryptor_NotFoundException(
sprintf('No class found for "%s"', $class)
);
}
$refClass = new ReflectionClass($class);
if (!$refClass->getConstructor()) {
return new $class;
}
2016-11-29 12:31:16 +13:00
$arguments = $encryptors[$algorithm];
return($refClass->newInstanceArgs($arguments));
}
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
/**
* Return a string value stored in the {@link Member->Password} property.
* The password should be hashed with {@link salt()} if applicable.
*
* @param String $password Cleartext password to be hashed
* @param String $salt (Optional)
* @param Member $member (Optional)
* @return String Maximum of 512 characters.
*/
abstract public function encrypt($password, $salt = null, $member = null);
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
/**
* Return a string value stored in the {@link Member->Salt} property.
*
* @uses RandomGenerator
*
* @param string $password Cleartext password
* @param Member $member (Optional)
* @return string Maximum of 50 characters
*/
public function salt($password, $member = null)
{
$generator = new RandomGenerator();
return substr($generator->randomToken('sha1'), 0, 50);
}
2014-08-15 18:53:05 +12:00
2016-11-29 12:31:16 +13:00
/**
* This usually just returns a strict string comparison,
* but is necessary for retain compatibility with password hashed
* with flawed algorithms - see {@link PasswordEncryptor_LegacyPHPHash} and
* {@link PasswordEncryptor_Blowfish}
*
* @param string $hash
* @param string $password
* @param string $salt
* @param Member $member
* @return bool
*/
public function check($hash, $password, $salt = null, $member = null)
{
return $hash === $this->encrypt($password, $salt, $member);
}
}