MigratingPasswordEncoder
extends BasePasswordEncoder
in package
implements
SelfSaltingEncoderInterface
Hashes passwords using the best available encoder.
Validates them using a chain of encoders.
/!\ Don't put a PlaintextPasswordEncoder in the list as that'd mean a leaked hash could be used to authenticate successfully without knowing the cleartext password.
Tags
Interfaces, Classes, Traits and Enums
- SelfSaltingEncoderInterface
- SelfSaltingEncoderInterface is a marker interface for encoders that do not require a user-generated salt.
Table of Contents
- MAX_PASSWORD_LENGTH = 4096
- $bestEncoder : mixed
- $extraEncoders : mixed
- __construct() : mixed
- encodePassword() : string
- {@inheritdoc}
- isPasswordValid() : bool
- {@inheritdoc}
- needsRehash() : bool
- {@inheritdoc}
- comparePasswords() : bool
- Compares two passwords.
- demergePasswordAndSalt() : array<string|int, mixed>
- Demerges a merge password and salt string.
- isPasswordTooLong() : bool
- Checks if the password is too long.
- mergePasswordAndSalt() : string
- Merges a password and a salt.
Constants
MAX_PASSWORD_LENGTH
public
mixed
MAX_PASSWORD_LENGTH
= 4096
Properties
$bestEncoder
private
mixed
$bestEncoder
$extraEncoders
private
mixed
$extraEncoders
Methods
__construct()
public
__construct(PasswordEncoderInterface $bestEncoder, PasswordEncoderInterface ...$extraEncoders) : mixed
Parameters
- $bestEncoder : PasswordEncoderInterface
- $extraEncoders : PasswordEncoderInterface
Return values
mixed —encodePassword()
{@inheritdoc}
public
encodePassword(mixed $raw, mixed $salt) : string
Parameters
- $raw : mixed
- $salt : mixed
Return values
string —isPasswordValid()
{@inheritdoc}
public
isPasswordValid(mixed $encoded, mixed $raw, mixed $salt) : bool
Parameters
- $encoded : mixed
- $raw : mixed
- $salt : mixed
Return values
bool —needsRehash()
{@inheritdoc}
public
needsRehash(string $encoded) : bool
Parameters
- $encoded : string
Return values
bool —comparePasswords()
Compares two passwords.
protected
comparePasswords(string $password1, string $password2) : bool
This method implements a constant-time algorithm to compare passwords to avoid (remote) timing attacks.
Parameters
- $password1 : string
-
The first password
- $password2 : string
-
The second password
Return values
bool —true if the two passwords are the same, false otherwise
demergePasswordAndSalt()
Demerges a merge password and salt string.
protected
demergePasswordAndSalt(string $mergedPasswordSalt) : array<string|int, mixed>
Parameters
- $mergedPasswordSalt : string
-
The merged password and salt string
Return values
array<string|int, mixed> —An array where the first element is the password and the second the salt
isPasswordTooLong()
Checks if the password is too long.
protected
isPasswordTooLong(string $password) : bool
Parameters
- $password : string
-
The password to check
Return values
bool —true if the password is too long, false otherwise
mergePasswordAndSalt()
Merges a password and a salt.
protected
mergePasswordAndSalt(string $password, string|null $salt) : string
Parameters
- $password : string
-
The password to be used
- $salt : string|null
-
The salt to be used
Tags
Return values
string —a merged password and salt