Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4258b5e

Browse files
author
David Brooks
committed
Make $argon check separate from bcrypt check
1 parent 5f554e9 commit 4258b5e

File tree

2 files changed

+10
-10
lines changed

2 files changed

+10
-10
lines changed

src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -80,12 +80,12 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo
8080
return false;
8181
}
8282

83-
if (0 !== strpos($encoded, '$argon')) {
84-
if (0 === strpos($encoded, '$2')) {
85-
// BCrypt encodes only the first 72 chars
86-
return 72 >= \strlen($raw) && password_verify($raw, $encoded);
87-
}
83+
if (0 === strpos($encoded, '$2')) {
84+
// BCrypt encodes only the first 72 chars
85+
return 72 >= \strlen($raw) && password_verify($raw, $encoded);
86+
}
8887

88+
if (0 !== strpos($encoded, '$argon')) {
8989
return password_verify($raw, $encoded);
9090
}
9191

src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -80,12 +80,12 @@ public function isPasswordValid(string $encoded, string $raw, ?string $salt): bo
8080
return false;
8181
}
8282

83-
if (0 !== strpos($encoded, '$argon')) {
84-
if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
85-
// Accept validating BCrypt passwords for seamless migrations
86-
return password_verify($raw, $encoded);
87-
}
83+
if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
84+
// Accept validating BCrypt passwords for seamless migrations
85+
return password_verify($raw, $encoded);
86+
}
8887

88+
if (0 !== strpos($encoded, '$argon')) {
8989
return password_verify($raw, $encoded);
9090
}
9191

0 commit comments

Comments
 (0)