Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c0fc456

Browse files
nicolas-grekasnicolas-grekas
committed
[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords
1 parent 89f423f commit c0fc456

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,11 @@ public function isPasswordValid($encoded, $raw, $salt)
8484
return false;
8585
}
8686

87+
if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
88+
// Accept validating BCrypt passwords for seamless migrations
89+
return password_verify($raw, $encoded);
90+
}
91+
8792
if (\function_exists('sodium_crypto_pwhash_str_verify')) {
8893
return \sodium_crypto_pwhash_str_verify($encoded, $raw);
8994
}

src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,12 @@ public function testValidation()
3131
$this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
3232
}
3333

34+
public function testBCryptValidation()
35+
{
36+
$encoder = new SodiumPasswordEncoder();
37+
$this->assertTrue($encoder->isPasswordValid('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
38+
}
39+
3440
/**
3541
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
3642
*/

0 commit comments

Comments
 (0)