PasswordEncryptor_BCrypt::check() - Code Metrics - Inspection of "BUGFIX single sign on issues" - dynamic/foxystripe - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#373)

by Nic

created 2018-12-29 01:39 UTC

PasswordEncryptor_BCrypt::check() A

↳ Parent: PasswordEncryptor_BCrypt

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	1
nc	1
nop	4
dl	0
loc	3
rs	10
c	0
b	0
f	0

<?php

namespace Dynamic\FoxyStripe\Security;

use SilverStripe\Security\PasswordEncryptor;

/**
 * Class PasswordEncryptor_BCrypt
 * @package Dynamic\FoxyStripe\Security
 */
class PasswordEncryptor_BCrypt extends PasswordEncryptor
{
    /**
     * Cost of encryption.
     * Higher costs will increase security, but also increase server load.
     * If you are using basic auth, you may need to decrease this as encryption
     * will be run on every request.
     * The two digit cost parameter is the base-2 logarithm of the iteration
     * count for the underlying Blowfish-based hashing algorithmeter and must
     * be in range 04-31, values outside this range will cause crypt() to fail.
     */
    protected static $cost = 10;

    /**
     * Sets the cost of the blowfish algorithm.
     * See {@link PasswordEncryptor_Blowfish::$cost}
     * Cost is set as an integer but
     * Ensure that set values are from 4-31
     *
     * @param int $cost range 4-31
     */
    public static function set_cost($cost)
    {
        self::$cost = max(min(31, $cost), 4);
    }

    /**
     * Gets the cost that is set for the PASSWORD_BCRYPT algorithm
     *
     * @return int
     */
    public static function get_cost()
    {
        return self::$cost;
    }

    /**
     * @param String $password
     * @param null $member

     * @return bool|string
     */
    public function encrypt($password, $salt = null, $member = null)
    {
        $encryptedPassword = password_hash($password, PASSWORD_BCRYPT, ['cost' => static::get_cost()]);

        if (strpos($encryptedPassword, '$2y$') === false) {
            throw new PasswordEncryptor_EncryptionFailed('BCrypt password encryption failed.');
filter:
    dependency_paths: ["lib/*"]
        }

        return $encryptedPassword;
    }

    /**
     * @param string $hash
     * @param string $password
     * @return bool
     */
    public function check($hash, $password, $salt = null, $member = null)
    {
        return password_verify($password, $hash);
    }
}


1			<?php
2
3			namespace Dynamic\FoxyStripe\Security;
4
5			use SilverStripe\Security\PasswordEncryptor;
6
7			/**
8			* Class PasswordEncryptor_BCrypt
9			* @package Dynamic\FoxyStripe\Security
10			*/
11			class PasswordEncryptor_BCrypt extends PasswordEncryptor
12			{
13			/**
14			* Cost of encryption.
15			* Higher costs will increase security, but also increase server load.
16			* If you are using basic auth, you may need to decrease this as encryption
17			* will be run on every request.
18			* The two digit cost parameter is the base-2 logarithm of the iteration
19			* count for the underlying Blowfish-based hashing algorithmeter and must
20			* be in range 04-31, values outside this range will cause crypt() to fail.
21			*/
22			protected static $cost = 10;
23
24			/**
25			* Sets the cost of the blowfish algorithm.
26			* See {@link PasswordEncryptor_Blowfish::$cost}
27			* Cost is set as an integer but
28			* Ensure that set values are from 4-31
29			*
30			* @param int $cost range 4-31
31			*/
32			public static function set_cost($cost)
33			{
34			self::$cost = max(min(31, $cost), 4);
35			}
36
37			/**
38			* Gets the cost that is set for the PASSWORD_BCRYPT algorithm
39			*
40			* @return int
41			*/
42			public static function get_cost()
43			{
44			return self::$cost;
45			}
46
47			/**
48			* @param String $password
49			* @param null $member
			0 ignored issues – show Documentation Bug introduced 2018-12-29 01:53 UTC by Report Bug Copy Issue Report Are you sure the doc-type for parameter `$member` is correct as it would always require `null` to be passed? Loading history...
50			* @return bool\|string
51			*/
52			public function encrypt($password, $salt = null, $member = null)
53			{
54			$encryptedPassword = password_hash($password, PASSWORD_BCRYPT, ['cost' => static::get_cost()]);
55
56			if (strpos($encryptedPassword, '$2y$') === false) {
57			throw new PasswordEncryptor_EncryptionFailed('BCrypt password encryption failed.');
			0 ignored issues – show Bug introduced 2018-12-29 01:53 UTC by Report Bug Copy Issue Report The type `Dynamic\FoxyStripe\Secur...ryptor_EncryptionFailed` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
58			}
59
60			return $encryptedPassword;
61			}
62
63			/**
64			* @param string $hash
65			* @param string $password
66			* @return bool
67			*/
68			public function check($hash, $password, $salt = null, $member = null)
69			{
70			return password_verify($password, $hash);
71			}
72			}
73

dynamic / foxystripe

Pull Request — master (#373)

PasswordEncryptor_BCrypt::check() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like