PasswordEncryptor_BCrypt::get_cost() - Code Metrics - Inspection of "BUGFIX SingleSignOn does not function properly in..." - dynamic/foxystripe - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#403)

by Nic

created 2020-01-28 18:31 UTC

PasswordEncryptor_BCrypt::get_cost() A

↳ Parent: PasswordEncryptor_BCrypt

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
eloc	1
c	1
b	0
f	1
dl	0
loc	3
rs	10
cc	1
nc	1
nop	0

<?php

namespace Dynamic\FoxyStripe\Security;

use SilverStripe\Security\PasswordEncryptor;
use SilverStripe\Security\PasswordEncryptor_EncryptionFailed;

/**
 * Class PasswordEncryptor_BCrypt
 * @package Dynamic\FoxyStripe\Security
 */
class PasswordEncryptor_BCrypt extends PasswordEncryptor
{
    /**
     * Cost of encryption.
     * Higher costs will increase security, but also increase server load.
     * If you are using basic auth, you may need to decrease this as encryption
     * will be run on every request.
     * The two digit cost parameter is the base-2 logarithm of the iteration
     * count for the underlying Blowfish-based hashing algorithmeter and must
     * be in range 04-31, values outside this range will cause crypt() to fail.
     */
    protected static $cost = 10;

    /**
     * Sets the cost of the blowfish algorithm.
     * See {@link PasswordEncryptor_Blowfish::$cost}
     * Cost is set as an integer but
     * Ensure that set values are from 4-31
     *
     * @param int $cost range 4-31
     */
    public static function set_cost($cost)
    {
        self::$cost = max(min(31, $cost), 4);
    }

    /**
     * Gets the cost that is set for the PASSWORD_BCRYPT algorithm
     *
     * @return int
     */
    public static function get_cost()
    {
        return self::$cost;
    }

    /**
     * @param String $password
     * @param null $salt

     * @param null $member

     * @return bool|String
     * @throws PasswordEncryptor_EncryptionFailed
     */
    public function encrypt($password, $salt = null, $member = null)
    {
        $encryptedPassword = password_hash($password, PASSWORD_BCRYPT, ['cost' => static::get_cost()]);

        if (strpos($encryptedPassword, '$2y$') === false) {
            throw new PasswordEncryptor_EncryptionFailed('BCrypt password encryption failed.');
        }

        return $encryptedPassword;
    }

    /**
     * @param string $hash
     * @param string $password
     * @param null $salt

     * @param null $member

     * @return bool
     */
    public function check($hash, $password, $salt = null, $member = null)
    {
        return password_verify($password, $hash);
    }
}


1			<?php
2
3			namespace Dynamic\FoxyStripe\Security;
4
5			use SilverStripe\Security\PasswordEncryptor;
6			use SilverStripe\Security\PasswordEncryptor_EncryptionFailed;
7
8			/**
9			* Class PasswordEncryptor_BCrypt
10			* @package Dynamic\FoxyStripe\Security
11			*/
12			class PasswordEncryptor_BCrypt extends PasswordEncryptor
13			{
14			/**
15			* Cost of encryption.
16			* Higher costs will increase security, but also increase server load.
17			* If you are using basic auth, you may need to decrease this as encryption
18			* will be run on every request.
19			* The two digit cost parameter is the base-2 logarithm of the iteration
20			* count for the underlying Blowfish-based hashing algorithmeter and must
21			* be in range 04-31, values outside this range will cause crypt() to fail.
22			*/
23			protected static $cost = 10;
24
25			/**
26			* Sets the cost of the blowfish algorithm.
27			* See {@link PasswordEncryptor_Blowfish::$cost}
28			* Cost is set as an integer but
29			* Ensure that set values are from 4-31
30			*
31			* @param int $cost range 4-31
32			*/
33			public static function set_cost($cost)
34			{
35			self::$cost = max(min(31, $cost), 4);
36			}
37
38			/**
39			* Gets the cost that is set for the PASSWORD_BCRYPT algorithm
40			*
41			* @return int
42			*/
43			public static function get_cost()
44			{
45			return self::$cost;
46			}
47
48			/**
49			* @param String $password
50			* @param null $salt
			0 ignored issues – show Documentation Bug introduced 2019-04-03 02:26 UTC by Report Bug Copy Issue Report Are you sure the doc-type for parameter `$salt` is correct as it would always require `null` to be passed? Loading history...
51			* @param null $member
			0 ignored issues – show Documentation Bug introduced 2018-12-29 01:53 UTC by Report Bug Copy Issue Report Are you sure the doc-type for parameter `$member` is correct as it would always require `null` to be passed? Loading history...
52			* @return bool\|String
53			* @throws PasswordEncryptor_EncryptionFailed
54			*/
55			public function encrypt($password, $salt = null, $member = null)
56			{
57			$encryptedPassword = password_hash($password, PASSWORD_BCRYPT, ['cost' => static::get_cost()]);
58
59			if (strpos($encryptedPassword, '$2y$') === false) {
60			throw new PasswordEncryptor_EncryptionFailed('BCrypt password encryption failed.');
61			}
62
63			return $encryptedPassword;
64			}
65
66			/**
67			* @param string $hash
68			* @param string $password
69			* @param null $salt
			0 ignored issues – show Documentation Bug introduced 2019-04-03 02:26 UTC by Report Bug Copy Issue Report Are you sure the doc-type for parameter `$salt` is correct as it would always require `null` to be passed? Loading history...
70			* @param null $member
			0 ignored issues – show Documentation Bug introduced 2019-04-03 02:26 UTC by Report Bug Copy Issue Report Are you sure the doc-type for parameter `$member` is correct as it would always require `null` to be passed? Loading history...
71			* @return bool
72			*/
73			public function check($hash, $password, $salt = null, $member = null)
74			{
75			return password_verify($password, $hash);
76			}
77			}
78

dynamic / foxystripe

Pull Request — master (#403)

PasswordEncryptor_BCrypt::get_cost() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like