PasswordHashService::isValidPassword() - Code Metrics - Inspection of "fixup! EZP-30973: Made siteaccess aware repository..." - ezsystems/ezpublish-kernel - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — ezp_30973 ( feb262...9f83f6 )

unknown

created 2019-10-07 11:58 UTC

PasswordHashService::isValidPassword() A

↳ Parent: PasswordHashService

Complexity

Conditions	3
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	3
nc	2
nop	3
dl	0
loc	12
rs	9.8666
c	0
b	0
f	0

<?php

/**
 * @copyright Copyright (C) eZ Systems AS. All rights reserved.
 * @license For full copyright and license information view LICENSE file distributed with this source code.
 */
declare(strict_types=1);

namespace eZ\Publish\Core\Repository\User;

use eZ\Publish\API\Repository\Values\User\User;
use eZ\Publish\Core\Base\Exceptions\InvalidArgumentException;

/**
 * @internal
 */
final class PasswordHashService implements PasswordHashServiceInterface
{
    /** @var int */
    private $hashType;

    public function __construct(int $hashType = User::DEFAULT_PASSWORD_HASH)
    {
        $this->hashType = $hashType;
    }

    public function getDefaultHashType(): int
    {
        return $this->hashType;
    }

    public function createPasswordHash(string $password, ?int $hashType = null): string
    {
        $hashType = $hashType ?? $this->hashType;

        switch ($hashType) {
            case User::PASSWORD_HASH_BCRYPT:
                return password_hash($password, PASSWORD_BCRYPT);

            case User::PASSWORD_HASH_PHP_DEFAULT:
                return password_hash($password, PASSWORD_DEFAULT);

            default:
                throw new InvalidArgumentException('hashType', "Password hash type '$hashType' is not recognized");
        }
    }

    public function isValidPassword(string $plainPassword, string $passwordHash, ?int $hashType = null): bool
    {
        if ($hashType === User::PASSWORD_HASH_BCRYPT || $hashType === User::PASSWORD_HASH_PHP_DEFAULT) {
            // In case of bcrypt let php's password functionality do it's magic
            return password_verify($plainPassword, $passwordHash);
        }

        // Randomize login time to protect against timing attacks
        usleep(random_int(0, 30000));

        return $passwordHash === $this->createPasswordHash($plainPassword, $hashType);
    }
}


1			<?php
2
3			/**
4			* @copyright Copyright (C) eZ Systems AS. All rights reserved.
5			* @license For full copyright and license information view LICENSE file distributed with this source code.
6			*/
7			declare(strict_types=1);
8
9			namespace eZ\Publish\Core\Repository\User;
10
11			use eZ\Publish\API\Repository\Values\User\User;
12			use eZ\Publish\Core\Base\Exceptions\InvalidArgumentException;
13
14			/**
15			* @internal
16			*/
17			final class PasswordHashService implements PasswordHashServiceInterface
18			{
19			/** @var int */
20			private $hashType;
21
22			public function __construct(int $hashType = User::DEFAULT_PASSWORD_HASH)
23			{
24			$this->hashType = $hashType;
25			}
26
27			public function getDefaultHashType(): int
28			{
29			return $this->hashType;
30			}
31
32			public function createPasswordHash(string $password, ?int $hashType = null): string
33			{
34			$hashType = $hashType ?? $this->hashType;
35
36			switch ($hashType) {
37			case User::PASSWORD_HASH_BCRYPT:
38			return password_hash($password, PASSWORD_BCRYPT);
39
40			case User::PASSWORD_HASH_PHP_DEFAULT:
41			return password_hash($password, PASSWORD_DEFAULT);
42
43			default:
44			throw new InvalidArgumentException('hashType', "Password hash type '$hashType' is not recognized");
45			}
46			}
47
48			public function isValidPassword(string $plainPassword, string $passwordHash, ?int $hashType = null): bool
49			{
50			if ($hashType === User::PASSWORD_HASH_BCRYPT \|\| $hashType === User::PASSWORD_HASH_PHP_DEFAULT) {
51			// In case of bcrypt let php's password functionality do it's magic
52			return password_verify($plainPassword, $passwordHash);
53			}
54
55			// Randomize login time to protect against timing attacks
56			usleep(random_int(0, 30000));
57
58			return $passwordHash === $this->createPasswordHash($plainPassword, $hashType);
59			}
60			}
61

ezsystems / ezpublish-kernel

Push — ezp_30973 ( feb262...9f83f6 )

PasswordHashService::isValidPassword() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like