Issues in Password.php (master) - Issues in master - o2system/security - Measure and Improve Code Quality continuously with Scrutinizer

Issues (170)

src/Encryptions/Password.php (1 issue)

Labels

Severity

Major 1

<?php
/**
 * This file is part of the O2System Framework package.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @author         Steeve Andrian Salim
 * @copyright      Copyright (c) Steeve Andrian Salim
 */

// ------------------------------------------------------------------------

namespace O2System\Security\Encryptions;

// ------------------------------------------------------------------------

/**
 * Class Password
 *
 * @package O2System\Security\Encryptions
 */
class Password
{
    /**
     * Password::$salt
     *
     * Numeric encryption key.
     *
     * @var string
     */
    private $salt;

    /**
     * Password::$algorithm
     *
     * A password algorithm constant denoting the algorithm to use when hashing the password.
     *
     * @var int
     */
    private $algorithm = PASSWORD_DEFAULT;

    /**
     * Password::$options
     *
     * An associative array containing options. See the password algorithm constants for documentation on the supported
     * options for each algorithm.
     *
     * If omitted, a random salt will be created and the default cost will be used.
     *
     * @var array
     */
    private $options = [];

    // ------------------------------------------------------------------------

    /**
     * Password::setAlgorithm
     *
     * Sets password hashing algorithm.
     *
     * @see http://php.net/manual/en/password.constants.php
     *
     * @param int $algorithm A password algorithm constant denoting the algorithm to use when hashing the password.
     *
     * @return static
     */
    public function setAlgorithm($algorithm)
    {
        if (in_array(
            $algorithm,
            [
                PASSWORD_DEFAULT,
                PASSWORD_BCRYPT,
            ]
        )) {
            $this->algorithm = $algorithm;
        }

        return $this;
    }

    // ------------------------------------------------------------------------

    /**
     * Password::setOptions
     *
     * Sets password hashing options.
     *
     * @see http://php.net/manual/en/password.constants.php
     *
     * @param array $options An associative array containing options. See the password algorithm constants for
     *                       documentation on the supported options for each algorithm.
     *
     * @return $this
     */
    public function setOptions(array $options)
    {
        $this->options = $options;

        return $this;
    }

    // ------------------------------------------------------------------------

    /**
     * Password::rehash
     *
     * Re-hash a password.
     *
     * @param string $password Password to be encrypted.
     * @param string $hash     Hashed string password created by Password::hash method.
     * @param string $salt     To manually provide a salt to use when hashing the password.
     *
     * @return string|bool Returns FALSE if the password not verified.
     */
    public function rehash($password, $hash, $salt = null)
    {
        if ($this->verify($password, $hash, $salt)) {

            $algorithm = $this->algorithm === PASSWORD_DEFAULT
                ? PASSWORD_BCRYPT
                : PASSWORD_DEFAULT;

            if (password_needs_rehash(
                $hash,
                $algorithm,
                [
                    'cost' => strlen($hash) + 1,
                ]
            )) {
                return $this->hash($password, $salt);
            }

            return $hash;
        }

        return false;
    }

    // ------------------------------------------------------------------------

    /**
     * Password::verify
     *
     * Verify a password.
     *
     * @param string $password Password to be verified.
     * @param string $hash     Hashed string password created by Password::hash method.
     * @param string $salt     To manually provide a salt to use when hashing the password.
     *
     * @return string
     */
    public function verify($password, $hash, $salt = null)
    {
        return password_verify($this->protect($password, $salt), $hash);

    }

    // ------------------------------------------------------------------------

    /**
     * Password::protect
     *
     * Protect a password.
     *
     * @param string $password Password to be encrypted.
     * @param string $salt     To manually provide a salt to use when hashing the password.
     *
     * @return string
     */
    protected function protect($password, $salt = null)
    {
        $salt = isset($salt)
            ? $salt
            : $this->salt;

        return $password . $salt;
    }

    // ------------------------------------------------------------------------

    /**
     * Password::hash
     *
     * Hash a password.
     *
     * @param string $password Password to be encrypted.
     * @param string $salt     To manually provide a salt to use when hashing the password.
     *
     * @return string
     */
    public function hash($password, $salt = null)
    {
        return password_hash($this->protect($password, $salt), $this->algorithm, $this->options);
    }

    // ------------------------------------------------------------------------

    /**
     * Password::setSalt
     *
     * @param string $salt Encryption key.
     *
     * @return static
     */
    protected function setSalt($salt)
    {
        $this->salt = md5($salt, true);

        return $this;
    }
}

GitHub Access Token became invalid

Issues (170)

src/Encryptions/Password.php (1 issue)

Labels

Severity

Introduced By

1			<?php
2			/**
3			* This file is part of the O2System Framework package.
4			*
5			* For the full copyright and license information, please view the LICENSE
6			* file that was distributed with this source code.
7			*
8			* @author Steeve Andrian Salim
9			* @copyright Copyright (c) Steeve Andrian Salim
10			*/
11
12			// ------------------------------------------------------------------------
13
14			namespace O2System\Security\Encryptions;
15
16			// ------------------------------------------------------------------------
17
18			/**
19			* Class Password
20			*
21			* @package O2System\Security\Encryptions
22			*/
23			class Password
24			{
25			/**
26			* Password::$salt
27			*
28			* Numeric encryption key.
29			*
30			* @var string
31			*/
32			private $salt;
33
34			/**
35			* Password::$algorithm
36			*
37			* A password algorithm constant denoting the algorithm to use when hashing the password.
38			*
39			* @var int
40			*/
41			private $algorithm = PASSWORD_DEFAULT;
42
43			/**
44			* Password::$options
45			*
46			* An associative array containing options. See the password algorithm constants for documentation on the supported
47			* options for each algorithm.
48			*
49			* If omitted, a random salt will be created and the default cost will be used.
50			*
51			* @var array
52			*/
53			private $options = [];
54
55			// ------------------------------------------------------------------------
56
57			/**
58			* Password::setAlgorithm
59			*
60			* Sets password hashing algorithm.
61			*
62			* @see http://php.net/manual/en/password.constants.php
63			*
64			* @param int $algorithm A password algorithm constant denoting the algorithm to use when hashing the password.
65			*
66			* @return static
67			*/
68			public function setAlgorithm($algorithm)
69			{
70			if (in_array(
71			$algorithm,
72			[
73			PASSWORD_DEFAULT,
74			PASSWORD_BCRYPT,
75			]
76			)) {
77			$this->algorithm = $algorithm;
78			}
79
80			return $this;
81			}
82
83			// ------------------------------------------------------------------------
84
85			/**
86			* Password::setOptions
87			*
88			* Sets password hashing options.
89			*
90			* @see http://php.net/manual/en/password.constants.php
91			*
92			* @param array $options An associative array containing options. See the password algorithm constants for
93			* documentation on the supported options for each algorithm.
94			*
95			* @return $this
96			*/
97			public function setOptions(array $options)
98			{
99			$this->options = $options;
100
101			return $this;
102			}
103
104			// ------------------------------------------------------------------------
105
106			/**
107			* Password::rehash
108			*
109			* Re-hash a password.
110			*
111			* @param string $password Password to be encrypted.
112			* @param string $hash Hashed string password created by Password::hash method.
113			* @param string $salt To manually provide a salt to use when hashing the password.
114			*
115			* @return string\|bool Returns FALSE if the password not verified.
116			*/
117			public function rehash($password, $hash, $salt = null)
118			{
119			if ($this->verify($password, $hash, $salt)) {
120
121			$algorithm = $this->algorithm === PASSWORD_DEFAULT
122			? PASSWORD_BCRYPT
123			: PASSWORD_DEFAULT;
124
125			if (password_needs_rehash(
126			$hash,
127			$algorithm,
128			[
129			'cost' => strlen($hash) + 1,
130			]
131			)) {
132			return $this->hash($password, $salt);
133			}
134
135			return $hash;
136			}
137
138			return false;
139			}
140
141			// ------------------------------------------------------------------------
142
143			/**
144			* Password::verify
145			*
146			* Verify a password.
147			*
148			* @param string $password Password to be verified.
149			* @param string $hash Hashed string password created by Password::hash method.
150			* @param string $salt To manually provide a salt to use when hashing the password.
151			*
152			* @return string
153			*/
154			public function verify($password, $hash, $salt = null)
155			{
156			return password_verify($this->protect($password, $salt), $hash);
			0 ignored issues – show Bug Best Practice introduced 2019-01-16 12:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return password_verify($...assword, $salt), $hash)` returns the type `boolean` which is incompatible with the documented return type `string`. Loading history...
157			}
158
159			// ------------------------------------------------------------------------
160
161			/**
162			* Password::protect
163			*
164			* Protect a password.
165			*
166			* @param string $password Password to be encrypted.
167			* @param string $salt To manually provide a salt to use when hashing the password.
168			*
169			* @return string
170			*/
171			protected function protect($password, $salt = null)
172			{
173			$salt = isset($salt)
174			? $salt
175			: $this->salt;
176
177			return $password . $salt;
178			}
179
180			// ------------------------------------------------------------------------
181
182			/**
183			* Password::hash
184			*
185			* Hash a password.
186			*
187			* @param string $password Password to be encrypted.
188			* @param string $salt To manually provide a salt to use when hashing the password.
189			*
190			* @return string
191			*/
192			public function hash($password, $salt = null)
193			{
194			return password_hash($this->protect($password, $salt), $this->algorithm, $this->options);
195			}
196
197			// ------------------------------------------------------------------------
198
199			/**
200			* Password::setSalt
201			*
202			* @param string $salt Encryption key.
203			*
204			* @return static
205			*/
206			protected function setSalt($salt)
207			{
208			$this->salt = md5($salt, true);
209
210			return $this;
211			}
212			}

o2system / security

GitHub Access Token became invalid

Issues (170)

src/Encryptions/Password.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like