PasswordHasher - Code Metrics - Inspection of "Remove unnecessary default settings" - yiisoft/security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 702623...797654 )

by Alexander

created 2019-07-10 19:13 UTC

PasswordHasher A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	71
Duplicated Lines	0 %

Test Coverage

Coverage

83.33%

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
wmc	5
eloc	14
c	4
b	0
f	0
dl	0
loc	71
ccs	10
cts	12
cp	0.8333
rs	10

3 Methods

Rating	Name	Size	Complexity
A	hash()	3	1
A	validate()	7	2
A	__construct()	8	2

<?php
namespace Yiisoft\Security;

/**
 * PasswordHasher allows generating password hash and verifying passwords against a hash.
 */
class PasswordHasher
{
    private $algorithm;
    private $parameters;

    private const SAFE_PARAMETERS = [
        PASSWORD_BCRYPT => [
            'cost' => 13,
        ],
    ];

    /**
     * @see https://www.php.net/manual/en/function.password-hash.php
     */
    public function __construct(int $algorithm = PASSWORD_DEFAULT, array $parameters = null)
    {
        $this->algorithm = $algorithm;

        if ($parameters === null) {
            $parameters = self::SAFE_PARAMETERS[$algorithm] ?? null;
        }
        $this->parameters = $parameters;
    }


    /**
     * Generates a secure hash from a password and a random salt.
     *
     * The generated hash can be stored in database.
     * Later when a password needs to be validated, the hash can be fetched and passed
     * to {@see validate()}. For example,
     *
     * ```php
     * // generates the hash (usually done during user registration or when the password is changed)
     * $hash = (new PasswordHasher())->hash($password);
     * // ...save $hash in database...
     *
     * // during login, validate if the password entered is correct using $hash fetched from database
     * if ((new PasswordHasher())->validate($password, $hash)) {
     *     // password is good
     * } else {
     *     // password is bad
     * }
     * ```
     *
     * @param string $password The password to be hashed.
     * @return string The password hash string. The output length might increase
     * in future versions of PHP (http://php.net/manual/en/function.password-hash.php)
     * @see validate()
     */
    public function hash(string $password): string
    {
        return password_hash($password, $this->algorithm, $this->parameters);
    }

    /**
     * Verifies a password against a hash.
     * @param string $password The password to verify.
     * @param string $hash The hash to verify the password against.
     * @return bool whether the password is correct.
     * @throws \InvalidArgumentException on bad password/hash parameters or if crypt() with Blowfish hash is not
     * available.
     * @see hash()
     */
    public function validate(string $password, string $hash): bool
    {
        if ($password === '') {
            throw new \InvalidArgumentException('Password must be a string and cannot be empty.');
        }

        return password_verify($password, $hash);
    }
}


1		<?php
2		namespace Yiisoft\Security;
3
4		/**
5		* PasswordHasher allows generating password hash and verifying passwords against a hash.
6		*/
7		class PasswordHasher
8		{
9		private $algorithm;
10		private $parameters;
11
12		private const SAFE_PARAMETERS = [
13		PASSWORD_BCRYPT => [
14		'cost' => 13,
15		],
16		];
17
18		/**
19		* @see https://www.php.net/manual/en/function.password-hash.php
20		*/
21	1	public function __construct(int $algorithm = PASSWORD_DEFAULT, array $parameters = null)
22		{
23	1	$this->algorithm = $algorithm;
24
25	1	if ($parameters === null) {
26		$parameters = self::SAFE_PARAMETERS[$algorithm] ?? null;
27		}
28	1	$this->parameters = $parameters;
29	1	}
30
31
32		/**
33		* Generates a secure hash from a password and a random salt.
34		*
35		* The generated hash can be stored in database.
36		* Later when a password needs to be validated, the hash can be fetched and passed
37		* to {@see validate()}. For example,
38		*
39		* ```php
40		* // generates the hash (usually done during user registration or when the password is changed)
41		* $hash = (new PasswordHasher())->hash($password);
42		* // ...save $hash in database...
43		*
44		* // during login, validate if the password entered is correct using $hash fetched from database
45		* if ((new PasswordHasher())->validate($password, $hash)) {
46		* // password is good
47		* } else {
48		* // password is bad
49		* }
50		* ```
51		*
52		* @param string $password The password to be hashed.
53		* @return string The password hash string. The output length might increase
54		* in future versions of PHP (http://php.net/manual/en/function.password-hash.php)
55		* @see validate()
56		*/
57	1	public function hash(string $password): string
58		{
59	1	return password_hash($password, $this->algorithm, $this->parameters);
60		}
61
62		/**
63		* Verifies a password against a hash.
64		* @param string $password The password to verify.
65		* @param string $hash The hash to verify the password against.
66		* @return bool whether the password is correct.
67		* @throws \InvalidArgumentException on bad password/hash parameters or if crypt() with Blowfish hash is not
68		* available.
69		* @see hash()
70		*/
71	1	public function validate(string $password, string $hash): bool
72		{
73	1	if ($password === '') {
74		throw new \InvalidArgumentException('Password must be a string and cannot be empty.');
75		}
76
77	1	return password_verify($password, $hash);
78		}
79		}
80

yiisoft / security

Push — master ( 702623...797654 )

PasswordHasher A

Complexity

Size/Duplication

Test Coverage

Importance

3 Methods

Duplication Side-by-Side

Filter issues like