GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[SECURITY] Ensure ARGON2 constants are defined, or throw exception

Browse Source
This commit is contained in:
Hugo Sales
2020-07-27 22:18:23 +00:00
committed by Hugo Sales
parent 7560db4d5f
commit 71db1870db
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Entity/LocalUser.php
View File

@@ -362,11 +362,14 @@ class LocalUser implements UserInterface
case 'bcrypt': case 'bcrypt':
return PASSWORD_BCRYPT; return PASSWORD_BCRYPT;
case 'argon2i': case 'argon2i':
return PASSWORD_ARGON2I;
case 'argon2d': case 'argon2d':
return PASSWORD_ARGON2D;
case 'argon2id': case 'argon2id':
return PASSWORD_ARGON2ID; $c = 'PASSWORD_' . strtoupper($algo);
if (defined($c)) {
return constant($c);
}
// fallthrough
// no break
default: default:
throw new Exception('Unsupported or unsafe hashing algorithm requested'); throw new Exception('Unsupported or unsafe hashing algorithm requested');
} }