[SECURITY] Ensure ARGON2 constants are defined, or throw exception

2020-07-27 22:18:23 +00:00 · 2020-07-27 22:18:23 +00:00 · 71db1870db
commit 71db1870db
parent 7560db4d5f
1 changed files with 6 additions and 3 deletions
--- a/src/Entity/LocalUser.php
+++ b/src/Entity/LocalUser.php
@ -362,11 +362,14 @@ class LocalUser implements UserInterface
        case 'bcrypt':
            return PASSWORD_BCRYPT;
        case 'argon2i':
-            return PASSWORD_ARGON2I;
        case 'argon2d':
-            return PASSWORD_ARGON2D;
        case 'argon2id':
-            return PASSWORD_ARGON2ID;
+            $c = 'PASSWORD_' . strtoupper($algo);
+            if (defined($c)) {
+                return constant($c);
+            }
+            // fallthrough
+            // no break
        default:
            throw new Exception('Unsupported or unsafe hashing algorithm requested');
        }