[Security/Core] add fast path when encoded password cannot match anything
This commit is contained in:
parent
bfd308ff4a
commit
c57f8f7f93
@ -22,7 +22,8 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
|
|||||||
{
|
{
|
||||||
private $algorithm;
|
private $algorithm;
|
||||||
private $encodeHashAsBase64;
|
private $encodeHashAsBase64;
|
||||||
private $iterations;
|
private $iterations = 0;
|
||||||
|
private $encodedLength = -1;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $algorithm The digest algorithm to use
|
* @param string $algorithm The digest algorithm to use
|
||||||
@ -33,6 +34,13 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
|
|||||||
{
|
{
|
||||||
$this->algorithm = $algorithm;
|
$this->algorithm = $algorithm;
|
||||||
$this->encodeHashAsBase64 = $encodeHashAsBase64;
|
$this->encodeHashAsBase64 = $encodeHashAsBase64;
|
||||||
|
|
||||||
|
try {
|
||||||
|
$this->encodedLength = \strlen($this->encodePassword('', 'salt'));
|
||||||
|
} catch (\LogicException $e) {
|
||||||
|
// ignore algorithm not supported
|
||||||
|
}
|
||||||
|
|
||||||
$this->iterations = $iterations;
|
$this->iterations = $iterations;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -65,6 +73,10 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
|
|||||||
*/
|
*/
|
||||||
public function isPasswordValid($encoded, $raw, $salt)
|
public function isPasswordValid($encoded, $raw, $salt)
|
||||||
{
|
{
|
||||||
|
if (\strlen($encoded) !== $this->encodedLength || false !== strpos($encoded, '$')) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -32,6 +32,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
|
|||||||
private $encodeHashAsBase64;
|
private $encodeHashAsBase64;
|
||||||
private $iterations;
|
private $iterations;
|
||||||
private $length;
|
private $length;
|
||||||
|
private $encodedLength;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $algorithm The digest algorithm to use
|
* @param string $algorithm The digest algorithm to use
|
||||||
@ -45,6 +46,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
|
|||||||
$this->encodeHashAsBase64 = $encodeHashAsBase64;
|
$this->encodeHashAsBase64 = $encodeHashAsBase64;
|
||||||
$this->iterations = $iterations;
|
$this->iterations = $iterations;
|
||||||
$this->length = $length;
|
$this->length = $length;
|
||||||
|
$this->encodedLength = $encodeHashAsBase64 ? intdiv($length + 2, 3) << 2 : ($length << 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -72,6 +74,10 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
|
|||||||
*/
|
*/
|
||||||
public function isPasswordValid($encoded, $raw, $salt)
|
public function isPasswordValid($encoded, $raw, $salt)
|
||||||
{
|
{
|
||||||
|
if ((0 < $this->length && \strlen($encoded) !== $this->encodedLength) || false !== strpos($encoded, '$')) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user