[Security/Core] fix checking for bcrypt
This commit is contained in:
parent
061ac77773
commit
f01ea99254
@ -51,11 +51,11 @@ final class NativePasswordEncoder implements PasswordEncoderInterface, SelfSalti
|
|||||||
$algos = [1 => \PASSWORD_BCRYPT, '2y' => \PASSWORD_BCRYPT];
|
$algos = [1 => \PASSWORD_BCRYPT, '2y' => \PASSWORD_BCRYPT];
|
||||||
|
|
||||||
if (\defined('PASSWORD_ARGON2I')) {
|
if (\defined('PASSWORD_ARGON2I')) {
|
||||||
$this->algo = $algos[2] = $algos['argon2i'] = (string) \PASSWORD_ARGON2I;
|
$this->algo = $algos[2] = $algos['argon2i'] = \PASSWORD_ARGON2I;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (\defined('PASSWORD_ARGON2ID')) {
|
if (\defined('PASSWORD_ARGON2ID')) {
|
||||||
$this->algo = $algos[3] = $algos['argon2id'] = (string) \PASSWORD_ARGON2ID;
|
$this->algo = $algos[3] = $algos['argon2id'] = \PASSWORD_ARGON2ID;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null !== $algo) {
|
if (null !== $algo) {
|
||||||
@ -75,7 +75,7 @@ final class NativePasswordEncoder implements PasswordEncoderInterface, SelfSalti
|
|||||||
*/
|
*/
|
||||||
public function encodePassword($raw, $salt): string
|
public function encodePassword($raw, $salt): string
|
||||||
{
|
{
|
||||||
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH || ((string) \PASSWORD_BCRYPT === $this->algo && 72 < \strlen($raw))) {
|
if (\strlen($raw) > self::MAX_PASSWORD_LENGTH || (\PASSWORD_BCRYPT === $this->algo && 72 < \strlen($raw))) {
|
||||||
throw new BadCredentialsException('Invalid password.');
|
throw new BadCredentialsException('Invalid password.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user