Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge pull request #9193 from freezy-sk/feature/9177-password-cost-setting 

[Fixes #9177] Password Hash Cost setting for Security component
tags/2.0.6
Alexander Makarov 9 years ago
parent
b9fc0215da 6a4436f95b
commit
ab36e7904f
3 changed files with 14 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      framework/CHANGELOG.md
  2. 14
      framework/base/Security.php
  3. 1
      tests/framework/base/SecurityTest.php

1
framework/CHANGELOG.md
Unescape View File

@ -47,6 +47,7 @@ Yii Framework 2 Change Log
- Enh #9011: Allow `yii\widgets\MaskedInput` to produce an input tag of a custom type (TriAnMan)
- Enh #9038: Write warning to log in case `FileCache` fails to write into file (foccy)
- Enh #9149: Print directory migrationPath in a `yii migrate` command error. (RusAlex)
- Enh #9177: Added password hash cost setting to Security component (freezy-sk)
- Chg #6354: `ErrorHandler::logException()` will now log the whole exception object instead of only its string representation (cebe)
- Chg #8556: Extracted `yii\web\User::getAuthManager()` method (samdark)

14
framework/base/Security.php
Unescape View File

@ -79,7 +79,13 @@ class Security extends Component
* - 'crypt' - use PHP `crypt()` function.
*/
public $passwordHashStrategy = 'crypt';
/**
* @var integer Default cost used for password hashing.
* Allowed value is between 4 and 31.
* @see generatePasswordHash()
* @since 2.0.6
*/
public $passwordHashCost = 13;
/**
* Encrypts data using a password.
@ -540,8 +546,12 @@ class Security extends Component
* @throws InvalidConfigException when an unsupported password hash strategy is configured.
* @see validatePassword()
*/
public function generatePasswordHash($password, $cost = 13)
public function generatePasswordHash($password, $cost = null)
{
if ($cost === null) {
$cost = $this->passwordHashCost;
}
switch ($this->passwordHashStrategy) {
case 'password_hash':
if (!function_exists('password_hash')) {

1
tests/framework/base/SecurityTest.php
Unescape View File

@ -72,6 +72,7 @@ class SecurityTest extends TestCase
return;
}
$this->security->passwordHashStrategy = $passwordHashStrategy;
$this->security->passwordHashCost = 4; // minimum blowfish's value is enough for tests
$password = 'secret';
$hash = $this->security->generatePasswordHash($password);

Write Preview
Loading…
Cancel
Save