Refactor Password into a instantiable Hasher class, service, and Password facade (#827)

alexweissman · alexweissman · commit 585d2213b311 · 2017-12-13T17:54:46.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # Change Log
 
 ## v4.1.15-alpha
+- Refactor `Password` into a instantiable `Hasher` class, service, and `Password` facade (#827)
 - Change default hash cost back to 10 and fix legacy hash detection issue
 
 ## v4.1.14-alpha
diff --git a/README.md b/README.md
@@ -100,6 +100,7 @@ Srinivas's a web applications architect, with a passion for open source technolo
 - @splitt3r - German
 - @X-Anonymous-Y - German
 - Dmitriy (@rendername) - Russian
+- Amin Akbari (@aminakbari) - Farsi
 
 ## Contributing
 
diff --git a/app/defines.php b/app/defines.php
@@ -3,7 +3,7 @@
 namespace UserFrosting;
 
 // Some standard defines
-define('UserFrosting\VERSION', '4.1.14-alpha');
+define('UserFrosting\VERSION', '4.1.15-alpha');
 define('UserFrosting\DS', '/');
 define('UserFrosting\PHP_MIN_VERSION', '5.6');
 define('UserFrosting\DEBUG_CONFIG', false);
diff --git a/app/sprinkles/account/src/Authenticate/Authenticator.php b/app/sprinkles/account/src/Authenticate/Authenticator.php
@@ -20,7 +20,7 @@
 use UserFrosting\Sprinkle\Account\Authenticate\Exception\AuthExpiredException;
 use UserFrosting\Sprinkle\Account\Authenticate\Exception\InvalidCredentialsException;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
-use UserFrosting\Sprinkle\Account\Util\Password;
+use UserFrosting\Sprinkle\Account\Facades\Password;
 use UserFrosting\Sprinkle\Core\Util\ClassMapper;
 
 /**
diff --git a/app/sprinkles/account/src/Authenticate/Hasher.php b/app/sprinkles/account/src/Authenticate/Hasher.php
@@ -5,21 +5,21 @@
  * @link      https://github.com/userfrosting/UserFrosting
  * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
  */
-namespace UserFrosting\Sprinkle\Account\Util;
+namespace UserFrosting\Sprinkle\Account\Authenticate;
 
 /**
- * Password utility class
+ * Password hashing and validation class
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  */
-class Password
+class Hasher
 {
     /**
      * Default crypt cost factor.
      *
      * @var int
      */
-    protected static $rounds = 10;
+    protected $defaultRounds = 10;
 
     /**
      * Returns the hashing type for a specified password hash.
@@ -28,7 +28,7 @@ class Password
      * @param string $password the hashed password.
      * @return string "sha1"|"legacy"|"modern".
      */
-    public static function getHashType($password)
+    public function getHashType($password)
     {
         // If the password in the db is 65 characters long, we have an sha1-hashed password.
         if (strlen($password) == 65) {
@@ -48,10 +48,10 @@ public static function getHashType($password)
      * @return string the hashed password.
      * @throws HashFailedException
      */
-    public static function hash($password, array $options = [])
+    public function hash($password, array $options = [])
     {
         $hash = password_hash($password, PASSWORD_BCRYPT, [
-            'cost' => static::cost($options),
+            'cost' => $this->cost($options),
         ]);
 
         if (!$hash) {
@@ -69,9 +69,9 @@ public static function hash($password, array $options = [])
      * @param array  $options
      * @return boolean True if the password matches, false otherwise.
      */
-    public static function verify($password, $hash, array $options = [])
+    public function verify($password, $hash, array $options = [])
     {
-        $hashType = static::getHashType($hash);
+        $hashType = $this->getHashType($hash);
 
         if ($hashType == 'sha1') {
             // Legacy UserCake passwords
@@ -101,8 +101,8 @@ public static function verify($password, $hash, array $options = [])
      * @param  array  $options
      * @return int
      */
-    protected static function cost(array $options = [])
+    protected function cost(array $options = [])
     {
-        return isset($options['rounds']) ? $options['rounds'] : static::$rounds;
+        return isset($options['rounds']) ? $options['rounds'] : $this->defaultRounds;
     }
 }
diff --git a/app/sprinkles/account/src/Bakery/CreateAdminUser.php b/app/sprinkles/account/src/Bakery/CreateAdminUser.php
@@ -17,7 +17,7 @@
 use UserFrosting\System\Database\Model\Migrations;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
 use UserFrosting\Sprinkle\Account\Database\Models\Role;
-use UserFrosting\Sprinkle\Account\Util\Password;
+use UserFrosting\Sprinkle\Account\Facades\Password;
 
 /**
  * Create root user CLI command.
diff --git a/app/sprinkles/account/src/Controller/AccountController.php b/app/sprinkles/account/src/Controller/AccountController.php
@@ -21,7 +21,7 @@
 use UserFrosting\Sprinkle\Account\Controller\Exception\SpammyRequestException;
 use UserFrosting\Sprinkle\Account\Database\Models\Group;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
-use UserFrosting\Sprinkle\Account\Util\Password;
+use UserFrosting\Sprinkle\Account\Facades\Password;
 use UserFrosting\Sprinkle\Account\Util\Util as AccountUtil;
 use UserFrosting\Sprinkle\Core\Controller\SimpleController;
 use UserFrosting\Sprinkle\Core\Facades\Debug;
diff --git a/app/sprinkles/account/src/Database/Models/User.php b/app/sprinkles/account/src/Database/Models/User.php
@@ -10,7 +10,7 @@
 use Carbon\Carbon;
 use Illuminate\Database\Capsule\Manager as Capsule;
 use Illuminate\Database\Eloquent\SoftDeletes;
-use UserFrosting\Sprinkle\Account\Util\Password;
+use UserFrosting\Sprinkle\Account\Facades\Password;
 use UserFrosting\Sprinkle\Core\Database\Models\Model;
 use UserFrosting\Sprinkle\Core\Facades\Debug;
 
diff --git a/app/sprinkles/account/src/Facades/Password.php b/app/sprinkles/account/src/Facades/Password.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
+ */
+namespace UserFrosting\Sprinkle\Account\Facades;
+
+use UserFrosting\System\Facade;
+
+/**
+ * Implements facade for the "password" service
+ *
+ * @author Alex Weissman (https://alexanderweissman.com)
+ */
+class Password extends Facade
+{
+    /**
+     * Get the registered name of the component.
+     *
+     * @return string
+     */
+    protected static function getFacadeAccessor()
+    {
+        return 'passwordHasher';
+    }
+}
diff --git a/app/sprinkles/account/src/Repository/PasswordResetRepository.php b/app/sprinkles/account/src/Repository/PasswordResetRepository.php
@@ -7,7 +7,7 @@
  */
 namespace UserFrosting\Sprinkle\Account\Repository;
 
-use UserFrosting\Sprinkle\Account\Util\Password;
+use UserFrosting\Sprinkle\Account\Facades\Password;
 
 /**
  * Token repository class for password reset requests.
diff --git a/app/sprinkles/account/src/ServicesProvider/ServicesProvider.php b/app/sprinkles/account/src/ServicesProvider/ServicesProvider.php
@@ -17,6 +17,7 @@
 use Psr\Http\Message\ServerRequestInterface as Request;
 use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
 use UserFrosting\Sprinkle\Account\Authenticate\AuthGuard;
+use UserFrosting\Sprinkle\Account\Authenticate\Hasher;
 use UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
 use UserFrosting\Sprinkle\Account\Log\UserActivityDatabaseHandler;
@@ -333,6 +334,11 @@ public function register($container)
             return $authenticator->user();
         };
 
+        $container['passwordHasher'] = function ($c) {
+            $hasher = new Hasher();
+            return $hasher;
+        };
+
         /**
          * Returns a callback that forwards to dashboard if user is already logged in.
          */
diff --git a/app/sprinkles/account/tests/Unit/HasherTest.php b/app/sprinkles/account/tests/Unit/HasherTest.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
+ */
+namespace UserFrosting\Tests\Unit;
+
+use UserFrosting\Sprinkle\Account\Authenticate\Hasher;
+use UserFrosting\Tests\TestCase;
+
+/**
+ * Tests the password Hasher class.
+ *
+ * @extends TestCase
+ */
+class HasherTest extends TestCase
+{
+    protected $plainText = 'hodleth';
+
+    /**
+     * @var string Legacy hash from UserCake (sha1)
+     */
+    protected $userCakeHash = '87e995bde9ebdc73fc58cc75a9fadc4ae630d8207650fbe94e148ccc8058d5de5';
+
+    /**
+     * @var string Legacy hash from UF 0.1.x
+     */
+    protected $legacyHash = '$2y$12$rsXGznS5Ky23lX9iNzApAuDccKRhQFkiy5QfKWp0ACyDWBPOylPB.rsXGznS5Ky23lX9iNzApA9';
+
+    /**
+     * @var string Modern hash that uses password_hash()
+     */
+    protected $modernHash = '$2y$10$ucxLwloFso6wJoct1baBQefdrttws/taEYvavi6qoPsw/vd1u4Mha';
+
+    public function testGetHashType()
+    {
+        $hasher = new Hasher;
+
+        $type = $hasher->getHashType($this->modernHash);
+
+        $this->assertEquals('modern', $type);
+
+        $type = $hasher->getHashType($this->legacyHash);
+
+        $this->assertEquals('legacy', $type);
+
+        $type = $hasher->getHashType($this->userCakeHash);
+
+        $this->assertEquals('sha1', $type);
+    }
+
+    public function testVerify()
+    {
+        $hasher = new Hasher;
+
+        $this->assertTrue($hasher->verify($this->plainText, $this->modernHash));
+        $this->assertTrue($hasher->verify($this->plainText, $this->legacyHash));
+        $this->assertTrue($hasher->verify($this->plainText, $this->userCakeHash));
+    }
+
+    public function testVerifyReject()
+    {
+        $hasher = new Hasher;
+
+        $this->assertFalse($hasher->verify('selleth', $this->modernHash));
+        $this->assertFalse($hasher->verify('selleth', $this->legacyHash));
+        $this->assertFalse($hasher->verify('selleth', $this->userCakeHash));
+    }
+}
diff --git a/app/sprinkles/admin/src/Controller/UserController.php b/app/sprinkles/admin/src/Controller/UserController.php
@@ -19,7 +19,7 @@
 use UserFrosting\Fortress\Adapter\JqueryValidationAdapter;
 use UserFrosting\Sprinkle\Account\Database\Models\Group;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
-use UserFrosting\Sprinkle\Account\Util\Password;
+use UserFrosting\Sprinkle\Account\Facades\Password;
 use UserFrosting\Sprinkle\Core\Controller\SimpleController;
 use UserFrosting\Sprinkle\Core\Facades\Debug;
 use UserFrosting\Sprinkle\Core\Mail\EmailRecipient;
