From 15793496e8d56769c792cf39673c6e6dea3ec4d9 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Thu, 28 Jun 2018 21:15:57 +0200
Subject: Preparing for complete rewrite..

---
 .../sprinkles/account/src/Authenticate/Hasher.php  | 105 ---------------------
 1 file changed, 105 deletions(-)
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Hasher.php

(limited to 'main/app/sprinkles/account/src/Authenticate/Hasher.php')

diff --git a/main/app/sprinkles/account/src/Authenticate/Hasher.php b/main/app/sprinkles/account/src/Authenticate/Hasher.php
deleted file mode 100644
index 7ec832e..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Hasher.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate;
-
-/**
- * Password hashing and validation class
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class Hasher
-{
-    /**
-     * Default crypt cost factor.
-     *
-     * @var int
-     */
-    protected $defaultRounds = 10;
-
-    /**
-     * Returns the hashing type for a specified password hash.
-     *
-     * Automatically detects the hash type: "sha1" (for UserCake legacy accounts), "legacy" (for 0.1.x accounts), and "modern" (used for new accounts).
-     * @param string $password the hashed password.
-     * @return string "sha1"|"legacy"|"modern".
-     */
-    public function getHashType($password) {
-        // If the password in the db is 65 characters long, we have an sha1-hashed password.
-        if (strlen($password) == 65) {
-            return 'sha1';
-        } else if (strlen($password) == 82) {
-            return 'legacy';
-        }
-
-        return 'modern';
-    }
-
-    /**
-     * Hashes a plaintext password using bcrypt.
-     *
-     * @param string $password the plaintext password.
-     * @param array $options
-     * @return string the hashed password.
-     * @throws HashFailedException
-     */
-    public function hash($password, array $options = []) {
-        $hash = password_hash($password, PASSWORD_BCRYPT, [
-            'cost' => $this->cost($options),
-        ]);
-
-        if (!$hash) {
-            throw new HashFailedException();
-        }
-
-        return $hash;
-    }
-
-    /**
-     * Verify a plaintext password against the user's hashed password.
-     *
-     * @param string $password The plaintext password to verify.
-     * @param string $hash The hash to compare against.
-     * @param array $options
-     * @return boolean True if the password matches, false otherwise.
-     */
-    public function verify($password, $hash, array $options = []) {
-        $hashType = $this->getHashType($hash);
-
-        if ($hashType == 'sha1') {
-            // Legacy UserCake passwords
-            $salt = substr($hash, 0, 25);        // Extract the salt from the hash
-            $inputHash = $salt . sha1($salt . $password);
-
-            return (hash_equals($inputHash, $hash) === TRUE);
-
-        } else if ($hashType == 'legacy') {
-            // Homegrown implementation (assuming that current install has been using a cost parameter of 12)
-            // Used for manual implementation of bcrypt.
-            // Note that this legacy hashing put the salt at the _end_ for some reason.
-            $salt = substr($hash, 60);
-            $inputHash = crypt($password, '$2y$12$' . $salt);
-            $correctHash = substr($hash, 0, 60);
-
-            return (hash_equals($inputHash, $correctHash) === TRUE);
-        }
-
-        // Modern implementation
-        return password_verify($password, $hash);
-    }
-
-    /**
-     * Extract the cost value from the options array.
-     *
-     * @param  array $options
-     * @return int
-     */
-    protected function cost(array $options = []) {
-        return isset($options['rounds']) ? $options['rounds'] : $this->defaultRounds;
-    }
-}
-- 
cgit v1.2.3