From 15793496e8d56769c792cf39673c6e6dea3ec4d9 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Thu, 28 Jun 2018 21:15:57 +0200
Subject: Preparing for complete rewrite..

---
 .../account/src/Authenticate/AuthGuard.php         |  55 ---
 .../account/src/Authenticate/Authenticator.php     | 407 ---------------------
 .../Exception/AccountDisabledException.php         |  22 --
 .../Exception/AccountInvalidException.php          |  22 --
 .../Exception/AccountNotVerifiedException.php      |  22 --
 .../Exception/AuthCompromisedException.php         |  21 --
 .../Exception/AuthExpiredException.php             |  22 --
 .../Exception/InvalidCredentialsException.php      |  22 --
 .../sprinkles/account/src/Authenticate/Hasher.php  | 105 ------
 9 files changed, 698 deletions(-)
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/AuthGuard.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Authenticator.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Exception/AccountDisabledException.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Exception/AccountInvalidException.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Exception/AccountNotVerifiedException.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Exception/AuthCompromisedException.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Exception/AuthExpiredException.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Exception/InvalidCredentialsException.php
 delete mode 100644 main/app/sprinkles/account/src/Authenticate/Hasher.php

(limited to 'main/app/sprinkles/account/src/Authenticate')

diff --git a/main/app/sprinkles/account/src/Authenticate/AuthGuard.php b/main/app/sprinkles/account/src/Authenticate/AuthGuard.php
deleted file mode 100644
index 9603a87..0000000
--- a/main/app/sprinkles/account/src/Authenticate/AuthGuard.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate;
-
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Slim\Http\Body;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\AuthExpiredException;
-
-/**
- * Middleware to catch requests that fail because they require user authentication.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class AuthGuard
-{
-    /**
-     * @var Authenticator
-     */
-    protected $authenticator;
-
-    /**
-     * Constructor.
-     *
-     * @param $authenticator Authenticator The current authentication object.
-     */
-    public function __construct($authenticator) {
-        $this->authenticator = $authenticator;
-    }
-
-    /**
-     * Invoke the AuthGuard middleware, throwing an exception if there is no authenticated user in the session.
-     *
-     * @param  \Psr\Http\Message\ServerRequestInterface $request PSR7 request
-     * @param  \Psr\Http\Message\ResponseInterface $response PSR7 response
-     * @param  callable $next Next middleware
-     *
-     * @return \Psr\Http\Message\ResponseInterface
-     */
-    public function __invoke($request, $response, $next) {
-        if (!$this->authenticator->check()) {
-            throw new AuthExpiredException();
-        } else {
-            return $next($request, $response);
-        }
-
-        return $response;
-    }
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Authenticator.php b/main/app/sprinkles/account/src/Authenticate/Authenticator.php
deleted file mode 100644
index a4586e4..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Authenticator.php
+++ /dev/null
@@ -1,407 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate;
-
-use Birke\Rememberme\Authenticator as RememberMe;
-use Birke\Rememberme\Storage\PDOStorage as RememberMePDO;
-use Birke\Rememberme\Triplet as RememberMeTriplet;
-use Illuminate\Database\Capsule\Manager as Capsule;
-use UserFrosting\Session\Session;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\AccountDisabledException;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\AccountInvalidException;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\AccountNotVerifiedException;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\AuthCompromisedException;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\AuthExpiredException;
-use UserFrosting\Sprinkle\Account\Authenticate\Exception\InvalidCredentialsException;
-use UserFrosting\Sprinkle\Account\Database\Models\User;
-use UserFrosting\Sprinkle\Account\Facades\Password;
-use UserFrosting\Sprinkle\Core\Util\ClassMapper;
-
-/**
- * Handles authentication tasks.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- * Partially inspired by Laravel's Authentication component: https://github.com/laravel/framework/blob/5.3/src/Illuminate/Auth/SessionGuard.php
- */
-class Authenticator
-{
-    /**
-     * @var ClassMapper
-     */
-    protected $classMapper;
-
-    /**
-     * @var Session
-     */
-    protected $session;
-
-    /**
-     * @var Config
-     */
-    protected $config;
-
-    /**
-     * @var Cache
-     */
-    protected $cache;
-
-    /**
-     * @var bool
-     */
-    protected $loggedOut = FALSE;
-
-    /**
-     * @var RememberMePDO
-     */
-    protected $rememberMeStorage;
-
-    /**
-     * @var RememberMe
-     */
-    protected $rememberMe;
-
-    /**
-     * @var User
-     */
-    protected $user;
-
-    /**
-     * Indicates if the user was authenticated via a rememberMe cookie.
-     *
-     * @var bool
-     */
-    protected $viaRemember = FALSE;
-
-    /**
-     * Create a new Authenticator object.
-     *
-     * @param ClassMapper $classMapper Maps generic class identifiers to specific class names.
-     * @param Session $session The session wrapper object that will store the user's id.
-     * @param Config $config Config object that contains authentication settings.
-     * @param mixed $cache Cache service instance
-     */
-    public function __construct(ClassMapper $classMapper, Session $session, $config, $cache) {
-        $this->classMapper = $classMapper;
-        $this->session = $session;
-        $this->config = $config;
-        $this->cache = $cache;
-
-        // Initialize RememberMe storage
-        $this->rememberMeStorage = new RememberMePDO($this->config['remember_me.table']);
-
-        // Get the actual PDO instance from Eloquent
-        $pdo = Capsule::connection()->getPdo();
-
-        $this->rememberMeStorage->setConnection($pdo);
-
-        // Set up RememberMe
-        $this->rememberMe = new RememberMe($this->rememberMeStorage);
-        // Set cookie name
-        $cookieName = $this->config['session.name'] . '-' . $this->config['remember_me.cookie.name'];
-        $this->rememberMe->getCookie()->setName($cookieName);
-
-        // Change cookie path
-        $this->rememberMe->getCookie()->setPath($this->config['remember_me.session.path']);
-
-        // Set expire time, if specified
-        if ($this->config->has('remember_me.expire_time') && ($this->config->has('remember_me.expire_time') != NULL)) {
-            $this->rememberMe->getCookie()->setExpireTime($this->config['remember_me.expire_time']);
-        }
-
-        $this->user = NULL;
-
-        $this->viaRemember = FALSE;
-    }
-
-    /**
-     * Attempts to authenticate a user based on a supplied identity and password.
-     *
-     * If successful, the user's id is stored in session.
-     */
-    public function attempt($identityColumn, $identityValue, $password, $rememberMe = FALSE) {
-        // Try to load the user, using the specified conditions
-        $user = $this->classMapper->staticMethod('user', 'where', $identityColumn, $identityValue)->first();
-
-        if (!$user) {
-            throw new InvalidCredentialsException();
-        }
-
-        // Check that the user has a password set (so, rule out newly created accounts without a password)
-        if (!$user->password) {
-            throw new InvalidCredentialsException();
-        }
-
-        // Check that the user's account is enabled
-        if ($user->flag_enabled == 0) {
-            throw new AccountDisabledException();
-        }
-
-        // Check that the user's account is verified (if verification is required)
-        if ($this->config['site.registration.require_email_verification'] && $user->flag_verified == 0) {
-            throw new AccountNotVerifiedException();
-        }
-
-        // Here is my password.  May I please assume the identify of this user now?
-        if (Password::verify($password, $user->password)) {
-            $this->login($user, $rememberMe);
-            return $user;
-        } else {
-            // We know the password is at fault here (as opposed to the identity), but lets not give away the combination in case of someone bruteforcing
-            throw new InvalidCredentialsException();
-        }
-    }
-
-    /**
-     * Determine if the current user is authenticated.
-     *
-     * @return bool
-     */
-    public function check() {
-        return !is_null($this->user());
-    }
-
-    /**
-     * Determine if the current user is a guest (unauthenticated).
-     *
-     * @return bool
-     */
-    public function guest() {
-        return !$this->check();
-    }
-
-    /**
-     * Process an account login request.
-     *
-     * This method logs in the specified user, allowing the client to assume the user's identity for the duration of the session.
-     * @param User $user The user to log in.
-     * @param bool $rememberMe Set to true to make this a "persistent session", i.e. one that will re-login even after the session expires.
-     * @odo Figure out a way to update the currentUser service to reflect the logged-in user *immediately* in the service provider.
-     * As it stands, the currentUser service will still reflect a "guest user" for the remainder of the request.
-     */
-    public function login($user, $rememberMe = FALSE) {
-        $oldId = session_id();
-        $this->session->regenerateId(TRUE);
-
-        // Since regenerateId deletes the old session, we'll do the same in cache
-        $this->flushSessionCache($oldId);
-
-        // If the user wants to be remembered, create Rememberme cookie
-        if ($rememberMe) {
-            $this->rememberMe->createCookie($user->id);
-        } else {
-            $this->rememberMe->clearCookie();
-        }
-
-        // Assume identity
-        $key = $this->config['session.keys.current_user_id'];
-        $this->session[$key] = $user->id;
-
-        // Set auth mode
-        $this->viaRemember = FALSE;
-
-        // User login actions
-        $user->onLogin();
-    }
-
-    /**
-     * Processes an account logout request.
-     *
-     * Logs the currently authenticated user out, destroying the PHP session and clearing the persistent session.
-     * This can optionally remove persistent sessions across all browsers/devices, since there can be a "RememberMe" cookie
-     * and corresponding database entries in multiple browsers/devices.  See http://jaspan.com/improved_persistent_login_cookie_best_practice.
-     *
-     * @param bool $complete If set to true, will ensure that the user is logged out from *all* browsers on all devices.
-     */
-    public function logout($complete = FALSE) {
-        $currentUserId = $this->session->get($this->config['session.keys.current_user_id']);
-
-        // This removes all of the user's persistent logins from the database
-        if ($complete) {
-            $this->storage->cleanAllTriplets($currentUserId);
-        }
-
-        // Clear the rememberMe cookie
-        $this->rememberMe->clearCookie();
-
-        // User logout actions
-        if ($currentUserId) {
-            $currentUser = $this->classMapper->staticMethod('user', 'find', $currentUserId);
-            if ($currentUser) {
-                $currentUser->onLogout();
-            }
-        }
-
-        $this->user = NULL;
-        $this->loggedOut = TRUE;
-
-        $oldId = session_id();
-
-        // Completely destroy the session
-        $this->session->destroy();
-
-        // Since regenerateId deletes the old session, we'll do the same in cache
-        $this->flushSessionCache($oldId);
-
-        // Restart the session service
-        $this->session->start();
-    }
-
-    /**
-     * Try to get the currently authenticated user, returning a guest user if none was found.
-     *
-     * Tries to re-establish a session for "remember-me" users who have been logged out due to an expired session.
-     * @return User|null
-     * @throws AuthExpiredException
-     * @throws AuthCompromisedException
-     * @throws AccountInvalidException
-     * @throws AccountDisabledException
-     */
-    public function user() {
-        $user = NULL;
-
-        if (!$this->loggedOut) {
-
-            // Return any cached user
-            if (!is_null($this->user)) {
-                return $this->user;
-            }
-
-            // If this throws a PDOException we catch it and return null than allowing the exception to propagate.
-            // This is because the error handler relies on Twig, which relies on a Twig Extension, which relies on the global current_user variable.
-            // So, we really don't want this method to throw any database exceptions.
-            try {
-                // Now, check to see if we have a user in session
-                $user = $this->loginSessionUser();
-
-                // If no user was found in the session, try to login via RememberMe cookie
-                if (!$user) {
-                    $user = $this->loginRememberedUser();
-                }
-            } catch (\PDOException $e) {
-                $user = NULL;
-            }
-        }
-
-        return $this->user = $user;
-    }
-
-    /**
-     * Determine whether the current user was authenticated using a remember me cookie.
-     *
-     * This function is useful when users are performing sensitive operations, and you may want to force them to re-authenticate.
-     * @return bool
-     */
-    public function viaRemember() {
-        return $this->viaRemember;
-    }
-
-    /**
-     * Attempt to log in the client from their rememberMe token (in their cookie).
-     *
-     * @return User|bool If successful, the User object of the remembered user.  Otherwise, return false.
-     * @throws AuthCompromisedException The client attempted to log in with an invalid rememberMe token.
-     */
-    protected function loginRememberedUser() {
-        /** @var \Birke\Rememberme\LoginResult $loginResult */
-        $loginResult = $this->rememberMe->login();
-
-        if ($loginResult->isSuccess()) {
-            // Update in session
-            $this->session[$this->config['session.keys.current_user_id']] = $loginResult->getCredential();
-            // There is a chance that an attacker has stolen the login token,
-            // so we store the fact that the user was logged in via RememberMe (instead of login form)
-            $this->viaRemember = TRUE;
-        } else {
-            // If $rememberMe->login() was not successful, check if the token was invalid as well.  This means the cookie was stolen.
-            if ($loginResult->hasPossibleManipulation()) {
-                throw new AuthCompromisedException();
-            }
-        }
-
-        return $this->validateUserAccount($loginResult->getCredential());
-    }
-
-    /**
-     * Attempt to log in the client from the session.
-     *
-     * @return User|null If successful, the User object of the user in session.  Otherwise, return null.
-     * @throws AuthExpiredException The client attempted to use an expired rememberMe token.
-     */
-    protected function loginSessionUser() {
-        $userId = $this->session->get($this->config['session.keys.current_user_id']);
-
-        // If a user_id was found in the session, check any rememberMe cookie that was submitted.
-        // If they submitted an expired rememberMe cookie, then we need to log them out.
-        if ($userId) {
-            if (!$this->validateRememberMeCookie()) {
-                $this->logout();
-                throw new AuthExpiredException();
-            }
-        }
-
-        return $this->validateUserAccount($userId);
-    }
-
-    /**
-     * Determine if the cookie contains a valid rememberMe token.
-     *
-     * @return bool
-     */
-    protected function validateRememberMeCookie() {
-        $cookieValue = $this->rememberMe->getCookie()->getValue();
-        if (!$cookieValue) {
-            return TRUE;
-        }
-        $triplet = RememberMeTriplet::fromString($cookieValue);
-        if (!$triplet->isValid()) {
-            return FALSE;
-        }
-
-        return TRUE;
-    }
-
-    /**
-     * Tries to load the specified user by id from the database.
-     *
-     * Checks that the account is valid and enabled, throwing an exception if not.
-     * @param int $userId
-     * @return User|null
-     * @throws AccountInvalidException
-     * @throws AccountDisabledException
-     */
-    protected function validateUserAccount($userId) {
-        if ($userId) {
-            $user = $this->classMapper->staticMethod('user', 'find', $userId);
-
-            // If the user doesn't exist any more, throw an exception.
-            if (!$user) {
-                throw new AccountInvalidException();
-            }
-
-            // If the user has been disabled since their last request, throw an exception.
-            if (!$user->flag_enabled) {
-                throw new AccountDisabledException();
-            }
-
-            return $user;
-        } else {
-            return NULL;
-        }
-    }
-
-    /**
-     *    Flush the cache associated with a session id
-     *
-     * @param  string $id The session id
-     * @return bool
-     */
-    public function flushSessionCache($id) {
-        return $this->cache->tags('_s' . $id)->flush();
-    }
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Exception/AccountDisabledException.php b/main/app/sprinkles/account/src/Authenticate/Exception/AccountDisabledException.php
deleted file mode 100644
index 314fcc3..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Exception/AccountDisabledException.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate\Exception;
-
-use UserFrosting\Support\Exception\HttpException;
-
-/**
- * Disabled account exception.  Used when an account has been disabled.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class AccountDisabledException extends HttpException
-{
-    protected $defaultMessage = 'ACCOUNT.DISABLED';
-    protected $httpErrorCode = 403;
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Exception/AccountInvalidException.php b/main/app/sprinkles/account/src/Authenticate/Exception/AccountInvalidException.php
deleted file mode 100644
index bc42b62..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Exception/AccountInvalidException.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate\Exception;
-
-use UserFrosting\Support\Exception\HttpException;
-
-/**
- * Invalid account exception.  Used when an account has been removed during an active session.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class AccountInvalidException extends HttpException
-{
-    protected $defaultMessage = 'ACCOUNT.INVALID';
-    protected $httpErrorCode = 403;
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Exception/AccountNotVerifiedException.php b/main/app/sprinkles/account/src/Authenticate/Exception/AccountNotVerifiedException.php
deleted file mode 100644
index 1548201..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Exception/AccountNotVerifiedException.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate\Exception;
-
-use UserFrosting\Support\Exception\HttpException;
-
-/**
- * Unverified account exception.  Used when an account is required to complete email verification, but hasn't done so yet.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class AccountNotVerifiedException extends HttpException
-{
-    protected $defaultMessage = 'ACCOUNT.UNVERIFIED';
-    protected $httpErrorCode = 403;
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Exception/AuthCompromisedException.php b/main/app/sprinkles/account/src/Authenticate/Exception/AuthCompromisedException.php
deleted file mode 100644
index dd169bd..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Exception/AuthCompromisedException.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate\Exception;
-
-use UserFrosting\Support\Exception\ForbiddenException;
-
-/**
- * Compromised authentication exception.  Used when we suspect theft of the rememberMe cookie.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class AuthCompromisedException extends ForbiddenException
-{
-    protected $defaultMessage = 'ACCOUNT.SESSION_COMPROMISED';
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Exception/AuthExpiredException.php b/main/app/sprinkles/account/src/Authenticate/Exception/AuthExpiredException.php
deleted file mode 100644
index 2345118..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Exception/AuthExpiredException.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate\Exception;
-
-use UserFrosting\Support\Exception\HttpException;
-
-/**
- * Expired authentication exception.  Used when the user needs to authenticate/reauthenticate.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class AuthExpiredException extends HttpException
-{
-    protected $defaultMessage = 'ACCOUNT.SESSION_EXPIRED';
-    protected $httpErrorCode = 401;
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Exception/InvalidCredentialsException.php b/main/app/sprinkles/account/src/Authenticate/Exception/InvalidCredentialsException.php
deleted file mode 100644
index 8f73403..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Exception/InvalidCredentialsException.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate\Exception;
-
-use UserFrosting\Support\Exception\HttpException;
-
-/**
- * Invalid credentials exception.  Used when an account fails authentication for some reason.
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class InvalidCredentialsException extends HttpException
-{
-    protected $defaultMessage = 'USER_OR_PASS_INVALID';
-    protected $httpErrorCode = 403;
-}
diff --git a/main/app/sprinkles/account/src/Authenticate/Hasher.php b/main/app/sprinkles/account/src/Authenticate/Hasher.php
deleted file mode 100644
index 7ec832e..0000000
--- a/main/app/sprinkles/account/src/Authenticate/Hasher.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<?php
-/**
- * UserFrosting (http://www.userfrosting.com)
- *
- * @link      https://github.com/userfrosting/UserFrosting
- * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
- */
-
-namespace UserFrosting\Sprinkle\Account\Authenticate;
-
-/**
- * Password hashing and validation class
- *
- * @author Alex Weissman (https://alexanderweissman.com)
- */
-class Hasher
-{
-    /**
-     * Default crypt cost factor.
-     *
-     * @var int
-     */
-    protected $defaultRounds = 10;
-
-    /**
-     * Returns the hashing type for a specified password hash.
-     *
-     * Automatically detects the hash type: "sha1" (for UserCake legacy accounts), "legacy" (for 0.1.x accounts), and "modern" (used for new accounts).
-     * @param string $password the hashed password.
-     * @return string "sha1"|"legacy"|"modern".
-     */
-    public function getHashType($password) {
-        // If the password in the db is 65 characters long, we have an sha1-hashed password.
-        if (strlen($password) == 65) {
-            return 'sha1';
-        } else if (strlen($password) == 82) {
-            return 'legacy';
-        }
-
-        return 'modern';
-    }
-
-    /**
-     * Hashes a plaintext password using bcrypt.
-     *
-     * @param string $password the plaintext password.
-     * @param array $options
-     * @return string the hashed password.
-     * @throws HashFailedException
-     */
-    public function hash($password, array $options = []) {
-        $hash = password_hash($password, PASSWORD_BCRYPT, [
-            'cost' => $this->cost($options),
-        ]);
-
-        if (!$hash) {
-            throw new HashFailedException();
-        }
-
-        return $hash;
-    }
-
-    /**
-     * Verify a plaintext password against the user's hashed password.
-     *
-     * @param string $password The plaintext password to verify.
-     * @param string $hash The hash to compare against.
-     * @param array $options
-     * @return boolean True if the password matches, false otherwise.
-     */
-    public function verify($password, $hash, array $options = []) {
-        $hashType = $this->getHashType($hash);
-
-        if ($hashType == 'sha1') {
-            // Legacy UserCake passwords
-            $salt = substr($hash, 0, 25);        // Extract the salt from the hash
-            $inputHash = $salt . sha1($salt . $password);
-
-            return (hash_equals($inputHash, $hash) === TRUE);
-
-        } else if ($hashType == 'legacy') {
-            // Homegrown implementation (assuming that current install has been using a cost parameter of 12)
-            // Used for manual implementation of bcrypt.
-            // Note that this legacy hashing put the salt at the _end_ for some reason.
-            $salt = substr($hash, 60);
-            $inputHash = crypt($password, '$2y$12$' . $salt);
-            $correctHash = substr($hash, 0, 60);
-
-            return (hash_equals($inputHash, $correctHash) === TRUE);
-        }
-
-        // Modern implementation
-        return password_verify($password, $hash);
-    }
-
-    /**
-     * Extract the cost value from the options array.
-     *
-     * @param  array $options
-     * @return int
-     */
-    protected function cost(array $options = []) {
-        return isset($options['rounds']) ? $options['rounds'] : $this->defaultRounds;
-    }
-}
-- 
cgit v1.2.3