CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
verify example
public function before(RequestInterface $request, $arguments = null)
{
if (! $request instanceof IncomingRequest) {
return;
}
$security = Services::security();
try {
$security->verify($request);
} catch (SecurityException $e) {
if ($security->shouldRedirect() && ! $request->isAJAX()) {
return redirect()->back()->with('error', $e->getMessage());
}
throw $e;
}
}
/** * We don't have anything to do here. * * @param array|null $arguments * * @return void */
$this->bestHasher = $bestHasher;
$this->extraHashers = $extraHashers;
}
public function hash(#[\SensitiveParameter] string $plainPassword, string $salt = null): string {
return $this->bestHasher->hash($plainPassword, $salt);
}
public function verify(string $hashedPassword, #[\SensitiveParameter] string $plainPassword, string $salt = null): bool {
if ($this->bestHasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
if (!$this->bestHasher->needsRehash($hashedPassword)) {
return false;
}
foreach ($this->extraHashers as $hasher) {
if ($hasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
}
$this->extraHashers = $extraHashers;
}
public function hash(#[\SensitiveParameter] string $plainPassword, string $salt = null): string {
return $this->bestHasher->hash($plainPassword, $salt);
}
public function verify(string $hashedPassword, #[\SensitiveParameter] string $plainPassword, string $salt = null): bool {
if ($this->bestHasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
if (!$this->bestHasher->needsRehash($hashedPassword)) {
return false;
}
foreach ($this->extraHashers as $hasher) {
if ($hasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
}
public function CSRFVerify(RequestInterface $request)
{
return $this->verify($request);
}
/** * Returns the CSRF Token. * * @deprecated Use `CodeIgniter\Security\Security::getHash()` instead of using this method. * * @codeCoverageIgnore */
public function getCSRFHash(): ?string
{
$salt = null;
if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
$salt = $user->getSalt();
}
if (null === $user->getPassword()) {
return false;
}
$hasher = $this->hasherFactory->getPasswordHasher($user);
return $hasher->verify($user->getPassword(), $plainPassword, $salt);
}
public function needsRehash(PasswordAuthenticatedUserInterface $user): bool
{
if (null === $user->getPassword()) {
return false;
}
$hasher = $this->hasherFactory->getPasswordHasher($user);
return $hasher->needsRehash($user->getPassword());
}
if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
$salt = $user->getSalt();
}
if (null === $user->getPassword()) {
return false;
}
$hasher = $this->hasherFactory->getPasswordHasher($user);
return $hasher->verify($user->getPassword(), $plainPassword, $salt);
}
public function needsRehash(PasswordAuthenticatedUserInterface $user): bool
{
if (null === $user->getPassword()) {
return false;
}
$hasher = $this->hasherFactory->getPasswordHasher($user);
return $hasher->needsRehash($user->getPassword());
}
#[Route(path: '/store-api/order/state/cancel', name: 'store-api.order.state.cancel', methods: ['POST'], defaults: ['_loginRequired' => true, '_loginRequiredAllowGuest' => true])] public function cancel(Request $request, SalesChannelContext $context): CancelOrderRouteResponse
{
$orderId = $request->get('orderId', null);
if ($orderId === null) {
throw RoutingException::invalidRequestParameter('orderId');
}
$this->verify($orderId, $context);
$newState = $this->orderService->orderStateTransition(
$orderId,
'cancel',
new ParameterBag(),
$context->getContext()
);
return new CancelOrderRouteResponse($newState);
}
$costs = range(4, 31);
array_walk($costs, function D&$cost) { $cost = [$cost]; });
return $costs;
}
public function testValidation()
{
$hasher = new NativePasswordHasher();
$result = $hasher->hash('password', null);
$this->assertTrue($hasher->verify($result, 'password', null));
$this->assertFalse($hasher->verify($result, 'anotherPassword', null));
$this->assertFalse($hasher->verify($result, '', null));
}
public function testNonArgonValidation()
{
$hasher = new NativePasswordHasher();
$this->assertTrue($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
$this->assertFalse($hasher->verify('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
$this->assertTrue($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
$this->assertFalse($hasher->verify('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
}
$extraHasher->expects($this->never())->method('hash');
$extraHasher->expects($this->never())->method('verify');
$extraHasher->expects($this->never())->method('needsRehash');
$hasher = new MigratingPasswordHasher($bestHasher, $extraHasher);
$this->assertTrue($hasher->needsRehash('foo'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$this->assertTrue($hasher->verify($hash, 'foo', 'salt'));
$this->assertFalse($hasher->verify($hash, 'bar', 'salt'));
}
public function testFallback()
{
$bestHasher = new NativePasswordHasher(4, 12000, 4);
$extraHasher1 = $this->createMock(PasswordHasherInterface::class);
$extraHasher1->expects($this->any())
->method('verify')
->with('abc', 'foo', 'salt')
$extraHasher->expects($this->never())->method('verify');
$extraHasher->expects($this->never())->method('needsRehash');
$hasher = new MigratingPasswordHasher($bestHasher, $extraHasher);
$this->assertTrue($hasher->needsRehash('foo'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$this->assertTrue($hasher->verify($hash, 'foo', 'salt'));
$this->assertFalse($hasher->verify($hash, 'bar', 'salt'));
}
public function testFallback()
{
$bestHasher = new NativePasswordHasher(4, 12000, 4);
$extraHasher1 = $this->createMock(PasswordHasherInterface::class);
$extraHasher1->expects($this->any())
->method('verify')
->with('abc', 'foo', 'salt')
$this->passwordHasherCommandTester->execute([
'password' => 'password',
'user-class' => 'Custom\Class\Bcrypt\User',
], ['interactive' => false]);
$output = $this->passwordHasherCommandTester->getDisplay();
$this->assertStringContainsString('Password hashing succeeded', $output);
$hasher = new NativePasswordHasher(null, null, 17, \PASSWORD_BCRYPT);
preg_match('# Password hash\s{1,}([\w+\/$.]+={0,2})\s+#', $output, $matches);
$hash = $matches[1];
$this->assertTrue($hasher->verify($hash, 'password', null));
}
public function testEncodePasswordArgon2i()
{
if (!($sodium = SodiumPasswordHasher::isSupported() && !\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) && !\defined('PASSWORD_ARGON2I')) {
$this->markTestSkipped('Argon2i algorithm not available.');
}
$this->setupArgon2i();
$this->passwordHasherCommandTester->execute([
'password' => 'password',
'user-class' => 'Custom\Class\Argon2i\User',
],
'password' => 'password',
'user-class' => 'Custom\Class\Bcrypt\User',
], ['interactive' => false]);
$output = $this->passwordHasherCommandTester->getDisplay();
$this->assertStringContainsString('Password hashing succeeded', $output);
$hasher = new NativePasswordHasher(null, null, 17, \PASSWORD_BCRYPT);
preg_match('# Password hash\s{1,}([\w+\/$.]+={0,2})\s+#', $output, $matches);
$hash = $matches[1];
$this->assertTrue($hasher->verify($hash, 'password', null));
}
public function testEncodePasswordArgon2i()
{
if (!($sodium = SodiumPasswordHasher::isSupported() && !\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) && !\defined('PASSWORD_ARGON2I')) {
$this->markTestSkipped('Argon2i algorithm not available.');
}
$this->setupArgon2i();
$this->passwordHasherCommandTester->execute([
'password' => 'password',
'user-class' => 'Custom\Class\Argon2i\User',
],
$presentedPassword = $badge->getPassword();
if ('' === $presentedPassword) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (null === $user->getPassword()) {
throw new BadCredentialsException('The presented password is invalid.');
}
if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(), $presentedPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null)) {
throw new BadCredentialsException('The presented password is invalid.');
}
$badge->markResolved();
if (!$passport->hasBadge(PasswordUpgradeBadge::class)) {
$passport->addBadge(new PasswordUpgradeBadge($presentedPassword));
}
return;
}
use PHPUnit\Framework\TestCase;
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
class Pbkdf2PasswordHasherTest extends TestCase
{
public function testVerify()
{
$hasher = new Pbkdf2PasswordHasher('sha256', false, 1, 40);
$this->assertTrue($hasher->verify('c1232f10f62715fda06ae7c0a2037ca19b33cf103b727ba56d870c11f290a2ab106974c75607c8a3', 'password', ''));
}
public function testHash()
{
$hasher = new Pbkdf2PasswordHasher('sha256', false, 1, 40);
$this->assertSame('c1232f10f62715fda06ae7c0a2037ca19b33cf103b727ba56d870c11f290a2ab106974c75607c8a3', $hasher->hash('password', ''));
$hasher = new Pbkdf2PasswordHasher('sha256', true, 1, 40);
$this->assertSame('wSMvEPYnFf2gaufAogN8oZszzxA7cnulbYcMEfKQoqsQaXTHVgfIow==', $hasher->hash('password', ''));
$hasher = new Pbkdf2PasswordHasher('sha256', false, 2, 40);
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
class Pbkdf2PasswordHasherTest extends TestCase
{
public function testVerify()
{
$hasher = new Pbkdf2PasswordHasher('sha256', false, 1, 40);
$this->assertTrue($hasher->verify('c1232f10f62715fda06ae7c0a2037ca19b33cf103b727ba56d870c11f290a2ab106974c75607c8a3', 'password', ''));
}
public function testHash()
{
$hasher = new Pbkdf2PasswordHasher('sha256', false, 1, 40);
$this->assertSame('c1232f10f62715fda06ae7c0a2037ca19b33cf103b727ba56d870c11f290a2ab106974c75607c8a3', $hasher->hash('password', ''));
$hasher = new Pbkdf2PasswordHasher('sha256', true, 1, 40);
$this->assertSame('wSMvEPYnFf2gaufAogN8oZszzxA7cnulbYcMEfKQoqsQaXTHVgfIow==', $hasher->hash('password', ''));
$hasher = new Pbkdf2PasswordHasher('sha256', false, 2, 40);
use PHPUnit\Framework\TestCase;
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\MessageDigestPasswordHasher;
class MessageDigestPasswordHasherTest extends TestCase
{
public function testVerify()
{
$hasher = new MessageDigestPasswordHasher('sha256', false, 1);
$this->assertTrue($hasher->verify(hash('sha256', 'password'), 'password', ''));
}
public function testHash()
{
$hasher = new MessageDigestPasswordHasher('sha256', false, 1);
$this->assertSame(hash('sha256', 'password'), $hasher->hash('password', ''));
$hasher = new MessageDigestPasswordHasher('sha256', true, 1);
$this->assertSame(base64_encode(hash('sha256', 'password', true)), $hasher->hash('password', ''));
$hasher = new MessageDigestPasswordHasher('sha256', false, 2);
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\MessageDigestPasswordHasher;
class MessageDigestPasswordHasherTest extends TestCase
{
public function testVerify()
{
$hasher = new MessageDigestPasswordHasher('sha256', false, 1);
$this->assertTrue($hasher->verify(hash('sha256', 'password'), 'password', ''));
}
public function testHash()
{
$hasher = new MessageDigestPasswordHasher('sha256', false, 1);
$this->assertSame(hash('sha256', 'password'), $hasher->hash('password', ''));
$hasher = new MessageDigestPasswordHasher('sha256', true, 1);
$this->assertSame(base64_encode(hash('sha256', 'password', true)), $hasher->hash('password', ''));
$hasher = new MessageDigestPasswordHasher('sha256', false, 2);
/**
* @throws CustomerNotFoundException
* @throws BadCredentialsException
* @throws CustomerOptinNotCompletedException
*/
public function getCustomerByLogin(string $email, string $password, SalesChannelContext $context): CustomerEntity
{
$customer = $this->getCustomerByEmail($email, $context);
if ($customer->hasLegacyPassword()) {
if (!$this->legacyPasswordVerifier->verify($password, $customer)) {
throw CustomerException::badCredentials();
}
$this->updatePasswordHash($password, $customer, $context->getContext());
return $customer;
}
if ($customer->getPassword() === null
|| !password_verify($password, $customer->getPassword())) {
throw CustomerException::badCredentials();
}
public function getCustomerByLogin(string $email, string $password, SalesChannelContext $context): CustomerEntity
{
$customer = $this->getCustomerByEmail($email, $context);
if ($customer->hasLegacyPassword()) {
if (!$this->legacyPasswordVerifier->verify($password, $customer)) {
throw CustomerException::badCredentials();
}
$this->updatePasswordHash($password, $customer, $context->getContext());
return $customer;
}
if ($customer->getPassword() === null
|| !password_verify($password, $customer->getPassword())) {
throw CustomerException::badCredentials();
}
protected function setUp(): void
{
if (!SodiumPasswordHasher::isSupported()) {
$this->markTestSkipped('Libsodium is not available.');
}
}
public function testValidation()
{
$hasher = new SodiumPasswordHasher();
$result = $hasher->hash('password', null);
$this->assertTrue($hasher->verify($result, 'password', null));
$this->assertFalse($hasher->verify($result, 'anotherPassword', null));
$this->assertFalse($hasher->verify($result, '', null));
}
public function testBcryptValidation()
{
$hasher = new SodiumPasswordHasher();
$this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
}
public function testNonArgonValidation()
{
{
if (!SodiumPasswordHasher::isSupported()) {
$this->markTestSkipped('Libsodium is not available.');
}
}
public function testValidation()
{
$hasher = new SodiumPasswordHasher();
$result = $hasher->hash('password', null);
$this->assertTrue($hasher->verify($result, 'password', null));
$this->assertFalse($hasher->verify($result, 'anotherPassword', null));
$this->assertFalse($hasher->verify($result, '', null));
}
public function testBcryptValidation()
{
$hasher = new SodiumPasswordHasher();
$this->assertTrue($hasher->verify('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
}
public function testNonArgonValidation()
{
do_action( 'auth_cookie_bad_hash', $cookie_elements );
return false;
}
$manager = WP_Session_Tokens::get_instance( $user->ID );
if ( ! $manager->verify( $token ) ) {
/** * Fires if a bad session token is encountered. * * @since 4.0.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */
use PHPUnit\Framework\TestCase;
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
class PlaintextPasswordHasherTest extends TestCase
{
public function testVerify()
{
$hasher = new PlaintextPasswordHasher();
$this->assertTrue($hasher->verify('foo', 'foo', ''));
$this->assertFalse($hasher->verify('bar', 'foo', ''));
$this->assertFalse($hasher->verify('FOO', 'foo', ''));
$hasher = new PlaintextPasswordHasher(true);
$this->assertTrue($hasher->verify('foo', 'foo', ''));
$this->assertFalse($hasher->verify('bar', 'foo', ''));
$this->assertTrue($hasher->verify('FOO', 'foo', ''));
}
public function testHash()
{
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
class PlaintextPasswordHasherTest extends TestCase
{
public function testVerify()
{
$hasher = new PlaintextPasswordHasher();
$this->assertTrue($hasher->verify('foo', 'foo', ''));
$this->assertFalse($hasher->verify('bar', 'foo', ''));
$this->assertFalse($hasher->verify('FOO', 'foo', ''));
$hasher = new PlaintextPasswordHasher(true);
$this->assertTrue($hasher->verify('foo', 'foo', ''));
$this->assertFalse($hasher->verify('bar', 'foo', ''));
$this->assertTrue($hasher->verify('FOO', 'foo', ''));
}
public function testHash()
{