Demo Projects > framework >

master

laravel/framework

Get started View on GitHub

Last updated at: 29/12/2023 09:24

Argon2IdHasher.php

TLDR

This file contains the Argon2IdHasher class which extends the ArgonHasher class. It provides a method check() for checking if a given plain value matches a hash value using the Argon2id algorithm. It also includes two helper methods isUsingCorrectAlgorithm() and algorithm().

Methods

check

This method checks if a given plain value matches a hash value using the Argon2id algorithm. It takes three parameters:

  • $value (string): The plain value to be checked
  • $hashedValue (string|null): The hash value to compare against
  • $options (array): Additional options for the hash (optional)

The method first checks if the hashing algorithm used in the hashed value is correct. If not, it throws a RuntimeException with the message "This password does not use the Argon2id algorithm."

Next, it checks if the hashed value is null or empty, and returns false if it is.

Finally, it uses the password_verify() function to compare the plain value and the hashed value, and returns the result.

isUsingCorrectAlgorithm

This method verifies if the hashed value's algorithm is Argon2id. It takes one parameter:

  • $hashedValue (string): The hashed value to check

The method uses the info() method from the parent ArgonHasher class to get the algorithm name from the hashed value's information. It then compares the algorithm name to "argon2id" and returns true if they match.

algorithm

This method returns the algorithm constant PASSWORD_ARGON2ID which should be used for hashing.

<?php

namespace Illuminate\Hashing;

use RuntimeException;

class Argon2IdHasher extends ArgonHasher
{
    /**
     * Check the given plain value against a hash.
     *
     * @param  string  $value
     * @param  string|null  $hashedValue
     * @param  array  $options
     * @return bool
     *
     * @throws \RuntimeException
     */
    public function check($value, $hashedValue, array $options = [])
    {
        if ($this->verifyAlgorithm && ! $this->isUsingCorrectAlgorithm($hashedValue)) {
            throw new RuntimeException('This password does not use the Argon2id algorithm.');
        }

        if (is_null($hashedValue) || strlen($hashedValue) === 0) {
            return false;
        }

        return password_verify($value, $hashedValue);
    }

    /**
     * Verify the hashed value's algorithm.
     *
     * @param  string  $hashedValue
     * @return bool
     */
    protected function isUsingCorrectAlgorithm($hashedValue)
    {
        return $this->info($hashedValue)['algoName'] === 'argon2id';
    }

    /**
     * Get the algorithm that should be used for hashing.
     *
     * @return int
     */
    protected function algorithm()
    {
        return PASSWORD_ARGON2ID;
    }
}