ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilArgon2IdPasswordEncoder.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
22{
23 private const string CONFIG_KEY_TIME_COST = 'time_cost';
24 private const string CONFIG_KEY_MEMORY_COST = 'memory_cost';
25 private const string CONFIG_KEY_THREADS = 'threads';
26
27 private ?int $memory_cost = null;
28 private ?int $time_cost = null;
29 private ?int $threads = null;
30
34 public function __construct(array $config = [])
35 {
36 if (!empty($config)) {
37 foreach ($config as $key => $value) {
38 switch (strtolower($key)) {
40 $this->setMemoryCost($value);
41 break;
42
44 $this->setTimeCost($value);
45 break;
46
48 $this->setThreads($value);
49 break;
50 }
51 }
52 }
53
54 if ($this->isSupportedByRuntime() && static::class == self::class) {
55 if (!isset($config[self::CONFIG_KEY_MEMORY_COST])) {
56 $this->setMemoryCost(PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
57 }
58 if (!isset($config[self::CONFIG_KEY_TIME_COST])) {
59 $this->setTimeCost(PASSWORD_ARGON2_DEFAULT_TIME_COST);
60 }
61 if (!isset($config[self::CONFIG_KEY_THREADS])) {
62 $this->setThreads(PASSWORD_ARGON2_DEFAULT_THREADS);
63 }
64 }
65 }
66
67 public function getMemoryCost(): int
68 {
69 return $this->memory_cost;
70 }
71
72 public function setMemoryCost(int $memory_costs): void
73 {
74 $this->memory_cost = $memory_costs;
75 }
76
77 public function getTimeCost(): int
78 {
79 return $this->time_cost;
80 }
81
82 public function setTimeCost(int $time_cost): void
83 {
84 $this->time_cost = $time_cost;
85 }
86
87 public function getThreads(): int
88 {
89 return $this->threads;
90 }
91
92 public function setThreads(int $threads): void
93 {
94 $this->threads = $threads;
95 }
96
97 public function getName(): string
98 {
99 return 'argon2id';
100 }
101
102 public function isSupportedByRuntime(): bool
103 {
104 return (
105 parent::isSupportedByRuntime() &&
106 version_compare(phpversion(), '7.3.0', '>=') &&
107 defined('PASSWORD_ARGON2ID')
108 );
109 }
110
111 public function encodePassword(string $raw, string $salt): string
112 {
113 if ($this->isPasswordTooLong($raw)) {
114 throw new ilPasswordException('Invalid password.');
115 }
116
117 return password_hash($raw, PASSWORD_ARGON2ID, [
118 self::CONFIG_KEY_MEMORY_COST => $this->getMemoryCost(),
119 self::CONFIG_KEY_TIME_COST => $this->getTimeCost(),
120 self::CONFIG_KEY_THREADS => $this->getThreads(),
121 ]);
122 }
123
124 public function isPasswordValid(string $encoded, string $raw, string $salt): bool
125 {
126 return password_verify($raw, $encoded);
127 }
128
129 public function requiresReencoding(string $encoded): bool
130 {
131 return password_needs_rehash($encoded, PASSWORD_ARGON2ID, [
132 self::CONFIG_KEY_MEMORY_COST => $this->getMemoryCost(),
133 self::CONFIG_KEY_TIME_COST => $this->getTimeCost(),
134 self::CONFIG_KEY_THREADS => $this->getThreads(),
135 ]);
136 }
137}
getName()
Returns a unique name/id of the concrete password encoder.
isPasswordValid(string $encoded, string $raw, string $salt)
Checks a raw password against an encoded password.
encodePassword(string $raw, string $salt)
Encodes the raw password.
requiresReencoding(string $encoded)
Returns whether the encoded password needs to be re-encoded.
isSupportedByRuntime()
Returns whether the encoder is supported by the runtime (PHP, HHVM, ...)
Class for user password exception handling in ILIAS.