7a7976ba7a
So far, our key derivation code assumed that it has control over the salt used by the derivation routines, however I want to add Argon2 support and it doesn't work this way: password_hash() generates the salt itself, and the only way to verify a password is by using password_verify(). Current way the things are done doesn't support it because it relies on the result of password hashing with parameters we provide to be deterministic. Therefore, I'm deprecating Password::equals(), as well as whole concept of comparing Password objects - it's used only in tests anyway. It's getting replaced with verify() that only accepts password strings. Uses of old function are fixed with exception of a few calls in tests that will be addressed in my Argon2 patch. Change-Id: I2b2be9a422ee0f773490eac316ad81505c3f8571
51 lines
1.4 KiB
PHP
51 lines
1.4 KiB
PHP
<?php
|
|
/**
|
|
* Implements the InvalidPassword class for the MediaWiki software.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*
|
|
* @file
|
|
*/
|
|
|
|
/**
|
|
* Represents an invalid password hash. It is represented as the empty string (i.e.,
|
|
* a password hash with no type).
|
|
*
|
|
* No two invalid passwords are equal. Comparing anything to an invalid password will
|
|
* return false.
|
|
*
|
|
* @since 1.24
|
|
*/
|
|
class InvalidPassword extends Password {
|
|
public function crypt( $plaintext ) {
|
|
}
|
|
|
|
public function toString() {
|
|
return '';
|
|
}
|
|
|
|
public function equals( $other ) {
|
|
return false;
|
|
}
|
|
|
|
public function verify( $password ) {
|
|
return false;
|
|
}
|
|
|
|
public function needsUpdate() {
|
|
return false;
|
|
}
|
|
}
|