wiki.techinc.nl/includes/password/ParameterizedPassword.php

<?php
/**
 * Implements the ParameterizedPassword class for the MediaWiki software.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

declare( strict_types = 1 );

/**
 * Helper class for password hash types that have a delimited set of parameters
 * inside of the hash.
 *
 * All passwords are in the form of :<TYPE>:... as explained in the main Password
 * class. This class is for hashes in the form of :<TYPE>:<PARAM1>:<PARAM2>:... where
 * <PARAM1>, <PARAM2>, etc. are parameters that determine how the password was hashed.
 * Of course, the internal delimiter (which is : by convention and default), can be
 * changed by overriding the ParameterizedPassword::getDelimiter() function.
 *
 * This class requires overriding an additional function: ParameterizedPassword::getDefaultParams().
 * See the function description for more details on the implementation.
 *
 * @since 1.24
 */
abstract class ParameterizedPassword extends Password {
	/**
	 * Named parameters that have default values for this password type
	 * @var array
	 */
	protected $params = [];

	/**
	 * Extra arguments that were found in the hash. This may or may not make
	 * the hash invalid.
	 * @var string[]
	 */
	protected $args = [];

	/**
	 * @inheritDoc
	 */
	protected function parseHash( ?string $hash ): void {
		parent::parseHash( $hash );

		if ( $hash === null ) {
			$this->params = $this->getDefaultParams();
			return;
		}

		$parts = explode( $this->getDelimiter(), $hash );
		$paramKeys = array_keys( $this->getDefaultParams() );

		if ( count( $parts ) < count( $paramKeys ) ) {
			throw new PasswordError( 'Hash is missing required parameters.' );
		}

		if ( $paramKeys ) {
			$this->args = array_splice( $parts, count( $paramKeys ) );
			$this->params = array_combine( $paramKeys, $parts );
		} else {
			$this->args = $parts;
		}

		if ( $this->args ) {
			$this->hash = array_pop( $this->args );
		} else {
			$this->hash = null;
		}
	}

	public function needsUpdate(): bool {
		return $this->params !== $this->getDefaultParams();
	}

	public function toString(): string {
		$str = ':' . $this->config['type'] . ':';

		if ( count( $this->params ) || count( $this->args ) ) {
			$str .= implode( $this->getDelimiter(), array_merge( $this->params, $this->args ) );
			$str .= $this->getDelimiter();
		}

		$res = $str . $this->hash;
		$this->assertIsSafeSize( $res );
		return $res;
	}

	/**
	 * Returns the delimiter for the parameters inside the hash
	 *
	 * @return string
	 */
	abstract protected function getDelimiter(): string;

	/**
	 * Return an ordered array of default parameters for this password hash
	 *
	 * The keys should be the parameter names and the values should be the default
	 * values. Additionally, the order of the array should be the order in which they
	 * appear in the hash.
	 *
	 * When parsing a password hash, the constructor will split the hash based on
	 * the delimiter, and consume as many parts as it can, matching each to a parameter
	 * in this list. Once all the parameters have been filled, all remaining parts will
	 * be considered extra arguments, except, of course, for the very last part, which
	 * is the hash itself.
	 *
	 * @return array
	 */
	abstract protected function getDefaultParams(): array;
}