Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor hashPassword method and enhance validations

Browse source
This commit is contained in:
netkas 2025-01-06 01:29:15 -05:00
parent 02d42e4e23
commit 5196ac2486
1 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/Socialbox/Classes/Cryptography.php
View file

@ -9,9 +9,9 @@
class Cryptography class Cryptography
{ {
private const KEY_TYPE_ENCRYPTION = 'enc:'; private const string KEY_TYPE_ENCRYPTION = 'enc:';
private const KEY_TYPE_SIGNING = 'sig:'; private const string KEY_TYPE_SIGNING = 'sig:';
private const BASE64_VARIANT = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING; private const int BASE64_VARIANT = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING;
/** /**
* Generates a new encryption key pair consisting of a public key and a secret key. * Generates a new encryption key pair consisting of a public key and a secret key.
@ -654,17 +654,28 @@
/** /**
* Hashes a password securely using a memory-hard, CPU-intensive hashing algorithm. * Hashes a password securely using a memory-hard, CPU-intensive hashing algorithm.
* *
* @param string $sha512 The SHA-512 hash of the password to be hashed. * @param string $password The password in plaintext to be hashed, if $hash is false this should be a SHA-512 hash.
* @param bool $hash True to hash the password, false to use the provided SHA-512 hash directly which is validated.
* @return string The hashed password in a secure format. * @return string The hashed password in a secure format.
* @throws CryptographyException If password hashing fails. * @throws CryptographyException If password hashing fails.
*/ */
public static function hashPassword(string $sha512): string public static function hashPassword(string $password, bool $hash=true): string
{ {
if(!self::validateSha512($sha512)) if(empty($password))
{
throw new CryptographyException("Empty password provided");
}
if($hash === false && !self::validateSha512($password))
{ {
throw new CryptographyException("Invalid SHA-512 hash provided"); throw new CryptographyException("Invalid SHA-512 hash provided");
} }
if($hash)
{
$sha512 = hash('sha512', $password);
}
try try
{ {
return sodium_crypto_pwhash_str($sha512, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); return sodium_crypto_pwhash_str($sha512, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
@ -709,7 +720,7 @@
/** /**
* Verifies a password against a stored hash. * Verifies a password against a stored hash.
* *
* @param string $sha512 The password to be verified. * @param string $sha512 The sha512 password to be verified.
* @param string $hash The stored password hash to be compared against. * @param string $hash The stored password hash to be compared against.
* @return bool True if the password matches the hash; false otherwise. * @return bool True if the password matches the hash; false otherwise.
* @throws CryptographyException If the password verification process fails. * @throws CryptographyException If the password verification process fails.