Merge pull request #7 from vanilla/feature/drupal-password

Feature/drupal password
vanilla · Nov 29, 2021 · e614160 · e614160
2 parents 4f8b079 + de728f7
commit e614160
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 1 deletion.
diff --git a/composer.json b/composer.json
@@ -9,7 +9,8 @@
 		{ "name": "Tim Gunter", "email": "tim@vanillaforums.com", "role": "developer" }
 	],
 	"require": {
-		"php": ">=5.4.0"
+		"php": ">=5.4.0",
+		"mdespeuilles/drupalpasswordencoderbundle": "*"
 	},
 	"require-dev": {
 		"phpunit/phpunit": "~6.0"

diff --git a/src/DrupalPassword.php b/src/DrupalPassword.php
@@ -0,0 +1,50 @@
+<?php
+/**
+ * @author Olivier Lamy-Canuel <olamy-canuel@higherlogic.com>
+ * @copyright 2006 Drupal (Original source code)
+ * @copyright 2021 Higher Logic (Source code changes)
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ *
+ */
+
+namespace Garden\Password;
+
+use Mdespeuilles\DrupalPasswordEncoderBundle\Services\DrupalPasswordEncoder;
+use Mdespeuilles\DrupalPasswordEncoderBundle\Services\Password\PhpassHashedPassword;
+
+/**
+ * Implements Drupal's password hashing algorithm. Valid for Drupal 7 and 8.
+ */
+class DrupalPassword implements PasswordInterface {
+
+    /**
+     * Check for a correct password.
+     *
+     * @param string $password The password in plain text.
+     * @param string $hash The stored password hash.
+     * @return bool Returns true if the password is correct, false if not.
+     */
+    public function verify($password, $hash) {
+        return DrupalPasswordEncoder::isPasswordValid($hash, $password, NULL);
+    }
+
+    /**
+     * Hashes a plaintext password.
+     *
+     * @param string $password The password to hash.
+     * @return string Returns the hashed password.
+     */
+    public function hash($password) {
+        return DrupalPasswordEncoder::encodePassword($password);
+    }
+
+    /**
+     * Checks if a given password hash needs to be re-hashed to a stronger algorithm.
+     *
+     * @param string $hash The hash to check.
+     * @return bool Returns `true`
+     */
+    public function needsRehash($hash) {
+        return PhpassHashedPassword::needsRehash($hash);
+    }
+}
diff --git a/tests/PasswordTest.php b/tests/PasswordTest.php
@@ -8,6 +8,7 @@
 namespace Garden\Tests;
 
 use Garden\Password\DjangoPassword;
+use Garden\Password\DrupalPassword;
 use Garden\Password\PasswordInterface;
 use Garden\Password\PhpassPassword;
 use Garden\Password\PhpPassword;
@@ -308,4 +309,13 @@ public function getPasswordClasses() {
 
         return $result;
     }
+
+    /**
+     * Test some edge cases of {@link DrupalPassword}.
+     */
+    public function testDrupalPassword() {
+        $pw = new DrupalPassword();
+        $this->assertTrue($pw->verify('w_VkxdHRPjRJY7dgfGdb3q98', '$S$DKAFXs1HceSMqIllAL7GDC1/yl78icSWbCGtNCQaFpm3gpjSXYMT'));
+        $this->assertTrue($pw->verify('CSN@Vanilla', '$S$DScF4C6qIjwrGMmnl7Xqbjx9yPCQ3Jq5.1NnpP6ZlYWZPX9HebZo'));
+    }
 }