ENGCOM-943: #5463 - Use specified hashing algo in \Magento\Framework\Encryption\Encryptor::getHash #13885

magento-engcom-team · magento-engcom-team · commit c8f3c3e1586e · 2018-03-16T09:49:28.000-05:00
- Merge Pull Request #13885 from k4emic/magento2:2.3-develop-5463 - Merged commits: 1. d537d56
diff --git a/lib/internal/Magento/Framework/Encryption/Encryptor.php b/lib/internal/Magento/Framework/Encryption/Encryptor.php
@@ -148,7 +148,7 @@ public function validateCipher($version)
     public function getHash($password, $salt = false, $version = self::HASH_VERSION_LATEST)
     {
         if ($salt === false) {
-            return $this->hash($password);
+            return $this->hash($password, $version);
         }
         if ($salt === true) {
             $salt = self::DEFAULT_SALT_LENGTH;
@@ -160,7 +160,7 @@ public function getHash($password, $salt = false, $version = self::HASH_VERSION_
         return implode(
             self::DELIMITER,
             [
-                $this->hash($salt . $password),
+                $this->hash($salt . $password, $version),
                 $salt,
                 $version
             ]
diff --git a/lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php b/lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php
@@ -207,4 +207,32 @@ public function testValidateKey()
         $this->assertEquals($expectedEncryptedData, $actualEncryptedData);
         $this->assertEquals($crypt->decrypt($expectedEncryptedData), $actual->decrypt($actualEncryptedData));
     }
+
+    public function testUseSpecifiedHashingAlgoDataProvider()
+    {
+        return [
+            ['password', 'salt', Encryptor::HASH_VERSION_MD5,
+             '67a1e09bb1f83f5007dc119c14d663aa:salt:0'],
+            ['password', 'salt', Encryptor::HASH_VERSION_SHA256,
+             '13601bda4ea78e55a07b98866d2be6be0744e3866f13c00c811cab608a28f322:salt:1'],
+            ['password', false, Encryptor::HASH_VERSION_MD5,
+             '5f4dcc3b5aa765d61d8327deb882cf99'],
+            ['password', false, Encryptor::HASH_VERSION_SHA256,
+             '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8']
+        ];
+    }
+
+    /**
+     * @dataProvider testUseSpecifiedHashingAlgoDataProvider
+     *
+     * @param $password
+     * @param $salt
+     * @param $hashAlgo
+     * @param $expected
+     */
+    public function testGetHashMustUseSpecifiedHashingAlgo($password, $salt, $hashAlgo, $expected)
+    {
+        $hash = $this->_model->getHash($password, $salt, $hashAlgo);
+        $this->assertEquals($expected, $hash);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,7 @@ public function validateCipher($version)`
`148`	`148`	`public function getHash($password, $salt = false, $version = self::HASH_VERSION_LATEST)`
`149`	`149`	`{`
`150`	`150`	`if ($salt === false) {`
`151`		`- return $this->hash($password);`
	`151`	`+ return $this->hash($password, $version);`
`152`	`152`	`}`
`153`	`153`	`if ($salt === true) {`
`154`	`154`	`$salt = self::DEFAULT_SALT_LENGTH;`
`@@ -160,7 +160,7 @@ public function getHash($password, $salt = false, $version = self::HASH_VERSION_`
`160`	`160`	`return implode(`
`161`	`161`	`self::DELIMITER,`
`162`	`162`	`[`
`163`		`- $this->hash($salt . $password),`
	`163`	`+ $this->hash($salt . $password, $version),`
`164`	`164`	`$salt,`
`165`	`165`	`$version`
`166`	`166`	`]`