symfony
diff --git a/‎Encoder/Argon2Trait.php
Lines changed: 0 additions & 52 deletions b/‎Encoder/Argon2Trait.php
Lines changed: 0 additions & 52 deletions
diff --git a/‎Encoder/Argon2iPasswordEncoder.php
Lines changed: 47 additions & 21 deletions b/‎Encoder/Argon2iPasswordEncoder.php
Lines changed: 47 additions & 21 deletions
diff --git a/‎Encoder/Argon2idPasswordEncoder.php
Lines changed: 0 additions & 88 deletions b/‎Encoder/Argon2idPasswordEncoder.php
Lines changed: 0 additions & 88 deletions
diff --git a/‎Encoder/EncoderFactory.php
Lines changed: 7 additions & 9 deletions b/‎Encoder/EncoderFactory.php
Lines changed: 7 additions & 9 deletions
diff --git a/‎Encoder/SodiumPasswordEncoder.php
Lines changed: 84 additions & 0 deletions b/‎Encoder/SodiumPasswordEncoder.php
Lines changed: 84 additions & 0 deletions
@@ -11,17 +11,39 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.3, use "%s" instead.', Argon2iPasswordEncoder::class, SodiumPasswordEncoder::class), E_USER_DEPRECATED);
+
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 
 /**
  * Argon2iPasswordEncoder uses the Argon2i hashing algorithm.
  *
  * @author Zan Baldwin <[email protected]>
  * @author Dominik Müller <[email protected]>
+ *
+ * @deprecated since Symfony 4.3, use SodiumPasswordEncoder instead
  */
 class Argon2iPasswordEncoder extends BasePasswordEncoder implements SelfSaltingEncoderInterface
 {
-    use Argon2Trait;
+    private $config = [];
+
+    /**
+     * Argon2iPasswordEncoder constructor.
+     *
+     * @param int|null $memoryCost memory usage of the algorithm
+     * @param int|null $timeCost   number of iterations
+     * @param int|null $threads    number of parallel threads
+     */
+    public function __construct(int $memoryCost = null, int $timeCost = null, int $threads = null)
+    {
+        if (\defined('PASSWORD_ARGON2I')) {
+            $this->config = [
+                'memory_cost' => $memoryCost ?? \PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+                'time_cost' => $timeCost ?? \PASSWORD_ARGON2_DEFAULT_TIME_COST,
+                'threads' => $threads ?? \PASSWORD_ARGON2_DEFAULT_THREADS,
+            ];
+        }
+    }
 
     public static function isSupported()
     {
@@ -46,12 +68,9 @@ public function encodePassword($raw, $salt)
         }
 
         if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I')) {
-            return $this->encodePasswordNative($raw, \PASSWORD_ARGON2I);
-        } elseif (\function_exists('sodium_crypto_pwhash_str')) {
-            if (Argon2idPasswordEncoder::isDefaultSodiumAlgorithm()) {
-                @trigger_error(sprintf('Using "%s" while only the "argon2id" algorithm is supported is deprecated since Symfony 4.3, use "%s" instead.', __CLASS__, Argon2idPasswordEncoder::class), E_USER_DEPRECATED);
-            }
-
+            return $this->encodePasswordNative($raw);
+        }
+        if (\function_exists('sodium_crypto_pwhash_str')) {
             return $this->encodePasswordSodiumFunction($raw);
         }
         if (\extension_loaded('libsodium')) {
@@ -66,20 +85,10 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        if ($this->isPasswordTooLong($raw)) {
-            return false;
-        }
-
-        // If $encoded was created via "sodium_crypto_pwhash_str()", the hashing algorithm may be "argon2id" instead of "argon2i"
-        if ($isArgon2id = (0 === strpos($encoded, Argon2idPasswordEncoder::HASH_PREFIX))) {
-            @trigger_error(sprintf('Calling "%s()" with a password hashed using argon2id is deprecated since Symfony 4.3, use "%s" instead.', __METHOD__, Argon2idPasswordEncoder::class), E_USER_DEPRECATED);
-        }
-
-        if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I')) {
-            // Remove the right part of the OR in 5.0
-            if (\defined('PASSWORD_ARGON2I') || $isArgon2id && \defined('PASSWORD_ARGON2ID')) {
-                return password_verify($raw, $encoded);
-            }
+        // If $encoded was created via "sodium_crypto_pwhash_str()", the hashing algorithm may be "argon2id" instead of "argon2i".
+        // In this case, "password_verify()" cannot be used.
+        if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I') && (false === strpos($encoded, '$argon2id$'))) {
+            return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
         }
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
             $valid = !$this->isPasswordTooLong($raw) && \sodium_crypto_pwhash_str_verify($encoded, $raw);
@@ -97,6 +106,23 @@ public function isPasswordValid($encoded, $raw, $salt)
         throw new \LogicException('Argon2i algorithm is not supported. Please install the libsodium extension or upgrade to PHP 7.2+.');
     }
 
+    private function encodePasswordNative($raw)
+    {
+        return password_hash($raw, \PASSWORD_ARGON2I, $this->config);
+    }
+
+    private function encodePasswordSodiumFunction($raw)
+    {
+        $hash = \sodium_crypto_pwhash_str(
+            $raw,
+            \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+            \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
+        );
+        \sodium_memzero($raw);
+
+        return $hash;
+    }
+
     private function encodePasswordSodiumExtension($raw)
     {
         $hash = \Sodium\crypto_pwhash_str(
 
@@ -108,18 +108,16 @@ private function getEncoderConfigFromAlgorithm($config)
                     'arguments' => [$config['cost']],
                 ];
 
-            case 'argon2i':
+            case 'sodium':
                 return [
-                    'class' => Argon2iPasswordEncoder::class,
-                    'arguments' => [
-                        $config['memory_cost'],
-                        $config['time_cost'],
-                        $config['threads'],
-                    ],
+                    'class' => SodiumPasswordEncoder::class,
+                    'arguments' => [],
                 ];
-            case 'argon2id':
+
+            /* @deprecated since Symfony 4.3 */
+            case 'argon2i':
                 return [
-                    'class' => Argon2idPasswordEncoder::class,
+                    'class' => Argon2iPasswordEncoder::class,
                     'arguments' => [
                         $config['memory_cost'],
                         $config['time_cost'],
 
@@ -0,0 +1,84 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\Exception\LogicException;
+
+/**
+ * Hashes passwords using libsodium.
+ *
+ * @author Robin Chalas <[email protected]>
+ * @author Zan Baldwin <[email protected]>
+ * @author Dominik Müller <[email protected]>
+ *
+ * @final
+ */
+class SodiumPasswordEncoder extends BasePasswordEncoder implements SelfSaltingEncoderInterface
+{
+    public static function isSupported(): bool
+    {
+        if (\class_exists('ParagonIE_Sodium_Compat') && \method_exists('ParagonIE_Sodium_Compat', 'crypto_pwhash_is_available')) {
+            return \ParagonIE_Sodium_Compat::crypto_pwhash_is_available();
+        }
+
+        return \function_exists('sodium_crypto_pwhash_str') || \extension_loaded('libsodium');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function encodePassword($raw, $salt)
+    {
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
+
+        if (\function_exists('sodium_crypto_pwhash_str')) {
+            return \sodium_crypto_pwhash_str(
+                $raw,
+                \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+                \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
+            );
+        }
+
+        if (\extension_loaded('libsodium')) {
+            return \Sodium\crypto_pwhash_str(
+                $raw,
+                \Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+                \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
+            );
+        }
+
+        throw new LogicException('Libsodium is not available. You should either install the sodium extension, upgrade to PHP 7.2+ or use a different encoder.');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isPasswordValid($encoded, $raw, $salt)
+    {
+        if ($this->isPasswordTooLong($raw)) {
+            return false;
+        }
+
+        if (\function_exists('sodium_crypto_pwhash_str_verify')) {
+            return \sodium_crypto_pwhash_str_verify($encoded, $raw);
+        }
+
+        if (\extension_loaded('libsodium')) {
+            return \Sodium\crypto_pwhash_str_verify($encoded, $raw);
+        }
+
+        throw new LogicException('Libsodium is not available. You should either install the sodium extension, upgrade to PHP 7.2+ or use a different encoder.');
+    }
+}