Skip to content

PHP 7.4: new NewPasswordAlgoConstantValues sniff#865

Merged
wimg merged 1 commit intomasterfrom
php-7.4/new-password-hash-algo-constant-values-sniff
Aug 28, 2019
Merged

PHP 7.4: new NewPasswordAlgoConstantValues sniff#865
wimg merged 1 commit intomasterfrom
php-7.4/new-password-hash-algo-constant-values-sniff

Conversation

@jrfnl
Copy link
Member

@jrfnl jrfnl commented Aug 20, 2019
edited
Loading

Password hashing algorithm identifiers are now nullable strings rather
than integers.

  • PASSWORD_DEFAULT was int 1; now is null
  • PASSWORD_BCRYPT was int 1; now is string '2y'
  • PASSWORD_ARGON2I was int 2; now is string 'argon2i'
  • PASSWORD_ARGON2ID was int 3; now is string 'argon2id'

Applications correctly using the constants PASSWORD_DEFAULT,
PASSWORD_BCRYPT, PASSWORD_ARGON2I, and PASSWORD_ARGON2ID will continue to
function correctly.

Refs:

Includes unit tests.

Note: while deprecated in name, it looks like the deprecation warning for use of the constant value rather than the constant has not been implemented.
All the more reason, of course, that the sniff is necessary.

Related to #808

@jrfnl jrfnl added this to the 9.3.0 milestone Aug 20, 2019
@jrfnl jrfnl requested a review from wimg August 20, 2019 01:37
@jrfnl jrfnl mentioned this pull request Aug 20, 2019
Open
40 tasks
@jrfnl jrfnl force-pushed the php-7.4/new-password-hash-algo-constant-values-sniff branch from dabce45 to fc6d897 Compare August 21, 2019 05:12
@jrfnl
✨ PHP 7.4: new NewPasswordAlgoConstantValues sniff
06314df 
> Password hashing algorithm identifiers are now nullable strings rather
>  than integers.
>
>  * PASSWORD_DEFAULT was int 1; now is null
>  * PASSWORD_BCRYPT was int 1; now is string '2y'
>  * PASSWORD_ARGON2I was int 2; now is string 'argon2i'
>  * PASSWORD_ARGON2ID was int 3; now is string 'argon2id'
>
>  Applications correctly using the constants PASSWORD_DEFAULT,
>  PASSWORD_BCRYPT, PASSWORD_ARGON2I, and PASSWORD_ARGON2ID will continue to
function correctly.

Refs:
* https://wiki.php.net/rfc/password_registry
* https://github.com/php/php-src/blob/86d751f696786bcb95c580482c9884e41ccf2406/UPGRADING#L131-L141
* php/php-src@534df87

Includes unit tests.

**Note**: while deprecated in name, it looks like the deprecation warning for use of the _constant value_ rather than the _constant_ has not been implemented.
All the more reason, of course, that the sniff is necessary.
@jrfnl jrfnl force-pushed the php-7.4/new-password-hash-algo-constant-values-sniff branch from fc6d897 to 06314df Compare August 21, 2019 09:48
@wimg wimg merged commit a63167b into master Aug 28, 2019
@delete-merged-branch delete-merged-branch bot deleted the php-7.4/new-password-hash-algo-constant-values-sniff branch August 28, 2019 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wimg wimg wimg approved these changes

Assignees

No one assigned

Labels

Type: enhancement

Projects

None yet

Milestone

9.3.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jrfnl @wimg