X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fpassword%2FPassword.php;h=4caff8ef5b189a2a42ec44cfb8c33b4cbcd0fd85;hb=7225215a0d2b5074959d7ea7b1029ad28ea53643;hp=f167f958e6deed914d9ca829d101936416d4ed58;hpb=34c498088e6f61fe8b0474450a8a66d7965d649e;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/Password.php b/includes/password/Password.php
index f167f958e6..4caff8ef5b 100644
--- a/includes/password/Password.php
+++ b/includes/password/Password.php
@@ -33,14 +33,6 @@ use Wikimedia\Assert\Assert;
  * to be fulfilled:
  *  * If Password::toString() is called on an object, and the result is passed back in
  *    to PasswordFactory::newFromCiphertext(), the result will be identical to the original.
- *  * The string representations of two Password objects are equal only if
- *    the original plaintext passwords match. In other words, if the toString() result of
- *    two objects match, the passwords are the same, and the user will be logged in.
- *    Since the string representation of a hash includes its type name (@see Password::toString),
- *    this property is preserved across all classes that inherit Password.
- *    If a hashing scheme does not fulfill this expectation, it must make sure to override the
- *    Password::equals() function and use custom comparison logic. However, this is not
- *    recommended unless absolutely required by the hashing mechanism.
  * With these two points in mind, when creating a new Password sub-class, there are some functions
  * you have to override (because they are abstract) and others that you may want to override.
  *
@@ -56,8 +48,9 @@ use Wikimedia\Assert\Assert;
  *  * Password::toString(), which can be useful if the hash was changed in the constructor and
  *    needs to be re-assembled before being returned as a string. This function is expected to add
  *    the type back on to the hash, so make sure to do that if you override the function.
- *  * Password::equals() - This function compares two Password objects to see if they are equal.
- *    The default is to just do a timing-safe string comparison on the $this->hash values.
+ *  * Password::verify() - This function checks if $this->hash was generated with the given
+ *    password. The default is to just hash the password and do a timing-safe string comparison with
+ *    $this->hash.
  *
  * After creating a new password hash type, it can be registered using the static
  * Password::register() method. The default type is set using the Password::setDefaultType() type.
@@ -101,8 +94,11 @@ abstract class Password {
 	 * @param string|null $hash The raw hash, including the type
 	 */
 	final public function __construct( PasswordFactory $factory, array $config, $hash = null ) {
+		if ( !$this->isSupported() ) {
+			throw new Exception( 'PHP support not found for ' . get_class( $this ) );
+		}
 		if ( !isset( $config['type'] ) ) {
-			throw new MWException( 'Password configuration must contain a type name.' );
+			throw new Exception( 'Password configuration must contain a type name.' );
 		}
 		$this->config = $config;
 		$this->factory = $factory;
@@ -125,6 +121,15 @@ abstract class Password {
 		return $this->config['type'];
 	}
 
+	/**
+	 * Whether current password type is supported on this system.
+	 *
+	 * @return bool
+	 */
+	protected function isSupported() {
+		return true;
+	}
+
 	/**
 	 * Perform any parsing necessary on the hash to see if the hash is valid
 	 * and/or to perform logic for seeing if the hash needs updating.
@@ -169,9 +174,7 @@ abstract class Password {
 	 * @return bool
 	 */
 	public function verify( $password ) {
-		Assert::parameter( is_string( $password ),
-			'$password', 'must be string, actual: ' . gettype( $password )
-		);
+		Assert::parameterType( 'string', $password, '$password' );
 
 		// No need to use the factory because we're definitely making
 		// an object of the same type.