* The class WebInstallerOutput is now marked as @private.
* (T209699) The jquery.async module has been deprecated. JavaScript code that
needs asynchronous behaviour should use Promises.
+* Password::equals() is deprecated, use verify().
=== Other changes in 1.33 ===
* (T208871) The hard-coded Google search form on the database error page was
}
$pwhash = $this->getPassword( $row->user_password );
- if ( !$pwhash->equals( $req->password ) ) {
+ if ( !$pwhash->verify( $req->password ) ) {
if ( $this->config->get( 'LegacyEncoding' ) ) {
// Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
// Check for this with iconv
$cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $req->password );
- if ( $cp1252Password === $req->password || !$pwhash->equals( $cp1252Password ) ) {
+ if ( $cp1252Password === $req->password || !$pwhash->verify( $cp1252Password ) ) {
return $this->failResponse( $req );
}
} else {
}
$pwhash = $this->getPassword( $row->user_newpassword );
- if ( !$pwhash->equals( $req->password ) ) {
+ if ( !$pwhash->verify( $req->password ) ) {
return $this->failResponse( $req );
}
return false;
}
+ public function verify( $password ) {
+ return false;
+ }
+
public function needsUpdate() {
return false;
}
* @file
*/
+use Wikimedia\Assert\Assert;
+
/**
* Represents a password hash for use in authentication
*
* Password::toString() for each object. This can be overridden to do
* custom comparison, but it is not recommended unless necessary.
*
+ * @deprecated since 1.33, use verify()
+ *
* @param Password|string $other The other password
* @return bool True if equal, false otherwise
*/
public function equals( $other ) {
- if ( !$other instanceof self ) {
- // No need to use the factory because we're definitely making
- // an object of the same type.
- $obj = clone $this;
- $obj->crypt( $other );
- $other = $obj;
+ if ( is_string( $other ) ) {
+ return $this->verify( $other );
}
return hash_equals( $this->toString(), $other->toString() );
}
+ /**
+ * Checks whether the given password matches the hash stored in this object.
+ *
+ * @param string $password Password to check
+ * @return bool
+ */
+ public function verify( $password ) {
+ Assert::parameter( is_string( $password ),
+ '$password', 'must be string, actual: ' . gettype( $password )
+ );
+
+ // No need to use the factory because we're definitely making
+ // an object of the same type.
+ $obj = clone $this;
+ $obj->crypt( $password );
+
+ return hash_equals( $this->toString(), $obj->toString() );
+ }
+
/**
* Convert this hash to a string that can be stored in the database
*
return self::loginHook( $user, $bp,
Status::newFatal( 'botpasswords-needs-reset', $name, $appId ) );
}
- if ( !$passwordObj->equals( $password ) ) {
+ if ( !$passwordObj->verify( $password ) ) {
return self::loginHook( $user, $bp, Status::newFatal( 'wrongpassword' ) );
}
}
$passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory();
- if ( !$passwordFactory->newFromCiphertext( $row->user_password )->equals( $password ) ) {
+ if ( !$passwordFactory->newFromCiphertext( $row->user_password )->verify( $password ) ) {
$passwordHash = $passwordFactory->newFromPlaintext( $password );
$dbw->update(
'user',
$totalPassword = $this->passwordFactory->newFromType( 'testLargeLayeredTop' );
$totalPassword->partialCrypt( $partialPassword );
- $this->assertTrue( $totalPassword->equals( 'testPassword123' ) );
+ $this->assertTrue( $totalPassword->verify( 'testPassword123' ) );
}
}
* @dataProvider providePasswordTests
*/
public function testHashing( $shouldMatch, $hash, $password ) {
- $hash = $this->passwordFactory->newFromCiphertext( $hash );
- $password = $this->passwordFactory->newFromPlaintext( $password, $hash );
- $this->assertSame( $shouldMatch, $hash->equals( $password ) );
+ $fromHash = $this->passwordFactory->newFromCiphertext( $hash );
+ $fromPassword = $this->passwordFactory->newFromPlaintext( $password, $fromHash );
+ $this->assertSame( $shouldMatch, $fromHash->equals( $fromPassword ) );
}
/**
$hashObj = $this->passwordFactory->newFromCiphertext( $hash );
$serialized = $hashObj->toString();
$unserialized = $this->passwordFactory->newFromCiphertext( $serialized );
- $this->assertTrue( $hashObj->equals( $unserialized ) );
+ $this->assertEquals( $hashObj->toString(), $unserialized->toString() );
}
/**