Code Coverage for /var/www/src/Eccube/Security/Core/Encoder/PasswordEncoder.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	33.33% covered (danger)	33.33%	1 / 3	CRAP	63.16% covered (warning)	63.16%	12 / 19
PasswordEncoder	0.00% covered (danger)	0.00%	0 / 1	33.33% covered (danger)	33.33%	1 / 3	15.00	63.16% covered (warning)	63.16%	12 / 19
__construct				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	2 / 2
encodePassword				0.00% covered (danger)	0.00%	0 / 1	3.33	66.67% covered (warning)	66.67%	4 / 6
isPasswordValid				0.00% covered (danger)	0.00%	0 / 1	9.38	54.55% covered (warning)	54.55%	6 / 11

1	<?php
2	/*
3	* This file is part of EC-CUBE
4	*
5	* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
6	*
7	* http://www.lockon.co.jp/
8	*
9	* This program is free software; you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License
11	* as published by the Free Software Foundation; either version 2
12	* of the License, or (at your option) any later version.
13	*
14	* This program is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program; if not, write to the Free Software
21	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22	*/
23
24
25	namespace Eccube\Security\Core\Encoder;
26
27	use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
28
29	class PasswordEncoder implements PasswordEncoderInterface
30	{
31
32	/* @var $config array */
33	public $config;
34
35	public function __construct(array $config)
36	{
37	$this->config = $config;
38	}
39
40	/**
41	* Encodes the raw password.
42	*
43	* @param string $raw The password to encode
44	* @param string $salt The salt
45	*
46	* @return string The encoded password
47	*/
48	public function encodePassword($raw, $salt)
49	{
50	if ($salt == '') {
51	$salt = $this->config['auth_magic'];
52	}
53	if ($this->config['auth_type'] == 'PLAIN') {
54	$res = $raw;
55	} else {
56	$res = hash_hmac($this->config['password_hash_algos'], $raw . ':' . $this->config['auth_magic'], $salt);
57	}
58
59	return $res;
60	}
61
62	/**
63	* Checks a raw password against an encoded password.
64	*
65	* @param string $encoded An encoded password
66	* @param string $raw A raw password
67	* @param string $salt The salt
68	*
69	* @return bool true if the password is valid, false otherwise
70	*/
71	public function isPasswordValid($encoded, $raw, $salt)
72	{
73	if ($encoded == '') {
74	return false;
75	}
76
77	if ($this->config['auth_type'] == 'PLAIN') {
78	if ($raw === $encoded) {
79	return true;
80	}
81	} else {
82	// 旧バージョン(2.11未満)からの移行を考慮
83	if (empty($salt)) {
84	$hash = sha1($raw . ':' . $this->config['auth_magic']);
85	} else {
86	$hash = $this->encodePassword($raw, $salt);
87	}
88
89	if ($hash === $encoded) {
90	return true;
91	}
92	}
93
94	return false;
95	}
96
97	}