All Versions
Latest Version
Avg Release Cycle
104 days
Latest Release
3046 days ago

Changelog History

  • v3.0.4 Changes

    January 26, 2016

    📚 Password Validator is now PHP 7.0 compatible! Thanks to @nicoSWD for documentation updates and to @garethellis36 for the PHP 7.0 compatibility PR.

  • v3.0.3 Changes

    March 25, 2015

    ⚡️ Updates wp-cli/php-cli-tools dependency

  • v3.0.2 Changes

    September 18, 2014
    • 🛠 Fixes a bug in AbstractDecorator::isValid().
    • 📇 Renames a few args to match the PasswordValidatorInterface.
  • v3.0.1 Changes

    May 14, 2014

    ⬆️ Cleans up UpgradeDecoratorTest.

  • v3.0.0 Changes

    May 14, 2014

    👍 Password Validator now supports salts for legacy hashing

    ➕ Adds an optional $legacySalt argument as the third argument to PasswordValidatorInterface::isValid. This allows the use of a salt in the $validatorCallback to validate legacy hashes in the UpgradeDecorator. Usage of salts in the UpgradeDecorator was previously not possible.

    Which means you can now ...

    ... use @karptonite's Rehashing Password Hashes password security upgrade technique, which I highly recommend. Please read and re-read his post, make sure you understand it, and then implement user authentication against the new hashes with Password Validator and the UpgradeDecorator (A sample implementation is demonstrated in the JeremyKendall\Password\Tests\Decorator\KarptoniteRehashUpgradeDecoratorTest unit test).

    IMPORTANT: This is a backwards incompatible change

    • The PasswordValidatorInterface::isValid method signature has changed
    • Only users of the StorageDecorator should be impacted.

    If you're using the StorageDecorator, your call to PasswordValidatorInterface::isValid must now include the $salt argument, even if it's set to null.

    - <= 2.0.3: $storageDecorator->isValid('password', 'hash', 'username');

    = 3.0.0: $storageDecorator->isValid('password', 'hash', $salt = null, 'username');

  • v2.0.3 Changes

    March 14, 2014

    🚀 This release is to fix my Semantic Versioning mistake of releasing 1.0.0 as the production release after releasing 2.0.3-beta as the final beta. 2.0.3 === 1.0.0. The version number is solely intended to get back on track with semver.

  • v2.0.3-beta Changes

    February 15, 2014

    🛠 Fixes a dependency issue (see #2 and #3).

    Thanks to @unisys12 for the report and the fix!

  • v2.0.2-beta Changes

    January 29, 2014
    • 🛠 Fixes rehash bug
      • password_needs_rehash didn't get options passed
      • password_needs_rehash always returned true when cost != 10
    • ⚡️ Various housekeeping/cruft updates
  • v2.0.1-beta Changes

    January 12, 2014
    • 📚 Updates documentation
  • v1.0.0

    February 17, 2014