Password Validator v3.0.0

Version Release Notes from May 14, 2014 (almost 10 years ago)

« Changelog History

Password Validator v3.0.0 Release Notes

Release Date: 2014-05-14 // almost 10 years ago

👍 Password Validator now supports salts for legacy hashing

➕ Adds an optional $legacySalt argument as the third argument to PasswordValidatorInterface::isValid. This allows the use of a salt in the $validatorCallback to validate legacy hashes in the UpgradeDecorator. Usage of salts in the UpgradeDecorator was previously not possible.

Which means you can now ...

... use @karptonite's Rehashing Password Hashes password security upgrade technique, which I highly recommend. Please read and re-read his post, make sure you understand it, and then implement user authentication against the new hashes with Password Validator and the UpgradeDecorator (A sample implementation is demonstrated in the JeremyKendall\Password\Tests\Decorator\KarptoniteRehashUpgradeDecoratorTest unit test).

IMPORTANT: This is a backwards incompatible change
- The PasswordValidatorInterface::isValid method signature has changed
- Only users of the StorageDecorator should be impacted.
If you're using the StorageDecorator, your call to PasswordValidatorInterface::isValid must now include the $salt argument, even if it's set to null.

- <= 2.0.3: $storageDecorator->isValid('password', 'hash', 'username');

= 3.0.0: $storageDecorator->isValid('password', 'hash', $salt = null, 'username');

Awesome PHP is part of the LibHunt network. Terms. Privacy Policy.