Password Validator v3.0.0 Release Notes
Release Date: 2014-05-14 // almost 10 years ago-
👍 Password Validator now supports salts for legacy hashing
➕ Adds an optional
$legacySalt
argument as the third argument toPasswordValidatorInterface::isValid
. This allows the use of a salt in the$validatorCallback
to validate legacy hashes in theUpgradeDecorator
. Usage of salts in theUpgradeDecorator
was previously not possible.Which means you can now ...
... use @karptonite's Rehashing Password Hashes password security upgrade technique, which I highly recommend. Please read and re-read his post, make sure you understand it, and then implement user authentication against the new hashes with Password Validator and the
UpgradeDecorator
(A sample implementation is demonstrated in theJeremyKendall\Password\Tests\Decorator\KarptoniteRehashUpgradeDecoratorTest
unit test).IMPORTANT: This is a backwards incompatible change
- The
PasswordValidatorInterface::isValid
method signature has changed - Only users of the
StorageDecorator
should be impacted.
If you're using the
StorageDecorator
, your call toPasswordValidatorInterface::isValid
must now include the$salt
argument, even if it's set tonull
.- <= 2.0.3:
$storageDecorator->isValid('password', 'hash', 'username');
= 3.0.0:
$storageDecorator->isValid('password', 'hash', $salt = null, 'username');
- The