Comments (22)
Oh, dang, forgot about that. I think uses the ints instead of the constant would solve it:
public $hashMemoryCost = 1024; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST
from myth-auth.
**PASSWORD_ARGON2I**
- Use the Argon2i hashing algorithm to create the hash. This algorithm is only available if PHP has been compiled with Argon2 support.
**PASSWORD_ARGON2ID**
- Use the Argon2id hashing algorithm to create the hash. This algorithm is only available if PHP has been compiled with Argon2 support.
You're right. I understood it came by default with php 7.2.
Sorry for that.
Lonnie, not quite. If it's not compiled with ARGON2I support, it won't matter If you use ints or the constant name. I just won't work as it will not know the algorithm to use.
If it does have support compiled into php, then constants or ints is the same.
Will check the condition to load ARGON2i if it has support, and maybe default to BCRYPT or DEFAULT if it doesn't.
What do you think?
from myth-auth.
BTW, Argon2i comes as of PHP 7.2 and Argon2iD as of PHP 7.3
from myth-auth.
I'm on 7.2.19 and got the error. I think a fresh install might include it by default but upgrades from previous PHP versions not compiled with the support won't add it. Just a guess though
from myth-auth.
Yes, I meant the possibility of having it :)
from myth-auth.
Oh! Sorry, misunderstood. It does appear to be compiled by default at some point, best as I can tell. Pretty new library so not a lot of clear info on it.
from myth-auth.
What do you think about defaulting to BCRYPT instead of DEFAULT?
Or maybe we can add another CONSTANT named $fallbackHashAlgorithm?
from myth-auth.
What do you think about defaulting to BCRYPT instead of DEFAULT?
Or maybe we can add another CONSTANT named $fallbackHashAlgorithm?
What is the issue with defaulting to DEFAULT? I believe in most (all?) versions of PHP that's Bcrypt anyway. If the system has a different one set (or a new PHP version is installed that defaults to a different algo) then Myth:Auth upgrades the passwords for them.
from myth-auth.
Something like:
in Auth config
// Valid values are PASSWORD_DEFAULT, PASSWORD_BCRYPT and PASSWORD_ARGON2I.
public $hashAlgorithm = PASSWORD_ARGON2I;
public $fallbackHashAlgorithm = PASSWORD_DEFAULT;
and in User Entity
if( defined(PASSWORD_ARGON2I) && ($config->hashAlgorithm == PASSWORD_ARGON2I))
{
$hashOptions = [
'memory_cost' => $config->hashMemoryCost,
'time_cost' => $config->hashTimeCost,
'threads' => $config->hashThreads
];
}
else
{
$config->hashAlgorithm = $config->$fallbackHashAlgorithm;
from myth-auth.
True Lonnie, I got carried away :)
from myth-auth.
You can’t even use the constant PASSWORD_ARGON2I
without having the module installed
from myth-auth.
Exactly, in which case defined(PASSWORD_ARGON2I)
would be false
from myth-auth.
Yes but the config file will fail to load if you have this:
public $hashAlgorithm = PASSWORD_ARGON2I;
from myth-auth.
Ok, so maybe it's better to ship it with DEFAULT as default value, but keep the User Entity changes in case it has support and admin choses to set it in config
from myth-auth.
Nope, true problem is we cannot use a conditional in a class definition (Auth) so there's no way to check if there's support for these constants.
from myth-auth.
I think this would work:
public $hashAlgorithm = defined(PASSWORD_ARGON2I) ? PASSWORD_ARGON2I : PASSWORD_DEFAULT;
But I think it would also be a fine solution to ship with PASSWORD_DEFAULT
and instructions on the other options, then use defined()
in Entity as you have it, for folks who wanted to go that route.
from myth-auth.
Not sure, it may become complex if you take into account ARGON2ID as well. One too many if's
from myth-auth.
Would look like this
if (
(defined(PASSWORD_ARGON2I) && ($config->hashAlgorithm == PASSWORD_ARGON2I))
||
(defined(PASSWORD_ARGON2ID) && ($config->hashAlgorithm == PASSWORD_ARGON2ID))
)
If you're ok with it, I can implement it, but there has to be another way to make it cleaner
from myth-auth.
Won't work.
I tried this -without support for 2ID- and it throws an exception.
Error available in https://ibb.co/mGv3gLs
Maybe it's better to fallback to state previous to merge.
from myth-auth.
Found the issue. Will pr in a minute
from myth-auth.
Corrected in fix #74
Can be closed now
from myth-auth.
Confirmed working! Thanks for the quick PR
from myth-auth.
Related Issues (20)
- routes are not defined after successful installation HOT 1
- Failed to send activation message HOT 2
- Invalidating Sessions On Other Devices HOT 1
- Call to undefined method error HOT 2
- Undefined array key 1 HOT 1
- Attempt to read property 'force_pass_reset' on null HOT 5
- Login issue after registration with success notification HOT 12
- Accessing property "userName" and "email" is deprecated, in UserModel::fake HOT 2
- Help Error! Unable to locate a user with that activation code. HOT 8
- CodeIgniter\Validation\Exceptions\ValidationException "strong_password" is not a valid rule. HOT 1
- Update to Codeigniter 4.4.0 HOT 3
- Validation.php ErrorException Undefined array key 1 HOT 2
- After update Codeigniter to 4.4.0 version, it thrown error Attempt to read property "driver" on null HOT 3
- Codeigniter v4.4.0 changes: cookie config now in Cookie.php not App.php HOT 1
- Help, Can't POST data to DB When Register.
- Error HOT 2
- ASK Invalid cookie expiration time after setting allow Remember me to true HOT 10
- register error issue myth auth HOT 1
- ValidatorInterface error due to CI 4.5 HOT 2
- Undefined property: Config\App::$cookieDomain
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from myth-auth.