ENGCOM-944: #5463 - Use specified hashing algo in \Magento\Framework\Encryption\Encryptor::getHash #13886

Stanislav Idolov · web-flow · commit 000fe3f2ead6 · 2018-03-19T15:47:32.000+02:00
diff --git a/lib/internal/Magento/Framework/Encryption/Encryptor.php b/lib/internal/Magento/Framework/Encryption/Encryptor.php
@@ -143,7 +143,7 @@ public function validateCipher($version)
     public function getHash($password, $salt = false, $version = self::HASH_VERSION_LATEST)
     {
         if ($salt === false) {
-            return $this->hash($password);
+            return $this->hash($password, $version);
         }
         if ($salt === true) {
             $salt = self::DEFAULT_SALT_LENGTH;
@@ -155,7 +155,7 @@ public function getHash($password, $salt = false, $version = self::HASH_VERSION_
         return implode(
             self::DELIMITER,
             [
-                $this->hash($salt . $password),
+                $this->hash($salt . $password, $version),
                 $salt,
                 $version
             ]
diff --git a/lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php b/lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php
@@ -207,4 +207,32 @@ public function testValidateKey()
         $this->assertEquals($expectedEncryptedData, $actualEncryptedData);
         $this->assertEquals($crypt->decrypt($expectedEncryptedData), $actual->decrypt($actualEncryptedData));
     }
+
+    public function testUseSpecifiedHashingAlgoDataProvider()
+    {
+        return [
+            ['password', 'salt', Encryptor::HASH_VERSION_MD5,
+             '67a1e09bb1f83f5007dc119c14d663aa:salt:0'],
+            ['password', 'salt', Encryptor::HASH_VERSION_SHA256,
+             '13601bda4ea78e55a07b98866d2be6be0744e3866f13c00c811cab608a28f322:salt:1'],
+            ['password', false, Encryptor::HASH_VERSION_MD5,
+             '5f4dcc3b5aa765d61d8327deb882cf99'],
+            ['password', false, Encryptor::HASH_VERSION_SHA256,
+             '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8']
+        ];
+    }
+
+    /**
+     * @dataProvider testUseSpecifiedHashingAlgoDataProvider
+     *
+     * @param $password
+     * @param $salt
+     * @param $hashAlgo
+     * @param $expected
+     */
+    public function testGetHashMustUseSpecifiedHashingAlgo($password, $salt, $hashAlgo, $expected)
+    {
+        $hash = $this->_model->getHash($password, $salt, $hashAlgo);
+        $this->assertEquals($expected, $hash);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ public function validateCipher($version)`
`143`	`143`	`public function getHash($password, $salt = false, $version = self::HASH_VERSION_LATEST)`
`144`	`144`	`{`
`145`	`145`	`if ($salt === false) {`
`146`		`- return $this->hash($password);`
	`146`	`+ return $this->hash($password, $version);`
`147`	`147`	`}`
`148`	`148`	`if ($salt === true) {`
`149`	`149`	`$salt = self::DEFAULT_SALT_LENGTH;`
`@@ -155,7 +155,7 @@ public function getHash($password, $salt = false, $version = self::HASH_VERSION_`
`155`	`155`	`return implode(`
`156`	`156`	`self::DELIMITER,`
`157`	`157`	`[`
`158`		`- $this->hash($salt . $password),`
	`158`	`+ $this->hash($salt . $password, $version),`
`159`	`159`	`$salt,`
`160`	`160`	`$version`
`161`	`161`	`]`