Merge remote-tracking branch 'origin/MC-19686' into 2.3-develop-pr80

svitja · svitja · commit 175088615599 · 2019-10-29T15:37:33.000+02:00
diff --git a/lib/internal/Magento/Framework/Encryption/Encryptor.php b/lib/internal/Magento/Framework/Encryption/Encryptor.php
@@ -273,11 +273,12 @@ public function isValidHash($password, $hash)
     {
         try {
             $this->explodePasswordHash($hash);
+            $recreated = $password;
             foreach ($this->getPasswordVersion() as $hashVersion) {
                 if ($hashVersion === self::HASH_VERSION_ARGON2ID13) {
-                    $recreated = $this->getArgonHash($password, $this->getPasswordSalt());
+                    $recreated = $this->getArgonHash($recreated, $this->getPasswordSalt());
                 } else {
-                    $recreated = $this->generateSimpleHash($this->getPasswordSalt() . $password, $hashVersion);
+                    $recreated = $this->generateSimpleHash($this->getPasswordSalt() . $recreated, $hashVersion);
                 }
                 $hash = $this->getPasswordHash();
             }
diff --git a/lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php b/lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php
@@ -152,6 +152,7 @@ public function validateHashDataProvider(): array
             ['password', 'hash:salt:1', false],
             ['password', '67a1e09bb1f83f5007dc119c14d663aa:salt:0', true],
             ['password', '13601bda4ea78e55a07b98866d2be6be0744e3866f13c00c811cab608a28f322:salt:1', true],
+            ['password', 'c6aad9e058f6c4b06187c06d2b69bf506a786af030f81fb6d83778422a68205e:salt:1:2', true],
         ];
     }
 

Original file line number	Diff line number	Diff line change
`@@ -273,11 +273,12 @@ public function isValidHash($password, $hash)`
`273`	`273`	`{`
`274`	`274`	`try {`
`275`	`275`	`$this->explodePasswordHash($hash);`
	`276`	`+ $recreated = $password;`
`276`	`277`	`foreach ($this->getPasswordVersion() as $hashVersion) {`
`277`	`278`	`if ($hashVersion === self::HASH_VERSION_ARGON2ID13) {`
`278`		`- $recreated = $this->getArgonHash($password, $this->getPasswordSalt());`
	`279`	`+ $recreated = $this->getArgonHash($recreated, $this->getPasswordSalt());`
`279`	`280`	`} else {`
`280`		`- $recreated = $this->generateSimpleHash($this->getPasswordSalt() . $password, $hashVersion);`
	`281`	`+ $recreated = $this->generateSimpleHash($this->getPasswordSalt() . $recreated, $hashVersion);`
`281`	`282`	`}`
`282`	`283`	`$hash = $this->getPasswordHash();`
`283`	`284`	`}`
Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,7 @@ public function validateHashDataProvider(): array`
`152`	`152`	`['password', 'hash:salt:1', false],`
`153`	`153`	`['password', '67a1e09bb1f83f5007dc119c14d663aa:salt:0', true],`
`154`	`154`	`['password', '13601bda4ea78e55a07b98866d2be6be0744e3866f13c00c811cab608a28f322:salt:1', true],`
	`155`	`+ ['password', 'c6aad9e058f6c4b06187c06d2b69bf506a786af030f81fb6d83778422a68205e:salt:1:2', true],`
`155`	`156`	`];`
`156`	`157`	`}`
`157`	`158`