Cast null password to string before passing to password_verify

weierophinney · weierophinney · commit 3c27b3cca62c · 2017-12-12T15:34:51.000-06:00
Fails under strict_types otherwise!
diff --git a/src/UserRepository/Htpasswd.php b/src/UserRepository/Htpasswd.php
@@ -61,9 +61,10 @@ public function authenticate(string $credential, string $password = null) : ?Use
         }
         fclose($handle);
 
-        return $found && password_verify($password, $hash) ?
-               $this->generateUser($credential) :
-               null;
+        return $found
+            && password_verify($password === null ? '' : $password, $hash)
+                ? $this->generateUser($credential)
+                : null;
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -61,9 +61,10 @@ public function authenticate(string $credential, string $password = null) : ?Use`
`61`	`61`	`}`
`62`	`62`	`fclose($handle);`
`63`	`63`
`64`		`- return $found && password_verify($password, $hash) ?`
`65`		`- $this->generateUser($credential) :`
`66`		`- null;`
	`64`	`+ return $found`
	`65`	`+ && password_verify($password === null ? '' : $password, $hash)`
	`66`	`+ ? $this->generateUser($credential)`
	`67`	`+ : null;`
`67`	`68`	`}`
`68`	`69`
`69`	`70`	`/**`