class HashService (View source)

A hash service which should be used to generate and validate hashes.

Properties

protected string $encryptionKey

A private, unique key used for encryption tasks

protected array $passwordHashingStrategies
protected array $strategySettings
protected ObjectManagerInterface $objectManager
protected StringFrontend $cache

Methods

void
injectSettings(array $settings)

Injects the settings of the package this controller belongs to.

string
generateHmac(string $string)

Generate a hash (HMAC) for a given string

string
appendHmac(string $string)

Appends a hash (HMAC) to a given string and returns the result

bool
validateHmac(string $string, string $hmac)

Tests if a string $string matches the HMAC given by $hash.

string
validateAndStripHmac(string $string)

Tests if the last 40 characters of a given string $string matches the HMAC of the rest of the string and, if true, returns the string without the HMAC. In case of a HMAC validation error, an exception is thrown.

string
hashPassword(string $password, string $strategyIdentifier = 'default')

Hash a password using the configured password hashing strategy

bool
validatePassword(string $password, string $hashedPasswordAndSalt)

Validate a hashed password using the configured password hashing strategy

getPasswordHashingStrategyAndIdentifier(string $strategyIdentifier = 'default')

Get a password hashing strategy

string
getEncryptionKey()

Returns the encryption key from the persistent cache or Data/Persistent directory. If none exists, a new encryption key will be generated and stored in the cache.

Details

void injectSettings(array $settings)

Injects the settings of the package this controller belongs to.

Parameters

array $settings

Settings container of the current package

Return Value

void

string generateHmac(string $string)

Generate a hash (HMAC) for a given string

Parameters

string $string

The string for which a hash should be generated

Return Value

string

The hash of the string

Exceptions

InvalidArgumentForHashGenerationException

string appendHmac(string $string)

Appends a hash (HMAC) to a given string and returns the result

Mark as API once it is more stable

Parameters

string $string

The string for which a hash should be generated

Return Value

string

The original string with HMAC of the string appended

See also

generateHmac()

bool validateHmac(string $string, string $hmac)

Tests if a string $string matches the HMAC given by $hash.

Parameters

string $string

The string which should be validated

string $hmac

The hash of the string

Return Value

bool

true if string and hash fit together, false otherwise.

string validateAndStripHmac(string $string)

Tests if the last 40 characters of a given string $string matches the HMAC of the rest of the string and, if true, returns the string without the HMAC. In case of a HMAC validation error, an exception is thrown.

Mark as API once it is more stable

Parameters

string $string

The string with the HMAC appended (in the format 'string')

Return Value

string

the original string without the HMAC, if validation was successful

Exceptions

InvalidArgumentForHashGenerationException
InvalidHashException

See also

validateHmac()

string hashPassword(string $password, string $strategyIdentifier = 'default')

Hash a password using the configured password hashing strategy

Parameters

string $password

The cleartext password

string $strategyIdentifier

An identifier for a configured strategy, uses default strategy if not specified

Return Value

string

A hashed password with salt (if used)

bool validatePassword(string $password, string $hashedPasswordAndSalt)

Validate a hashed password using the configured password hashing strategy

Parameters

string $password

The cleartext password

string $hashedPasswordAndSalt

The hashed password with salt (if used) and an optional strategy identifier

Return Value

bool

true if the given password matches the hashed password

protected getPasswordHashingStrategyAndIdentifier(string $strategyIdentifier = 'default')

Get a password hashing strategy

Parameters

string $strategyIdentifier

Exceptions

MissingConfigurationException

protected string getEncryptionKey()

Returns the encryption key from the persistent cache or Data/Persistent directory. If none exists, a new encryption key will be generated and stored in the cache.

Return Value

string

The configured encryption key stored in Data/Persistent/EncryptionKey