Separate the update API password endpoint (#2675)

* Extract hashPassword method from userController * Extract and refactor fever key-related methods * Move update of API password to dedicated action * Simplify the controller by refactoring feverUtil * Add locales
author: Marien Fressinaud <dev@marienfressinaud.fr> 2019-12-03 23:11:06 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2019-12-03 23:11:06 +0100
commit: d0f1f9f141a58e090d210c221a7c1745378b96a3 (patch)
tree: 5d538ee048a14d29f8091d9e85cf391ada48ae83 /app/Utils/passwordUtil.php
parent: 15b8ef8f40f249ace343696df216f2d61f8249d0 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/app/Utils/passwordUtil.php b/app/Utils/passwordUtil.php
new file mode 100644
index 000000000..fd71d4b72
--- /dev/null
+++ b/app/Utils/passwordUtil.php
@@ -0,0 +1,27 @@
+<?php
+
+class FreshRSS_password_Util {
+	// Will also have to be computed client side on mobile devices,
+	// so do not use a too high cost
+	const BCRYPT_COST = 9;
+
+	/**
+	 * Return a hash of a plain password, using BCRYPT
+	 *
+	 * @param string
+	 * @return string
+	 */
+	public static function hash($passwordPlain) {
+		$passwordHash = password_hash(
+			$passwordPlain,
+			PASSWORD_BCRYPT,
+			array('cost' => self::BCRYPT_COST)
+		);
+		$passwordPlain = '';
+
+		// Compatibility with bcrypt.js
+		$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);
+
+		return $passwordHash == '' ? '' : $passwordHash;
+	}
+}
author	Marien Fressinaud <dev@marienfressinaud.fr>	2019-12-03 23:11:06 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2019-12-03 23:11:06 +0100
commit	d0f1f9f141a58e090d210c221a7c1745378b96a3 (patch)
tree	5d538ee048a14d29f8091d9e85cf391ada48ae83 /app/Utils/passwordUtil.php
parent	15b8ef8f40f249ace343696df216f2d61f8249d0 (diff)