SimpleAuthenticator: passwords can be hashed

Author: dg

src/Security/SimpleAuthenticator.php

@@ -25,6 +25,7 @@ public function __construct(
 		private array $passwords,
 		private array $roles = [],
 		private array $data = [],
+		private ?Passwords $verifier = null,
 	) {
 	}
 
@@ -56,6 +57,9 @@ public function authenticate(
 
 	protected function verifyPassword(string $password, string $passOrHash): bool
 	{
+		if (preg_match('~\$.{50,}~A', $passOrHash)) {
+			return $this->verifier->verify($password, $passOrHash);
+		}
 		return $password === $passOrHash;
 	}
 }

tests/Security/SimpleAuthenticator.phpt

@@ -6,6 +6,7 @@
 
 declare(strict_types=1);
 
+use Nette\Security\Passwords;
 use Nette\Security\SimpleAuthenticator;
 use Tester\Assert;
 
@@ -14,16 +15,12 @@ require __DIR__ . '/../bootstrap.php';
 
 
 $users = [
-	'john' => 'password123!',
+	'john' => '$2a$12$dliX6LynG/iChDUF7DhKzulN7d3nU.l3/RozE1MmEaxxBWdZXppm2',
 	'admin' => 'admin',
 ];
 
 $authenticator = new SimpleAuthenticator($users);
 
-$identity = $authenticator->authenticate('john', 'password123!');
-Assert::type(Nette\Security\IIdentity::class, $identity);
-Assert::equal('john', $identity->getId());
-
 $identity = $authenticator->authenticate('admin', 'admin');
 Assert::type(Nette\Security\IIdentity::class, $identity);
 Assert::equal('admin', $identity->getId());
@@ -39,3 +36,16 @@ Assert::exception(
 	Nette\Security\AuthenticationException::class,
 	"User 'nobody' not found.",
 );
+
+
+$authenticator = new SimpleAuthenticator($users, verifier: new Passwords);
+
+$identity = $authenticator->authenticate('john', 'password123!');
+Assert::type(Nette\Security\IIdentity::class, $identity);
+Assert::equal('john', $identity->getId());
+
+Assert::exception(
+	fn() => $authenticator->authenticate('john', $users['john']),
+	Nette\Security\AuthenticationException::class,
+	'Invalid password.',
+);