From 632085f5b62b8df09b3710ccfd64148579447e2e Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Sun, 26 Apr 2026 09:06:21 +0300
Subject: [PATCH] inject PasswordHasher into CreateUser and AuthenticateUser

Replace direct password_hash and password_verify calls with the
injected PasswordHasher so the bcrypt cost can be substituted out
in tests. Production wiring is handled by the container's autowiring
of BcryptPasswordHasher.

This commit alone breaks the test suite because the existing tests
construct these use cases without the new dependency; the next
commit restores green by introducing FakePasswordHasher.
---
 app/User/UseCases/AuthenticateUser.php | 4 +++-
 app/User/UseCases/CreateUser.php       | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/User/UseCases/AuthenticateUser.php b/app/User/UseCases/AuthenticateUser.php
index 56281b1..a889a06 100644
--- a/app/User/UseCases/AuthenticateUser.php
+++ b/app/User/UseCases/AuthenticateUser.php
@@ -2,6 +2,7 @@
 
 namespace App\User\UseCases;
 
+use App\Auth\PasswordHasher;
 use App\Exceptions\BadRequestException;
 use App\Exceptions\UnauthorizedException;
 use App\User\User;
@@ -12,6 +13,7 @@ class AuthenticateUser
 {
     public function __construct(
         private UserRepository $userRepo,
+        private PasswordHasher $passwordHasher,
     ) {}
 
     /**
@@ -35,7 +37,7 @@ class AuthenticateUser
             throw new UnauthorizedException('invalid credentials');
         }
 
-        $passwordMatches = password_verify(
+        $passwordMatches = $this->passwordHasher->verify(
             $request->password,
             $user->getPasswordHash()
         );
diff --git a/app/User/UseCases/CreateUser.php b/app/User/UseCases/CreateUser.php
index a327940..cf89fdd 100644
--- a/app/User/UseCases/CreateUser.php
+++ b/app/User/UseCases/CreateUser.php
@@ -2,6 +2,7 @@
 
 namespace App\User\UseCases;
 
+use App\Auth\PasswordHasher;
 use App\Exceptions\BadRequestException;
 use App\User\User;
 use App\User\UserRepository;
@@ -11,6 +12,7 @@ class CreateUser
 {
     public function __construct(
         private UserRepository $userRepo,
+        private PasswordHasher $passwordHasher,
     ) {}
 
     /**
@@ -39,7 +41,7 @@ class CreateUser
 
         return $this->userRepo->create(new CreateUserDto(
             email: $email,
-            passwordHash: password_hash($dto->password, PASSWORD_DEFAULT),
+            passwordHash: $this->passwordHasher->hash($dto->password),
             isAdmin: $dto->isAdmin,
         ));
     }