add PasswordHasher interface with bcrypt implementation
Introduce an injectable abstraction over password_hash and password_verify so callers can be swapped for a fast fake in tests without paying bcrypt's CPU cost. The bcrypt implementation is a direct passthrough using PASSWORD_DEFAULT, matching the prior inline behavior, so existing stored hashes continue to verify. Wired into the DI container alongside the other auth primitives (Clock, TokenGenerator). No callers reference it yet, so production behavior is unchanged.
This commit is contained in:
parent
d93b668d5a
commit
b1247d2fa1
GPG key ID:
0FA60884F75520A9
3 changed files with 29 additions and 0 deletions
|
|
@ -2,8 +2,10 @@
|
|||
|
||||
use DI;
|
||||
use DI\Container;
|
||||
use App\Auth\BcryptPasswordHasher;
|
||||
use App\Auth\Clock;
|
||||
use App\Auth\JsonSessionRepository;
|
||||
use App\Auth\PasswordHasher;
|
||||
use App\Auth\RandomTokenGenerator;
|
||||
use App\Auth\SessionRepository;
|
||||
use App\Auth\SystemClock;
|
||||
|
|
@ -30,6 +32,7 @@ $container = new Container([
|
|||
DI\autowire(JsonSessionRepository::class),
|
||||
TokenGenerator::class => DI\autowire(RandomTokenGenerator::class),
|
||||
Clock::class => DI\autowire(SystemClock::class),
|
||||
PasswordHasher::class => DI\autowire(BcryptPasswordHasher::class),
|
||||
]);
|
||||
|
||||
return $container;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue