Yisroel Baum
b1247d2fa1
Introduce an injectable abstraction over password_hash and password_verify so callers can be swapped for a fast fake in tests without paying bcrypt's CPU cost. The bcrypt implementation is a direct passthrough using PASSWORD_DEFAULT, matching the prior inline behavior, so existing stored hashes continue to verify. Wired into the DI container alongside the other auth primitives (Clock, TokenGenerator). No callers reference it yet, so production behavior is unchanged.
10 lines
178 B
PHP
10 lines
178 B
PHP
<?php
|
|
|
|
namespace App\Auth;
|
|
|
|
interface PasswordHasher
|
|
{
|
|
public function hash(string $plaintext): string;
|
|
|
|
public function verify(string $plaintext, string $hash): bool;
|
|
}
|