Yisroel Baum
b1247d2fa1
Introduce an injectable abstraction over password_hash and password_verify so callers can be swapped for a fast fake in tests without paying bcrypt's CPU cost. The bcrypt implementation is a direct passthrough using PASSWORD_DEFAULT, matching the prior inline behavior, so existing stored hashes continue to verify. Wired into the DI container alongside the other auth primitives (Clock, TokenGenerator). No callers reference it yet, so production behavior is unchanged.
16 lines
339 B
PHP
16 lines
339 B
PHP
<?php
|
|
|
|
namespace App\Auth;
|
|
|
|
class BcryptPasswordHasher implements PasswordHasher
|
|
{
|
|
public function hash(string $plaintext): string
|
|
{
|
|
return password_hash($plaintext, PASSWORD_DEFAULT);
|
|
}
|
|
|
|
public function verify(string $plaintext, string $hash): bool
|
|
{
|
|
return password_verify($plaintext, $hash);
|
|
}
|
|
}
|