Verified Commit 6df2fd88 authored by Lee Rowlands's avatar Lee Rowlands
Browse files

Issue #3305807 by andypost, ChrisPerko, mediabounds, xjm, sorlov, Rishabh... 

Issue #3305807 by andypost, ChrisPerko, mediabounds, xjm, sorlov, Rishabh Vishwakarma, ilya.no, asad_ahmed, paulocs, Michelle, _pratik_, reenaraghavan, DanChadwick, smustgrave, larowlan, allisonherodevs: Password is null if user has never logged in which causes PHP 8 warning

(cherry picked from commit 00a619f3)
parent 6a68463c

core/lib/Drupal/Core/Password/PasswordInterface.php

+3 −3
Original line number Diff line number Diff line
@@ -27,8 +27,8 @@ public function hash(#[\SensitiveParameter] $password); 
   * Check whether a plain text password matches a hashed password.

   *

   * @param string $password

   *   A plain-text password

   * @param string $hash

   *   A plain-text password.

   * @param string|null $hash

   *   A hashed password.

   *

   * @return bool
@@ -46,7 +46,7 @@ public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $ 
   * This method returns TRUE if the password was hashed with an older

   * algorithm.

   *

   * @param string $hash

   * @param string|null $hash

   *   The hash to be checked.

   *

   * @return bool

core/lib/Drupal/Core/Password/PhpPassword.php

+4 −0
Original line number Diff line number Diff line
@@ -45,6 +45,10 @@ public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $ 
    if (strlen($password) > static::PASSWORD_MAX_LENGTH) {

      return FALSE;

    }

    // Newly created accounts may have empty passwords.

    if ($hash === NULL || $hash === '') {

      return FALSE;

    }



    return password_verify($password, $hash);

  }

core/lib/Drupal/Core/Password/PhpassHashedPasswordBase.php

+4 −0
Original line number Diff line number Diff line
@@ -242,6 +242,10 @@ public function hash(#[\SensitiveParameter] $password) { 
   * {@inheritdoc}

   */

  public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $hash) {

    // Newly created accounts may have empty passwords.

    if ($hash === NULL || $hash === '') {

      return FALSE;

    }

    if (substr($hash, 0, 2) == 'U$') {

      // This may be an updated password from user_update_7000(). Such hashes

      // have 'U' added as the first character and need an extra md5() (see the

core/modules/phpass/tests/src/Unit/LegacyPasswordHashingTest.php

+10 −0
Original line number Diff line number Diff line
@@ -114,4 +114,14 @@ public function testPasswordRehashing() { 
    $this->assertTrue($this->passwordHasher->check($this->password, $rehashed_password), 'Password check succeeds with re-hashed password with original hasher.');

  }



  /**

   * Tests password validation when the hash is NULL.

   *

   * @covers ::check

   */

  public function testEmptyHash(): void {

    $this->assertFalse($this->passwordHasher->check($this->password, NULL));

    $this->assertFalse($this->passwordHasher->check($this->password, ''));

  }



}

core/tests/Drupal/Tests/Core/Password/PhpPasswordTest.php

+10 −0
Original line number Diff line number Diff line
@@ -124,4 +124,14 @@ public function providerLongPasswords() { 
    return $passwords;

  }



  /**

   * Tests password check in case provided hash is NULL.

   *

   * @covers ::check

   */

  public function testEmptyHash(): void {

    $this->assertFalse($this->passwordHasher->check($this->password, NULL));

    $this->assertFalse($this->passwordHasher->check($this->password, ''));

  }



}