zend-framework2bcryptzend-auth

Zend 2 Auth with Bcrypt?


Google doesn't have much of a solution (similar question but no answer).

Because bcrypt generates a new hash each time, the authentication fails. I've looked into the code (perhaps extend class myself) but it's pretty messy (would prefer a native solution). How can I use the $bcrpt->verify() with $identity->isValid()?

Edit: For now, I've subclassed the authentication DbTable class, and it's working, but I highly doubt it's optimized/"fully right". Still looking for an "elegant" solution.


Solution

  • As you should know, BCrypt hashes using a salt. And that salt is generated again randomly each time. That drastically increases the hardness of finding all passwords if your database is compromised. Thus, indeed, it will generate a new hash each time.

    My own solution for the problem that you were having, is having my own Zend\Authentication adapter, that would retrieve a user model from the database (using the username/email), and then calling $user->checkPassword($credential);. That method would get an instance of Zend\Crypt\Password\Bcrypt. Which would simply call $bcrypt->verify() on the given password, and the hash in the user model.