Skip to content

Releases: jeremykendall/password-validator

3.0.4

26 Jan 11:54
@jeremykendall jeremykendall
3.0.4
d587cda
Compare
Choose a tag to compare
3.0.4 Latest
Latest

Password Validator is now PHP 7.0 compatible! Thanks to @nicoSWD for documentation updates and to @garethellis36 for the PHP 7.0 compatibility PR.

Assets 2
Loading

3.0.3

25 Mar 08:39
@jeremykendall jeremykendall
3.0.3
fed8f83
Compare
Choose a tag to compare
3.0.3

Updates wp-cli/php-cli-tools dependency

Assets 2
Loading

3.0.2

18 Sep 01:32
@jeremykendall jeremykendall
3.0.2
0b62968
Compare
Choose a tag to compare
3.0.2
  • Fixes a bug in AbstractDecorator::isValid().
  • Renames a few args to match the PasswordValidatorInterface.
Assets 2
Loading

3.0.1

14 May 08:49
@jeremykendall jeremykendall
3.0.1
b90dbe5
Compare
Choose a tag to compare
3.0.1

Cleans up UpgradeDecoratorTest.

Assets 2
Loading

3.0.0

14 May 08:45
@jeremykendall jeremykendall
3.0.0
52cd57f
Compare
Choose a tag to compare
3.0.0

Password Validator now supports salts for legacy hashing

Adds an optional $legacySalt argument as the third argument to PasswordValidatorInterface::isValid. This allows the use of a salt in the $validatorCallback to validate legacy hashes in the UpgradeDecorator. Usage of salts in the UpgradeDecorator was previously not possible.

Which means you can now ...

... use @karptonite's Rehashing Password Hashes password security upgrade technique, which I highly recommend. Please read and re-read his post, make sure you understand it, and then implement user authentication against the new hashes with Password Validator and the UpgradeDecorator (A sample implementation is demonstrated in the JeremyKendall\Password\Tests\Decorator\KarptoniteRehashUpgradeDecoratorTest unit test).

IMPORTANT: This is a backwards incompatible change

  • The PasswordValidatorInterface::isValid method signature has changed
  • Only users of the StorageDecorator should be impacted.

If you're using the StorageDecorator, your call to PasswordValidatorInterface::isValid must now include the $salt argument, even if it's set to null.

  • <= 2.0.3: $storageDecorator->isValid('password', 'hash', 'username');

  • = 3.0.0: $storageDecorator->isValid('password', 'hash', $salt = null, 'username');

Assets 2
Loading

2.0.3

14 Mar 15:10
@jeremykendall jeremykendall
2.0.3
88ca3e0
Compare
Choose a tag to compare
2.0.3

This release is to fix my Semantic Versioning mistake of releasing 1.0.0 as the production release after releasing 2.0.3-beta as the final beta. 2.0.3 === 1.0.0. The version number is solely intended to get back on track with semver.

Assets 2
Loading

2.0.3-beta

15 Feb 15:58
@jeremykendall jeremykendall
2.0.3-beta
88ca3e0
Compare
Choose a tag to compare
2.0.3-beta Pre-release
Pre-release

Fixes a dependency issue (see #2 and #3).

Thanks to @unisys12 for the report and the fix!

Assets 2
Loading

1.0.0

17 Feb 04:36
@jeremykendall jeremykendall
1.0.0
88ca3e0
Compare
Choose a tag to compare
1.0.0 
Merge pull request #3 from unisys12/Resolve-wp-cli-install-issue

Use tilde in version spec
Assets 2
Loading

2.0.2-beta

29 Jan 16:15
@jeremykendall jeremykendall
2.0.2-beta
c7a4aac
Compare
Choose a tag to compare
2.0.2-beta Pre-release
Pre-release
  • Fixes rehash bug
    • password_needs_rehash didn't get options passed
    • password_needs_rehash always returned true when cost != 10
  • Various housekeeping/cruft updates
Assets 2
Loading

2.0.1-beta

12 Jan 05:05
@jeremykendall jeremykendall
2.0.1-beta
3adc880
Compare
Choose a tag to compare
2.0.1-beta Pre-release
Pre-release
  • Updates documentation
Assets 2
Loading