[SECURITY] Ensure ARGON2 constants are defined, or throw exception

This commit is contained in:
Hugo Sales 2020-07-27 22:18:23 +00:00 committed by Hugo Sales
parent 7560db4d5f
commit 71db1870db
No known key found for this signature in database
GPG Key ID: 7D0C7EAFC9D835A0

View File

@ -362,11 +362,14 @@ class LocalUser implements UserInterface
case 'bcrypt':
return PASSWORD_BCRYPT;
case 'argon2i':
return PASSWORD_ARGON2I;
case 'argon2d':
return PASSWORD_ARGON2D;
case 'argon2id':
return PASSWORD_ARGON2ID;
$c = 'PASSWORD_' . strtoupper($algo);
if (defined($c)) {
return constant($c);
}
// fallthrough
// no break
default:
throw new Exception('Unsupported or unsafe hashing algorithm requested');
}