diff --git a/core/core.services.yml b/core/core.services.yml index 69adbd8..1f27366 100644 --- a/core/core.services.yml +++ b/core/core.services.yml @@ -753,10 +753,12 @@ services: class: Drupal\Core\Path\PathValidator arguments: ['@router', '@router.no_access_checks', '@current_user', '@path_processor_manager'] -# The first argument of the hashing service (constructor of PhpPassword) is the -# 'cost' option of password_hash(). -# @todo increase by 1 every Drupal version in order to counteract increases in -# the speed and power of computers available to crack the hashes. + # The first argument of the hashing service (constructor of PhpPassword) is + # the 'cost' option of password_hash(). In Drupal 8 the 'cost' has the default + # value used by password_hash() which is 10. Future versions of Drupal may + # increase this value in order to counteract increases in the speed and power + # of computers available to crack the hashes. Note that an increase of 1 will + # double the time needed for password hashing. password: class: Drupal\Core\Password\PhpPassword arguments: ['%password_hash_cost%', '@drupal7_password'] diff --git a/core/lib/Drupal/Core/Password/PasswordInterface.php b/core/lib/Drupal/Core/Password/PasswordInterface.php index 9726f69..40b9658 100644 --- a/core/lib/Drupal/Core/Password/PasswordInterface.php +++ b/core/lib/Drupal/Core/Password/PasswordInterface.php @@ -15,6 +15,11 @@ interface PasswordInterface { /** + * Maximum password length. + */ + const PASSWORD_MAX_LENGTH = 512; + + /** * Hash a password using a secure hash. * * @param string $password diff --git a/core/lib/Drupal/Core/Password/PhpPassword.php b/core/lib/Drupal/Core/Password/PhpPassword.php index 35036e4..f271d81 100644 --- a/core/lib/Drupal/Core/Password/PhpPassword.php +++ b/core/lib/Drupal/Core/Password/PhpPassword.php @@ -25,11 +25,6 @@ class PhpPassword implements PasswordInterface { /** - * Maximum password length. - */ - const PASSWORD_MAX_LENGTH = 512; - - /** * The algorithmic cost that should be used. * * @var int @@ -94,7 +89,7 @@ public function check($password, UserInterface $account) { */ public function userNeedsNewHash(UserInterface $account) { // The PHP 5.5 password_needs_rehash() will return TRUE in two cases: - // - The the password is a Drupal 6 or 7 password and it has been rehashed + // - The password is a Drupal 6 or 7 password and it has been rehashed // during the migration. In this case the rehashed legacy hash is prefixed // to indicate and old-Drupal hash and will not comply with the expected // password_needs_rehash() format. diff --git a/core/modules/simpletest/src/KernelTestBase.php b/core/modules/simpletest/src/KernelTestBase.php index 8ffd3dd..0615020 100644 --- a/core/modules/simpletest/src/KernelTestBase.php +++ b/core/modules/simpletest/src/KernelTestBase.php @@ -15,7 +15,6 @@ use Drupal\Core\Entity\Sql\SqlEntityStorageInterface; use Drupal\Core\KeyValueStore\KeyValueMemoryFactory; use Drupal\Core\Language\Language; -use Drupal\Core\Password\PhpassHashedPassword; use Drupal\Core\Site\Settings; use Symfony\Component\DependencyInjection\Parameter; use Drupal\Core\StreamWrapper\StreamWrapperInterface; diff --git a/core/modules/user/src/Tests/UserLoginTest.php b/core/modules/user/src/Tests/UserLoginTest.php index 8628780..9546b70 100644 --- a/core/modules/user/src/Tests/UserLoginTest.php +++ b/core/modules/user/src/Tests/UserLoginTest.php @@ -8,7 +8,6 @@ namespace Drupal\user\Tests; use Drupal\simpletest\WebTestBase; -use Drupal\user\Entity\User; use Drupal\user\UserInterface; /**