use bcrypt

laravel · Dec 27, 2019 · 1c40ae0 · 1c40ae0
1 parent ccbcfeb
commit 1c40ae0
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/src/Bridge/ClientRepository.php b/src/Bridge/ClientRepository.php
@@ -96,7 +96,7 @@ protected function handlesGrant($record, $grantType)
     protected function verifySecret($clientSecret, $storedHash)
     {
         return Passport::$hashesClientSecrets
-                    ? hash_equals($storedHash, hash('sha256', $clientSecret))
+                    ? password_verify($clientSecret, $storedHash)
                     : hash_equals($storedHash, $clientSecret);
     }
 }
diff --git a/src/Client.php b/src/Client.php
@@ -108,7 +108,7 @@ public function setSecretAttribute($value)
             return;
         }
 
-        $this->attributes['secret'] = hash('sha256', $value);
+        $this->attributes['secret'] = password_hash($value, PASSWORD_BCRYPT);
     }
 
     /**

diff --git a/tests/BridgeClientRepositoryHashedSecretsTest.php b/tests/BridgeClientRepositoryHashedSecretsTest.php
@@ -25,5 +25,5 @@ protected function setUp(): void
 
 class BridgeClientRepositoryHashedTestClientStub extends BridgeClientRepositoryTestClientStub
 {
-    public $secret = '2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b';
+    public $secret = '$2y$10$WgqU4wQpfsARCIQk.nPSOOiNkrMpPVxQiLCFUt8comvQwh1z6WFMG';
 }