Removing the BlowfishPassword hasher

src/Controller/Component/Auth/BaseAuthenticate.php

@@ -42,7 +42,7 @@ abstract class BaseAuthenticate {
  * - `contain` Extra models to contain and store in session.
  * - `passwordHasher` Password hasher class. Can be a string specifying class name
  *    or an array containing `className` key, any other keys will be passed as
- *    config to the class. Defaults to 'Blowfish'.
+ *    config to the class. Defaults to 'Simple'.
  *
  * @var array
  */
@@ -54,7 +54,7 @@ abstract class BaseAuthenticate {
 		'userModel' => 'Users',
 		'scope' => [],
 		'contain' => null,
-		'passwordHasher' => 'Blowfish'
+		'passwordHasher' => 'Simple'
 	];
 
 /**

src/Controller/Component/Auth/BlowfishPasswordHasher.php

@@ -1,61 +0,0 @@
-<?php
-/**
- * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- * @link          http://cakephp.org CakePHP(tm) Project
- * @since         2.4.0
- * @license       http://www.opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\Controller\Component\Auth;
-
-use Cake\Controller\Component\Auth\AbstractPasswordHasher;
-use Cake\Utility\Security;
-
-/**
- * Blowfish password hashing class.
- *
- * @deprecated
- */
-class BlowfishPasswordHasher extends AbstractPasswordHasher {
-
-/**
- * Generates password hash.
- *
- * @param string $password Plain text password to hash.
- * @return string Password hash
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
- */
-	public function hash($password) {
-		return Security::hash($password, 'blowfish', false);
-	}
-
-/**
- * Returns true if the password need to be rehashed, due to the password being
- * created with anything else than the passwords generated by this class.
- *
- * @param string $password The password to verify
- * @param mixed $hashType the algorithm used to hash the password
- * @return boolean
- */
-	public function check($password, $hashedPassword) {
-		return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
-	}
-
-/**
- * Returns true if the password need to be rehashed, due to the password being
- * created with anything else than the passwords generated by this class.
- *
- * @param string $password The password to verify
- * @return boolean
- */
-	public function needsRehash($password) {
-		return password_needs_rehash($password, PASSWORD_BCRYPT);
-	}
-
-}

tests/TestCase/Controller/Component/Auth/FormAuthenticateTest.php

@@ -298,7 +298,7 @@ class FormAuthenticateTest extends TestCase {
 			'userModel' => 'Users'
 		]);
 		$this->auth->config('passwordHasher', [
-			'className' => 'Blowfish'
+			'className' => 'Simple'
 		]);
 		$this->assertEquals($expected, $this->auth->authenticate($request, $this->response));
 

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -375,7 +375,7 @@ class AuthComponentTest extends TestCase {
 	public function testSameAuthenticateWithDifferentHashers() {
 		$this->Controller->Auth->config('authenticate', [
 			'FormSimple' => ['className' => 'Form', 'passwordHasher' => 'Simple'],
-			'FormBlowfish' => ['className' => 'Form', 'passwordHasher' => 'Blowfish'],
+			'FormBlowfish' => ['className' => 'Form', 'passwordHasher' => 'Fallback'],
 		]);
 
 		$objects = $this->Controller->Auth->constructAuthenticate();
@@ -385,7 +385,7 @@ class AuthComponentTest extends TestCase {
 		$this->assertInstanceOf('Cake\Controller\Component\Auth\FormAuthenticate', $objects[1]);
 
 		$this->assertInstanceOf('Cake\Controller\Component\Auth\SimplePasswordHasher', $objects[0]->passwordHasher());
-		$this->assertInstanceOf('Cake\Controller\Component\Auth\BlowfishPasswordHasher', $objects[1]->passwordHasher());
+		$this->assertInstanceOf('Cake\Controller\Component\Auth\FallbackPasswordHasher', $objects[1]->passwordHasher());
 	}
 
 /**