Move Security.salt value check to WeakPasswordHasher.

src/Auth/WeakPasswordHasher.php

@@ -15,6 +15,8 @@
 namespace Cake\Auth;
 
 use Cake\Auth\AbstractPasswordHasher;
+use Cake\Core\Configure;
+use Cake\Utility\Debugger;
 use Cake\Utility\Security;
 
 /**
@@ -35,6 +37,16 @@ class WeakPasswordHasher extends AbstractPasswordHasher {
 	];
 
 /**
+ * {@inheritDoc}
+ */
+	public function __construct(array $config = []) {
+		if (Configure::read('debug')) {
+			Debugger::checkSecurityKeys();
+		}
+		parent::config($config);
+	}
+
+/**
  * Generates password hash.
  *
  * @param string $password Plain text password to hash.

src/Controller/Component/AuthComponent.php

@@ -18,13 +18,11 @@ use Cake\Controller\Component;
 use Cake\Controller\ComponentRegistry;
 use Cake\Controller\Controller;
 use Cake\Core\App;
-use Cake\Core\Configure;
 use Cake\Error;
 use Cake\Event\Event;
 use Cake\Network\Request;
 use Cake\Network\Response;
 use Cake\Routing\Router;
-use Cake\Utility\Debugger;
 use Cake\Utility\Hash;
 
 /**
@@ -249,10 +247,6 @@ class AuthComponent extends Component {
 		$this->response = $controller->response;
 		$this->_methods = $controller->methods;
 		$this->session = $controller->request->session();
-
-		if (Configure::read('debug')) {
-			Debugger::checkSecurityKeys();
-		}
 	}
 
 /**

tests/TestCase/Auth/WeakPasswordHasherTest.php

@@ -24,6 +24,17 @@ use Cake\TestSuite\TestCase;
 class WeakPasswordHasherTest extends TestCase {
 
 /**
+ * setUp method
+ *
+ * @return void
+ */
+	public function setUp() {
+		parent::setUp();
+
+		Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
+	}
+
+/**
  * Tests that any password not produced by WeakPasswordHasher needs
  * to be rehashed
  *