From 932baa52ec66772f4cc74a121f8fed4e20c7ade5 Mon Sep 17 00:00:00 2001
From: Fernando Pintabona <fefo@pintabona.org>
Date: Wed, 7 Aug 2019 19:21:31 -0300
Subject: [PATCH] Multiple hashing algorithm option

---
 src/Authentication/LocalAuthenticator.php |  2 +-
 src/Config/Auth.php                       | 17 +++++++++++++
 src/Entities/User.php                     | 29 +++++++++++++++++------
 3 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/src/Authentication/LocalAuthenticator.php b/src/Authentication/LocalAuthenticator.php
index dbed12f3..daf94f24 100644
--- a/src/Authentication/LocalAuthenticator.php
+++ b/src/Authentication/LocalAuthenticator.php
@@ -141,7 +141,7 @@ public function validate(array $credentials, bool $returnUser=false)
         // This would be due to the hash algorithm or hash
         // cost changing since the last time that a user
         // logged in.
-        if (password_needs_rehash($user->password_hash, PASSWORD_DEFAULT))
+        if (password_needs_rehash($user->password_hash, $this->config->hashAlgorithm))
         {
             $user->password = $password;
             $this->userModel->save($user);
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
index 19b926a1..0e0288d3 100644
--- a/src/Config/Auth.php
+++ b/src/Config/Auth.php
@@ -69,6 +69,23 @@ class Auth extends BaseConfig
     //
     public $silent = false;
 
+    // Valid values are PASSWORD_DEFAULT, PASSWORD_BCRYPT and PASSWORD_ARGON2I.
+    public $hashAlgorithm = PASSWORD_ARGON2I;
+
+    //--------------------------------------------------------------------
+    // ARGON2i Algorithm options
+    //--------------------------------------------------------------------
+    // The ARGON2I method of encryption allows you to define the "memory_cost",
+    // the "time_cost" and the number of "threads", whenever a password hash is created.
+    // This defaults to a value of 10 which is an acceptable number.
+    // However, depending on the security needs of your application
+    // and the power of your hardware, you might want to increase the
+    // cost. This makes the hashing process takes longer.
+    //
+    public $hashMemoryCost = PASSWORD_ARGON2_DEFAULT_MEMORY_COST;  // 1024
+    public $hashTimeCost = PASSWORD_ARGON2_DEFAULT_TIME_COST;      // 2
+    public $hashThreads = PASSWORD_ARGON2_DEFAULT_THREADS;         // 2
+
     //--------------------------------------------------------------------
     // Password Hashing Cost
     //--------------------------------------------------------------------
diff --git a/src/Entities/User.php b/src/Entities/User.php
index 086992e0..46c1781f 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -41,13 +41,28 @@ public function setPassword(string $password)
 	{
         $config = config('Auth');
 
-		$this->attributes['password_hash'] = password_hash(
-			base64_encode(
-				hash('sha384', $password, true)
-			),
-			PASSWORD_DEFAULT,
-			['cost' => $config->hashCost]
-		);
+        if($config->hashAlgorithm == PASSWORD_ARGON2I)
+        {
+            $hashOptions = [
+                'memory_cost' => $config->hashMemoryCost,
+                'time_cost'   => $config->hashTimeCost,
+                'threads'     => $config->hashThreads
+                ];
+        }
+        else
+        {
+            $hashOptions = [
+                'cost' => $config->hashCost
+                ];
+        }
+
+        $this->attributes['password_hash'] = password_hash(
+            base64_encode(
+                hash('sha384', $password, true)
+            ),
+            $config->hashAlgorithm,
+            $hashOptions
+        );
 	}
 
     /**