Merge pull request #916 from datamweb/update-hash-cost

datamweb · web-flow · commit a879923cdea0 · 2023-10-19T01:01:08.000+03:30
refactor: update default value `$hashCost` to 12
diff --git a/src/Config/Auth.php b/src/Config/Auth.php
@@ -356,14 +356,14 @@ class Auth extends BaseConfig
      * --------------------------------------------------------------------
      * The BCRYPT method of hashing allows you to define the "cost"
      * or number of iterations made, whenever a password hash is created.
-     * This defaults to a value of 10 which is an acceptable number.
+     * This defaults to a value of 12 which is an acceptable number.
      * However, depending on the security needs of your application
      * and the power of your hardware, you might want to increase the
      * cost. This makes the hashing process takes longer.
      *
      * Valid range is between 4 - 31.
      */
-    public int $hashCost = 10;
+    public int $hashCost = 12;
 
     /**
      * If you need to support passwords saved in versions prior to Shield v1.0.0-beta.4.
diff --git a/tests/Unit/PasswordsTest.php b/tests/Unit/PasswordsTest.php
@@ -52,7 +52,7 @@ public function testHash(): string
     public function testNeedsRehashTakesCareOptions(string $hashedPassword): void
     {
         $config           = new AuthConfig();
-        $config->hashCost = 12;
+        $config->hashCost = 13;
         $passwords        = new Passwords($config);
 
         $result = $passwords->needsRehash($hashedPassword);

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function testHash(): string`
`52`	`52`	`public function testNeedsRehashTakesCareOptions(string $hashedPassword): void`
`53`	`53`	`{`
`54`	`54`	`$config = new AuthConfig();`
`55`		`- $config->hashCost = 12;`
	`55`	`+ $config->hashCost = 13;`
`56`	`56`	`$passwords = new Passwords($config);`
`57`	`57`
`58`	`58`	`$result = $passwords->needsRehash($hashedPassword);`