The constructor of the PhpPassword hashing class accepts two optional parameters for the algorithm and hashing options. These parameters were chosen to match the PHP password_hash() parameters.
However, the function signature changed a couple of times before and after the original issue went in (
📌
Replace custom password hashing library with PHP password_hash()
Fixed
). Especially the $algo paramater only became nullable with PHP 8.0. For lower versions it had to be specified explicitly. At the time when the original issue went in, it was unpractical to expose the $algorithm constructor parameter as a kernel parameter. Simply because the default is a PHP constant, and that directly encoded the default algorithm as a string.
Since the $algo parameter is nullable nowadays, it is possible to expose the password hashing algorithm as a kernel parameter (null by default). This makes it easier for contrib and custom code to switch it to something else.
Modify the constructor of PhpPassword to make the $algorithm parameter nullable, parameter references to the @password@ service definition and add two new kernel parameters:
password.algorithm: ~
password.options: []
Active
11.0 🔥
base system
constructor only changes looks ok but it require container rebuild so needs update hook to request it, otherwise looks ready