feat: add support for wp_hash_password_algorithm hook in wordpress 6.8

Author: carlalexander

src/Configuration/EventManagementConfiguration.php

@@ -18,6 +18,7 @@
 use PasswordsEvolved\Subscriber\AuthenticationSubscriber;
 use PasswordsEvolved\Subscriber\CapabilitiesSubscriber;
 use PasswordsEvolved\Subscriber\NetworkAdminPageSubscriber;
+use PasswordsEvolved\Subscriber\PasswordHashingSubscriber;
 use PasswordsEvolved\Subscriber\ResetPasswordSubscriber;
 use PasswordsEvolved\Subscriber\TranslationsSubscriber;
 use PasswordsEvolved\Subscriber\UserProfileSubscriber;
@@ -43,6 +44,7 @@ public function modify(Container $container)
             $subscribers = array(
                 new AuthenticationSubscriber($container['api_client']),
                 new CapabilitiesSubscriber($container['options']->get('enforced_roles', array('administrator')), $container['wordpress.roles']),
+                new PasswordHashingSubscriber(),
                 new ResetPasswordSubscriber($container['api_client'], $container['translator']),
                 new TranslationsSubscriber($container['plugin_domain'], $container['plugin_path'] . '/resources/translations'),
                 new UserProfileSubscriber($container['api_client']),

src/Subscriber/PasswordHashingSubscriber.php

@@ -0,0 +1,48 @@
+<?php
+
+/*
+ * This file is part of the Passwords Evolved WordPress plugin.
+ *
+ * (c) Carl Alexander <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace PasswordsEvolved\Subscriber;
+
+use PasswordsEvolved\EventManagement\SubscriberInterface;
+
+/**
+ * Subscriber that handles WordPress password hashing.
+ *
+ * @author Carl Alexander <[email protected]>
+ */
+class PasswordHashingSubscriber implements SubscriberInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public static function get_subscribed_events()
+    {
+        return array(
+            'wp_hash_password_algorithm' => 'set_password_hashing_algorithm',
+        );
+    }
+
+    /**
+     * Set the password hashing algorithm.
+     *
+     * @param mixed $algorithm
+     */
+    public function set_password_hashing_algorithm($algorithm)
+    {
+        if (defined('PASSWORD_ARGON2ID')) {
+            $algorithm = PASSWORD_ARGON2ID;
+        } elseif (defined('PASSWORD_ARGON2I')) {
+            $algorithm = PASSWORD_ARGON2I;
+        }
+
+        return $algorithm;
+    }
+}

tests/Unit/Subscriber/PasswordHashingSubscriberTest.php

@@ -0,0 +1,54 @@
+<?php
+
+/*
+ * This file is part of the Passwords Evolved WordPress plugin.
+ *
+ * (c) Carl Alexander <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace PasswordsEvolved\Tests\Unit\Subscriber;
+
+use PasswordsEvolved\Subscriber\PasswordHashingSubscriber;
+use PHPUnit\Framework\TestCase;
+
+class PasswordHashingSubscriberTest extends TestCase
+{
+    public function test_get_subscribed_events()
+    {
+        $callbacks = PasswordHashingSubscriber::get_subscribed_events();
+
+        foreach ($callbacks as $callback) {
+            $this->assertTrue(method_exists(PasswordHashingSubscriber::class, is_array($callback) ? $callback[0] : $callback));
+        }
+    }
+
+    public function test_set_password_hashing_algorithm()
+    {
+        $expectedAlgorithm = 'algorithm';
+
+        if (PHP_VERSION_ID >= 70300) {
+            $expectedAlgorithm = PASSWORD_ARGON2ID;
+        } elseif (PHP_VERSION_ID >= 70200) {
+            $expectedAlgorithm = PASSWORD_ARGON2I;
+        }
+
+        $this->assertEquals($expectedAlgorithm, (new PasswordHashingSubscriber())->set_password_hashing_algorithm('algorithm'));
+    }
+
+    public function test_set_password_hashing_algorithm_prioritizes_argon2id_over_argon2i()
+    {
+        if (PHP_VERSION_ID < 70300) {
+            $this->markTestSkipped('This test requires PHP 7.3 or higher where both PASSWORD_ARGON2ID and PASSWORD_ARGON2I are defined.');
+        }
+
+        $this->assertTrue(defined('PASSWORD_ARGON2ID'));
+        $this->assertTrue(defined('PASSWORD_ARGON2I'));
+
+        $result = (new PasswordHashingSubscriber())->set_password_hashing_algorithm('algorithm');
+        $this->assertEquals(PASSWORD_ARGON2ID, $result);
+        $this->assertNotEquals(PASSWORD_ARGON2I, $result);
+    }
+}