Deprecation: #102763 - Extbase HashService¶
See forge#102763
Description¶
Internal class \TYPO3\CMS\Extbase\Security\Cryptography\HashService
is deprecated in favor of \TYPO3\CMS\Core\Crypto\HashService
,
which requires an additional secret to prevent re-using generated hashes in
different contexts.
Impact¶
Using class \TYPO3\CMS\Extbase\Security\Cryptography\HashService
will
trigger a PHP deprecation warning.
Affected installations¶
TYPO3 installations with custom extensions using
\TYPO3\CMS\Extbase\Security\Cryptography\HashService
.
Migration¶
Class \TYPO3\CMS\Core\Crypto\HashService
must be used to migrate.
Before¶
$hashService = new \TYPO3\CMS\Extbase\Security\Cryptography\HashService();
$generatedHash = $hashService->generateHmac('123');
$isValidHash = $hashService->validateHmac('123', $generatedHash);
$stringWithAppendedHash = $hashService->appendHmac('123');
$validatedStringWithHashRemoved = $hashService->validateAndStripHmac($stringWithAppendedHash);
Copied!
After¶
$hashService = new \TYPO3\CMS\Core\Crypto\HashService();
$generatedHash = $hashService->hmac('123', 'myAdditionalSecret');
$isValidHash = $hashService->validateHmac('123', 'myAdditionalSecret', $generatedHash);
$stringWithAppendedHash = $hashService->appendHmac('123', 'myAdditionalSecret');
$validatedStringWithHashRemoved = $hashService->validateAndStripHmac($stringWithAppendedHash, 'myAdditionalSecret');
Copied!
Note, $additionalSecret
string must be unique per
context, so hashes for the same input are different depending on scope.