feat: drop md5 password hash method

composer.lock

@@ -4186,16 +4186,16 @@
         },
         {
             "name": "slim/slim",
-            "version": "4.12.0",
+            "version": "4.13.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "e9e99c2b24398b967841c6c4c3048622cc7e2b18"
+                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/e9e99c2b24398b967841c6c4c3048622cc7e2b18",
-                "reference": "e9e99c2b24398b967841c6c4c3048622cc7e2b18",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/038fd5713d5a41636fdff0e8dcceedecdd17fc17",
+                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17",
                 "shasum": ""
             },
             "require": {
@@ -4204,7 +4204,7 @@
                 "php": "^7.4 || ^8.0",
                 "psr/container": "^1.0 || ^2.0",
                 "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.1",
+                "psr/http-message": "^1.1 || ^2.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
@@ -4212,19 +4212,19 @@
             "require-dev": {
                 "adriansuter/php-autoload-override": "^1.4",
                 "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.5",
+                "guzzlehttp/psr7": "^2.6",
                 "httpsoft/http-message": "^1.1",
                 "httpsoft/http-server-request": "^1.1",
-                "laminas/laminas-diactoros": "^2.17",
+                "laminas/laminas-diactoros": "^2.17 || ^3",
                 "nyholm/psr7": "^1.8",
-                "nyholm/psr7-server": "^1.0",
-                "phpspec/prophecy": "^1.17",
-                "phpspec/prophecy-phpunit": "^2.0",
+                "nyholm/psr7-server": "^1.1",
+                "phpspec/prophecy": "^1.19",
+                "phpspec/prophecy-phpunit": "^2.1",
                 "phpstan/phpstan": "^1.10",
                 "phpunit/phpunit": "^9.6",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
-                "squizlabs/php_codesniffer": "^3.7"
+                "squizlabs/php_codesniffer": "^3.9"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -4297,7 +4297,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-07-23T04:54:29+00:00"
+            "time": "2024-03-03T21:25:30+00:00"
         },
         {
             "name": "smarty/smarty",

src/Models/Model.php

@@ -10,14 +10,4 @@ abstract class Model extends EloquentModel
 {
     public $timestamps = false;
     protected $guarded = [];
-
-    /**
-     * 获取表名
-     */
-    public static function getTableName(): string
-    {
-        $class = static::class;
-
-        return (new $class())->getTable();
-    }
 }

src/Utils/Hash.php

@@ -6,7 +6,6 @@ namespace App\Utils;
 
 use function hash;
 use function in_array;
-use function md5;
 use function password_hash;
 use function password_verify;
 use function substr;
@@ -45,7 +44,6 @@ final class Hash
         $method = $_ENV['pwdMethod'];
 
         return match ($method) {
-            'md5' => self::md5WithSalt($pass),
             'sha256' => self::sha256WithSalt($pass),
             'sha3' => self::sha3WithSalt($pass),
             'argon2i' => password_hash($pass, PASSWORD_ARGON2I),
@@ -54,11 +52,6 @@ final class Hash
         };
     }
 
-    public static function md5WithSalt($pwd): string
-    {
-        return md5($pwd . $_ENV['salt']);
-    }
-
     public static function sha256WithSalt($pwd): string
     {
         return hash('sha256', $pwd . $_ENV['salt']);

tests/App/Utils/HashTest.php

@@ -16,10 +16,11 @@ class HashTest extends TestCase
     {
         $_ENV['key'] = 'cookie_key';
         $passHash = 'password';
-        $expire_in = '1 hour';
+        $expire_in = 69420;
         $result = Hash::cookieHash($passHash, $expire_in);
         $this->assertIsString($result);
         $this->assertEquals(45, strlen($result));
+        $this->assertEquals('e91053c4a7d6cc7fa5eb900b1ad96df484483ceace12a', $result);
     }
 
     /**
@@ -29,11 +30,12 @@ class HashTest extends TestCase
     {
         $_ENV['key'] = 'cookie_key';
         $ip = '192.168.0.1';
-        $uid = 'user_id';
-        $expire_in = '1 hour';
+        $uid = 69;
+        $expire_in = 69420;
         $result = Hash::ipHash($ip, $uid, $expire_in);
         $this->assertIsString($result);
         $this->assertEquals(45, strlen($result));
+        $this->assertEquals('522b51095b778f9f107153f75be554be1f8a8f2c1f4b4', $result);
     }
 
     /**
@@ -43,17 +45,17 @@ class HashTest extends TestCase
     {
         $_ENV['key'] = 'cookie_key';
         $device = 'Firefox/119.0';
-        $uid = 'user_id';
-        $expire_in = '1 hour';
+        $uid = 69;
+        $expire_in = 69420;
         $result = Hash::deviceHash($device, $uid, $expire_in);
         $this->assertIsString($result);
         $this->assertEquals(45, strlen($result));
+        $this->assertEquals('1fd5a37cc8769c01a49f6eb9c167dc6ee6cc842913dba', $result);
     }
 
     /**
      * @covers App\Utils\Hash::checkPassword
      * @covers App\Utils\Hash::passwordHash
-     * @covers App\Utils\Hash::md5WithSalt
      * @covers App\Utils\Hash::sha256WithSalt
      * @covers App\Utils\Hash::sha3WithSalt
      */
@@ -65,9 +67,21 @@ class HashTest extends TestCase
         $hashedPassword = Hash::passwordHash($password);
         $this->assertTrue(Hash::checkPassword($hashedPassword, $password));
         $this->assertFalse(Hash::checkPassword($hashedPassword, 'wrong_password'));
-        $this->assertIsString(Hash::passwordHash($password));
-        $this->assertIsString(Hash::md5WithSalt($password));
-        $this->assertIsString(Hash::sha256WithSalt($password));
-        $this->assertIsString(Hash::sha3WithSalt($password));
+        $_ENV['pwdMethod'] = 'argon2i';
+        $hashedPassword = Hash::passwordHash($password);
+        $this->assertTrue(Hash::checkPassword($hashedPassword, $password));
+        $this->assertFalse(Hash::checkPassword($hashedPassword, 'wrong_password'));
+        $_ENV['pwdMethod'] = 'argon2id';
+        $hashedPassword = Hash::passwordHash($password);
+        $this->assertTrue(Hash::checkPassword($hashedPassword, $password));
+        $this->assertFalse(Hash::checkPassword($hashedPassword, 'wrong_password'));
+        $_ENV['pwdMethod'] = 'sha256';
+        $hashedPassword = Hash::passwordHash($password);
+        $this->assertTrue(Hash::checkPassword($hashedPassword, $password));
+        $this->assertFalse(Hash::checkPassword($hashedPassword, 'wrong_password'));
+        $_ENV['pwdMethod'] = 'sha3';
+        $hashedPassword = Hash::passwordHash($password);
+        $this->assertTrue(Hash::checkPassword($hashedPassword, $password));
+        $this->assertFalse(Hash::checkPassword($hashedPassword, 'wrong_password'));
     }
 }