Implement Drupal8::needsRehash()

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php
index 1963e69fea201fee172700b7da9fc04db2ddc3ef..37037d355cad0449014ae47543b2b25b848d1489 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Drupal8.class.php
@@ -47,11 +47,9 @@ final class Drupal8 implements IPasswordAlgorithm
      */
     public function hash(string $password): string
     {
-        $settings = '$S$';
-        $settings .= $this->itoa64[self::COSTS];
-        $settings .= Hex::encode(\random_bytes(4));
+        $salt = Hex::encode(\random_bytes(4));
 
-        return $this->hashDrupal($password, $settings) . ':';
+        return $this->hashDrupal($password, $this->getSettings() . $salt) . ':';
     }
 
     /**
@@ -59,6 +57,14 @@ final class Drupal8 implements IPasswordAlgorithm
      */
     public function needsRehash(string $hash): bool
     {
-        return false;
+        return !\str_starts_with($hash, $this->getSettings());
+    }
+
+    /**
+     * Returns the settings prefix with the algorithm identifier and costs.
+     */
+    private function getSettings(): string
+    {
+        return '$S$' . $this->itoa64[self::COSTS];
     }
 }