From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 5 Aug 2022 07:50:36 +0000 (+0200)
Subject: Remove long-deprecated methods from PasswordUtil
X-Git-Tag: 6.0.0_Alpha_1~1076^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=43e7c9b396335d640c6d04cff72e8d5f3b7851f3;p=GitHub%2FWoltLab%2FWCF.git

Remove long-deprecated methods from PasswordUtil

PasswordUtil itself is wholly deprecated, but these two methods are trivially
replaced and developers should to so, if only to improve the clarity of the
code.
---

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 022f6abd2b..606edf363c 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -4,7 +4,6 @@ namespace wcf\util;
 
 use wcf\system\exception\SystemException;
 use wcf\system\Regex;
-use wcf\util\exception\CryptoException;
 
 /**
  * @deprecated 5.5 - All methods within this class are deprecated.
@@ -176,7 +175,7 @@ final class PasswordUtil
         $salt = '';
 
         for ($i = 0, $maxIndex = (\strlen(self::$blowfishCharacters) - 1); $i < 22; $i++) {
-            $salt .= self::$blowfishCharacters[self::secureRandomNumber(0, $maxIndex)];
+            $salt .= self::$blowfishCharacters[\random_int(0, $maxIndex)];
         }
 
         return self::getSalt($salt);
@@ -191,39 +190,12 @@ final class PasswordUtil
         $password = '';
 
         for ($i = 0, $maxIndex = (\strlen($charset) - 1); $i < $length; $i++) {
-            $password .= $charset[self::secureRandomNumber(0, $maxIndex)];
+            $password .= $charset[\random_int(0, $maxIndex)];
         }
 
         return $password;
     }
 
-    /**
-     * @deprecated  Use \wcf\util\CryptoUtil::secureCompare()
-     */
-    public static function secureCompare($hash1, $hash2)
-    {
-        return \hash_equals($hash1, $hash2);
-    }
-
-    /**
-     * @deprecated  Use random_int()
-     */
-    public static function secureRandomNumber($min, $max)
-    {
-        $range = $max - $min;
-        if ($range == 0) {
-            // not random
-            throw new SystemException("Cannot generate a secure random number, min and max are the same");
-        }
-
-        try {
-            return CryptoUtil::randomInt($min, $max);
-        } catch (CryptoException $e) {
-            // Backwards compatibility: This function never did throw.
-            return \mt_rand($min, $max);
-        }
-    }
-
     /**
      * @deprecated  5.4 - Use the new password algorithm framework in \wcf\system\user\authentication\password\*.
      */