diff --git a/src/Illuminate/Auth/DatabaseUserProvider.php b/src/Illuminate/Auth/DatabaseUserProvider.php index 1be060cb831a..3fd6b4061895 100755 --- a/src/Illuminate/Auth/DatabaseUserProvider.php +++ b/src/Illuminate/Auth/DatabaseUserProvider.php @@ -67,7 +67,7 @@ public function retrieveById($identifier) * @param string $token * @return \Illuminate\Contracts\Auth\Authenticatable|null */ - public function retrieveByToken($identifier, $token) + public function retrieveByToken($identifier, #[\SensitiveParameter] $token) { $user = $this->getGenericUser( $this->connection->table($this->table)->find($identifier) @@ -84,7 +84,7 @@ public function retrieveByToken($identifier, $token) * @param string $token * @return void */ - public function updateRememberToken(UserContract $user, $token) + public function updateRememberToken(UserContract $user, #[\SensitiveParameter] $token) { $this->connection->table($this->table) ->where($user->getAuthIdentifierName(), $user->getAuthIdentifier()) @@ -97,7 +97,7 @@ public function updateRememberToken(UserContract $user, $token) * @param array $credentials * @return \Illuminate\Contracts\Auth\Authenticatable|null */ - public function retrieveByCredentials(array $credentials) + public function retrieveByCredentials(#[\SensitiveParameter] array $credentials) { $credentials = array_filter( $credentials, @@ -152,7 +152,7 @@ protected function getGenericUser($user) * @param array $credentials * @return bool */ - public function validateCredentials(UserContract $user, array $credentials) + public function validateCredentials(UserContract $user, #[\SensitiveParameter] array $credentials) { return $this->hasher->check( $credentials['password'], $user->getAuthPassword() @@ -167,7 +167,7 @@ public function validateCredentials(UserContract $user, array $credentials) * @param bool $force * @return void */ - public function rehashPasswordIfRequired(UserContract $user, array $credentials, bool $force = false) + public function rehashPasswordIfRequired(UserContract $user, #[\SensitiveParameter] array $credentials, bool $force = false) { if (! $this->hasher->needsRehash($user->getAuthPassword()) && ! $force) { return; diff --git a/src/Illuminate/Auth/EloquentUserProvider.php b/src/Illuminate/Auth/EloquentUserProvider.php index 646c2187f595..428c2e78976f 100755 --- a/src/Illuminate/Auth/EloquentUserProvider.php +++ b/src/Illuminate/Auth/EloquentUserProvider.php @@ -66,7 +66,7 @@ public function retrieveById($identifier) * @param string $token * @return \Illuminate\Contracts\Auth\Authenticatable|null */ - public function retrieveByToken($identifier, $token) + public function retrieveByToken($identifier, #[\SensitiveParameter] $token) { $model = $this->createModel(); @@ -90,7 +90,7 @@ public function retrieveByToken($identifier, $token) * @param string $token * @return void */ - public function updateRememberToken(UserContract $user, $token) + public function updateRememberToken(UserContract $user, #[\SensitiveParameter] $token) { $user->setRememberToken($token); @@ -109,7 +109,7 @@ public function updateRememberToken(UserContract $user, $token) * @param array $credentials * @return \Illuminate\Contracts\Auth\Authenticatable|null */ - public function retrieveByCredentials(array $credentials) + public function retrieveByCredentials(#[\SensitiveParameter] array $credentials) { $credentials = array_filter( $credentials, @@ -146,7 +146,7 @@ public function retrieveByCredentials(array $credentials) * @param array $credentials * @return bool */ - public function validateCredentials(UserContract $user, array $credentials) + public function validateCredentials(UserContract $user, #[\SensitiveParameter] array $credentials) { if (is_null($plain = $credentials['password'])) { return false; @@ -163,7 +163,7 @@ public function validateCredentials(UserContract $user, array $credentials) * @param bool $force * @return void */ - public function rehashPasswordIfRequired(UserContract $user, array $credentials, bool $force = false) + public function rehashPasswordIfRequired(UserContract $user, #[\SensitiveParameter] array $credentials, bool $force = false) { if (! $this->hasher->needsRehash($user->getAuthPassword()) && ! $force) { return; diff --git a/src/Illuminate/Auth/Events/Attempting.php b/src/Illuminate/Auth/Events/Attempting.php index 3f911bac58e8..e4500e33b735 100644 --- a/src/Illuminate/Auth/Events/Attempting.php +++ b/src/Illuminate/Auth/Events/Attempting.php @@ -33,7 +33,7 @@ class Attempting * @param bool $remember * @return void */ - public function __construct($guard, $credentials, $remember) + public function __construct($guard, #[\SensitiveParameter] $credentials, $remember) { $this->guard = $guard; $this->remember = $remember; diff --git a/src/Illuminate/Auth/Events/Failed.php b/src/Illuminate/Auth/Events/Failed.php index 34f812487027..b29940e3ae5f 100644 --- a/src/Illuminate/Auth/Events/Failed.php +++ b/src/Illuminate/Auth/Events/Failed.php @@ -33,7 +33,7 @@ class Failed * @param array $credentials * @return void */ - public function __construct($guard, $user, $credentials) + public function __construct($guard, $user, #[\SensitiveParameter] $credentials) { $this->user = $user; $this->guard = $guard; diff --git a/src/Illuminate/Auth/Notifications/ResetPassword.php b/src/Illuminate/Auth/Notifications/ResetPassword.php index efb4573e8be2..d31ae210c943 100644 --- a/src/Illuminate/Auth/Notifications/ResetPassword.php +++ b/src/Illuminate/Auth/Notifications/ResetPassword.php @@ -35,7 +35,7 @@ class ResetPassword extends Notification * @param string $token * @return void */ - public function __construct($token) + public function __construct(#[\SensitiveParameter] $token) { $this->token = $token; } diff --git a/src/Illuminate/Auth/Passwords/CanResetPassword.php b/src/Illuminate/Auth/Passwords/CanResetPassword.php index 918a288fec66..aff9c5bca940 100644 --- a/src/Illuminate/Auth/Passwords/CanResetPassword.php +++ b/src/Illuminate/Auth/Passwords/CanResetPassword.php @@ -22,7 +22,7 @@ public function getEmailForPasswordReset() * @param string $token * @return void */ - public function sendPasswordResetNotification($token) + public function sendPasswordResetNotification(#[\SensitiveParameter] $token) { $this->notify(new ResetPasswordNotification($token)); } diff --git a/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php b/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php index fe5f54b79765..5449603fbc6b 100755 --- a/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php +++ b/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php @@ -115,7 +115,7 @@ protected function deleteExisting(CanResetPasswordContract $user) * @param string $token * @return array */ - protected function getPayload($email, $token) + protected function getPayload($email, #[\SensitiveParameter] $token) { return ['email' => $email, 'token' => $this->hasher->make($token), 'created_at' => new Carbon]; } @@ -127,7 +127,7 @@ protected function getPayload($email, $token) * @param string $token * @return bool */ - public function exists(CanResetPasswordContract $user, $token) + public function exists(CanResetPasswordContract $user, #[\SensitiveParameter] $token) { $record = (array) $this->getTable()->where( 'email', $user->getEmailForPasswordReset() diff --git a/src/Illuminate/Auth/Passwords/PasswordBroker.php b/src/Illuminate/Auth/Passwords/PasswordBroker.php index 5f99fa3e00be..ad39d0df20f0 100755 --- a/src/Illuminate/Auth/Passwords/PasswordBroker.php +++ b/src/Illuminate/Auth/Passwords/PasswordBroker.php @@ -42,7 +42,7 @@ class PasswordBroker implements PasswordBrokerContract * @param \Illuminate\Contracts\Events\Dispatcher $users * @return void */ - public function __construct(TokenRepositoryInterface $tokens, UserProvider $users, ?Dispatcher $dispatcher = null) + public function __construct(#[\SensitiveParameter] TokenRepositoryInterface $tokens, UserProvider $users, ?Dispatcher $dispatcher = null) { $this->users = $users; $this->tokens = $tokens; @@ -56,7 +56,7 @@ public function __construct(TokenRepositoryInterface $tokens, UserProvider $user * @param \Closure|null $callback * @return string */ - public function sendResetLink(array $credentials, ?Closure $callback = null) + public function sendResetLink(#[\SensitiveParameter] array $credentials, ?Closure $callback = null) { // First we will check to see if we found a user at the given credentials and // if we did not we will redirect back to this current URI with a piece of @@ -96,7 +96,7 @@ public function sendResetLink(array $credentials, ?Closure $callback = null) * @param \Closure $callback * @return mixed */ - public function reset(array $credentials, Closure $callback) + public function reset(#[\SensitiveParameter] array $credentials, Closure $callback) { $user = $this->validateReset($credentials); @@ -125,7 +125,7 @@ public function reset(array $credentials, Closure $callback) * @param array $credentials * @return \Illuminate\Contracts\Auth\CanResetPassword|string */ - protected function validateReset(array $credentials) + protected function validateReset(#[\SensitiveParameter] array $credentials) { if (is_null($user = $this->getUser($credentials))) { return static::INVALID_USER; @@ -146,7 +146,7 @@ protected function validateReset(array $credentials) * * @throws \UnexpectedValueException */ - public function getUser(array $credentials) + public function getUser(#[\SensitiveParameter] array $credentials) { $credentials = Arr::except($credentials, ['token']); @@ -188,7 +188,7 @@ public function deleteToken(CanResetPasswordContract $user) * @param string $token * @return bool */ - public function tokenExists(CanResetPasswordContract $user, $token) + public function tokenExists(CanResetPasswordContract $user, #[\SensitiveParameter] $token) { return $this->tokens->exists($user, $token); } diff --git a/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php b/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php index 47c17581ff50..db8d63da64fa 100755 --- a/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php +++ b/src/Illuminate/Auth/Passwords/TokenRepositoryInterface.php @@ -21,7 +21,7 @@ public function create(CanResetPasswordContract $user); * @param string $token * @return bool */ - public function exists(CanResetPasswordContract $user, $token); + public function exists(CanResetPasswordContract $user, #[\SensitiveParameter] $token); /** * Determine if the given user recently created a password reset token. diff --git a/src/Illuminate/Auth/RequestGuard.php b/src/Illuminate/Auth/RequestGuard.php index 7c1dfdc553e0..9b8fd10a36b6 100644 --- a/src/Illuminate/Auth/RequestGuard.php +++ b/src/Illuminate/Auth/RequestGuard.php @@ -65,7 +65,7 @@ public function user() * @param array $credentials * @return bool */ - public function validate(array $credentials = []) + public function validate(#[\SensitiveParameter] array $credentials = []) { return ! is_null((new static( $this->callback, $credentials['request'], $this->getProvider() diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php index ebcf0de61fb0..1740396d9597 100644 --- a/src/Illuminate/Auth/SessionGuard.php +++ b/src/Illuminate/Auth/SessionGuard.php @@ -488,7 +488,7 @@ protected function shouldLogin($callbacks, AuthenticatableContract $user) * @param array $credentials * @return void */ - protected function rehashPasswordIfRequired(AuthenticatableContract $user, array $credentials) + protected function rehashPasswordIfRequired(AuthenticatableContract $user, #[\SensitiveParameter] array $credentials) { if ($this->rehashOnLogin) { $this->provider->rehashPasswordIfRequired($user, $credentials); diff --git a/src/Illuminate/Contracts/Auth/UserProvider.php b/src/Illuminate/Contracts/Auth/UserProvider.php index 4ed51bf00e9c..dd9bb419440c 100644 --- a/src/Illuminate/Contracts/Auth/UserProvider.php +++ b/src/Illuminate/Contracts/Auth/UserProvider.php @@ -19,7 +19,7 @@ public function retrieveById($identifier); * @param string $token * @return \Illuminate\Contracts\Auth\Authenticatable|null */ - public function retrieveByToken($identifier, $token); + public function retrieveByToken($identifier, #[\SensitiveParameter] $token); /** * Update the "remember me" token for the given user in storage. @@ -28,7 +28,7 @@ public function retrieveByToken($identifier, $token); * @param string $token * @return void */ - public function updateRememberToken(Authenticatable $user, $token); + public function updateRememberToken(Authenticatable $user, #[\SensitiveParameter] $token); /** * Retrieve a user by the given credentials. @@ -36,7 +36,7 @@ public function updateRememberToken(Authenticatable $user, $token); * @param array $credentials * @return \Illuminate\Contracts\Auth\Authenticatable|null */ - public function retrieveByCredentials(array $credentials); + public function retrieveByCredentials(#[\SensitiveParameter] array $credentials); /** * Validate a user against the given credentials. @@ -45,7 +45,7 @@ public function retrieveByCredentials(array $credentials); * @param array $credentials * @return bool */ - public function validateCredentials(Authenticatable $user, array $credentials); + public function validateCredentials(Authenticatable $user, #[\SensitiveParameter] array $credentials); /** * Rehash the user's password if required and supported. @@ -55,5 +55,5 @@ public function validateCredentials(Authenticatable $user, array $credentials); * @param bool $force * @return void */ - public function rehashPasswordIfRequired(Authenticatable $user, array $credentials, bool $force = false); + public function rehashPasswordIfRequired(Authenticatable $user, #[\SensitiveParameter] array $credentials, bool $force = false); } diff --git a/src/Illuminate/Contracts/Encryption/Encrypter.php b/src/Illuminate/Contracts/Encryption/Encrypter.php index ee555eaa245f..fd29d6c64655 100644 --- a/src/Illuminate/Contracts/Encryption/Encrypter.php +++ b/src/Illuminate/Contracts/Encryption/Encrypter.php @@ -13,7 +13,7 @@ interface Encrypter * * @throws \Illuminate\Contracts\Encryption\EncryptException */ - public function encrypt($value, $serialize = true); + public function encrypt(#[\SensitiveParameter] $value, $serialize = true); /** * Decrypt the given value. diff --git a/src/Illuminate/Contracts/Encryption/StringEncrypter.php b/src/Illuminate/Contracts/Encryption/StringEncrypter.php index 1e6938c29a16..399d653fad6f 100644 --- a/src/Illuminate/Contracts/Encryption/StringEncrypter.php +++ b/src/Illuminate/Contracts/Encryption/StringEncrypter.php @@ -12,7 +12,7 @@ interface StringEncrypter * * @throws \Illuminate\Contracts\Encryption\EncryptException */ - public function encryptString($value); + public function encryptString(#[\SensitiveParameter] $value); /** * Decrypt the given string without unserialization. diff --git a/src/Illuminate/Contracts/Hashing/Hasher.php b/src/Illuminate/Contracts/Hashing/Hasher.php index b5e4d4c8a823..d88cf1669a66 100644 --- a/src/Illuminate/Contracts/Hashing/Hasher.php +++ b/src/Illuminate/Contracts/Hashing/Hasher.php @@ -19,7 +19,7 @@ public function info($hashedValue); * @param array $options * @return string */ - public function make($value, array $options = []); + public function make(#[\SensitiveParameter] $value, array $options = []); /** * Check the given plain value against a hash. @@ -29,7 +29,7 @@ public function make($value, array $options = []); * @param array $options * @return bool */ - public function check($value, $hashedValue, array $options = []); + public function check(#[\SensitiveParameter] $value, $hashedValue, array $options = []); /** * Check if the given hash has been hashed using the given options. diff --git a/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php b/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php index 8a125ba1147d..2305100adb7d 100644 --- a/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php +++ b/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php @@ -1353,7 +1353,7 @@ public function fromEncryptedString($value) * @param mixed $value * @return string */ - protected function castAttributeAsEncryptedString($key, $value) + protected function castAttributeAsEncryptedString($key, #[\SensitiveParameter] $value) { return static::currentEncrypter()->encrypt($value, false); } @@ -1386,7 +1386,7 @@ protected static function currentEncrypter() * @param mixed $value * @return string */ - protected function castAttributeAsHashedString($key, $value) + protected function castAttributeAsHashedString($key, #[\SensitiveParameter] $value) { if ($value === null) { return null; diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php index 5d9c9463f1f3..0990b0a209c2 100755 --- a/src/Illuminate/Encryption/Encrypter.php +++ b/src/Illuminate/Encryption/Encrypter.php @@ -102,7 +102,7 @@ public static function generateKey($cipher) * * @throws \Illuminate\Contracts\Encryption\EncryptException */ - public function encrypt($value, $serialize = true) + public function encrypt(#[\SensitiveParameter] $value, $serialize = true) { $iv = random_bytes(openssl_cipher_iv_length(strtolower($this->cipher))); @@ -139,7 +139,7 @@ public function encrypt($value, $serialize = true) * * @throws \Illuminate\Contracts\Encryption\EncryptException */ - public function encryptString($value) + public function encryptString(#[\SensitiveParameter] $value) { return $this->encrypt($value, false); } @@ -217,7 +217,7 @@ public function decryptString($payload) * @param string $key * @return string */ - protected function hash($iv, $value, $key) + protected function hash(#[\SensitiveParameter] $iv, #[\SensitiveParameter] $value, #[\SensitiveParameter] $key) { return hash_hmac('sha256', $iv.$value, $key); } @@ -291,7 +291,7 @@ protected function validMac(array $payload) * @param string $key * @return bool */ - protected function validMacForKey($payload, $key) + protected function validMacForKey(#[\SensitiveParameter] $payload, $key) { return hash_equals( $this->hash($payload['iv'], $payload['value'], $key), $payload['mac'] diff --git a/src/Illuminate/Hashing/AbstractHasher.php b/src/Illuminate/Hashing/AbstractHasher.php index f10371290b1d..c3916a2599b7 100644 --- a/src/Illuminate/Hashing/AbstractHasher.php +++ b/src/Illuminate/Hashing/AbstractHasher.php @@ -23,7 +23,7 @@ public function info($hashedValue) * @param array $options * @return bool */ - public function check($value, $hashedValue, array $options = []) + public function check(#[\SensitiveParameter] $value, $hashedValue, array $options = []) { if (is_null($hashedValue) || strlen($hashedValue) === 0) { return false; diff --git a/src/Illuminate/Hashing/Argon2IdHasher.php b/src/Illuminate/Hashing/Argon2IdHasher.php index f12f806e0654..8e6878ed650f 100644 --- a/src/Illuminate/Hashing/Argon2IdHasher.php +++ b/src/Illuminate/Hashing/Argon2IdHasher.php @@ -16,7 +16,7 @@ class Argon2IdHasher extends ArgonHasher * * @throws \RuntimeException */ - public function check($value, $hashedValue, array $options = []) + public function check(#[\SensitiveParameter] $value, $hashedValue, array $options = []) { if ($this->verifyAlgorithm && ! $this->isUsingCorrectAlgorithm($hashedValue)) { throw new RuntimeException('This password does not use the Argon2id algorithm.'); diff --git a/src/Illuminate/Hashing/ArgonHasher.php b/src/Illuminate/Hashing/ArgonHasher.php index 4cbb38b465ea..3ec659670c93 100644 --- a/src/Illuminate/Hashing/ArgonHasher.php +++ b/src/Illuminate/Hashing/ArgonHasher.php @@ -58,7 +58,7 @@ public function __construct(array $options = []) * * @throws \RuntimeException */ - public function make($value, array $options = []) + public function make(#[\SensitiveParameter] $value, array $options = []) { $hash = @password_hash($value, $this->algorithm(), [ 'memory_cost' => $this->memory($options), @@ -93,7 +93,7 @@ protected function algorithm() * * @throws \RuntimeException */ - public function check($value, $hashedValue, array $options = []) + public function check(#[\SensitiveParameter] $value, $hashedValue, array $options = []) { if ($this->verifyAlgorithm && ! $this->isUsingCorrectAlgorithm($hashedValue)) { throw new RuntimeException('This password does not use the Argon2i algorithm.'); diff --git a/src/Illuminate/Hashing/BcryptHasher.php b/src/Illuminate/Hashing/BcryptHasher.php index 50b3859ed81c..b53eaccb3a52 100755 --- a/src/Illuminate/Hashing/BcryptHasher.php +++ b/src/Illuminate/Hashing/BcryptHasher.php @@ -42,7 +42,7 @@ public function __construct(array $options = []) * * @throws \RuntimeException */ - public function make($value, array $options = []) + public function make(#[\SensitiveParameter] $value, array $options = []) { $hash = password_hash($value, PASSWORD_BCRYPT, [ 'cost' => $this->cost($options), @@ -65,7 +65,7 @@ public function make($value, array $options = []) * * @throws \RuntimeException */ - public function check($value, $hashedValue, array $options = []) + public function check(#[\SensitiveParameter] $value, $hashedValue, array $options = []) { if ($this->verifyAlgorithm && ! $this->isUsingCorrectAlgorithm($hashedValue)) { throw new RuntimeException('This password does not use the Bcrypt algorithm.'); diff --git a/src/Illuminate/Hashing/HashManager.php b/src/Illuminate/Hashing/HashManager.php index 30c8b0695324..ef456b105baa 100644 --- a/src/Illuminate/Hashing/HashManager.php +++ b/src/Illuminate/Hashing/HashManager.php @@ -58,7 +58,7 @@ public function info($hashedValue) * @param array $options * @return string */ - public function make($value, array $options = []) + public function make(#[\SensitiveParameter] $value, array $options = []) { return $this->driver()->make($value, $options); } @@ -71,7 +71,7 @@ public function make($value, array $options = []) * @param array $options * @return bool */ - public function check($value, $hashedValue, array $options = []) + public function check(#[\SensitiveParameter] $value, $hashedValue, array $options = []) { return $this->driver()->check($value, $hashedValue, $options); } @@ -94,7 +94,7 @@ public function needsRehash($hashedValue, array $options = []) * @param string $value * @return bool */ - public function isHashed($value) + public function isHashed(#[\SensitiveParameter] $value) { return $this->driver()->info($value)['algo'] !== null; } diff --git a/src/Illuminate/Log/Context/Repository.php b/src/Illuminate/Log/Context/Repository.php index 35779da3e70d..1533dc6a9cfb 100644 --- a/src/Illuminate/Log/Context/Repository.php +++ b/src/Illuminate/Log/Context/Repository.php @@ -193,7 +193,7 @@ public function add($key, $value = null) * @param mixed $value * @return $this */ - public function addHidden($key, $value = null) + public function addHidden($key, #[\SensitiveParameter] $value = null) { $this->hidden = array_merge( $this->hidden, @@ -256,7 +256,7 @@ public function addIf($key, $value) * @param mixed $value * @return $this */ - public function addHiddenIf($key, $value) + public function addHiddenIf($key, #[\SensitiveParameter] $value) { if (! $this->hasHidden($key)) { $this->addHidden($key, $value);