From 73d623fed0c0068cf756d2fc75b21d035f57db68 Mon Sep 17 00:00:00 2001
From: Nigel Greenway <NigelGreenway@users.noreply.github.com>
Date: Fri, 17 Jun 2016 17:08:27 +0100
Subject: [PATCH] Fixes security issue on handling a failed `password_hash`
 (#5)

* Fix #4 - Add check for unsuccessful hash

* Remove unnecessary `return` statement on `__construct`
---
 lib/Exception/InactivePassException.php    |  2 +-
 lib/Exception/InvalidPasswordException.php |  2 +-
 lib/Handler/BasicPasswordHandler.php       | 12 ++++++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/Exception/InactivePassException.php b/lib/Exception/InactivePassException.php
index bba8314..5a50b73 100644
--- a/lib/Exception/InactivePassException.php
+++ b/lib/Exception/InactivePassException.php
@@ -19,6 +19,6 @@ final class InactivePassException extends Exception
     /** Class constructor */
     public function __construct()
     {
-        return parent::__construct('Inactive Pass');
+        parent::__construct('Inactive Pass');
     }
 }
diff --git a/lib/Exception/InvalidPasswordException.php b/lib/Exception/InvalidPasswordException.php
index bea0e2e..4626028 100644
--- a/lib/Exception/InvalidPasswordException.php
+++ b/lib/Exception/InvalidPasswordException.php
@@ -19,6 +19,6 @@ final class InvalidPasswordException extends Exception
     /** Class Constructor */
     public function __construct()
     {
-        return parent::__construct('An invalid password as been given');
+        parent::__construct('An invalid password as been given');
     }
 }
diff --git a/lib/Handler/BasicPasswordHandler.php b/lib/Handler/BasicPasswordHandler.php
index d48ba42..fb673d5 100644
--- a/lib/Handler/BasicPasswordHandler.php
+++ b/lib/Handler/BasicPasswordHandler.php
@@ -30,12 +30,20 @@ private function __construct($hash)
         $this->hash = $hash;
     }
 
-    /** {@inheritDoc} */
+    /**
+     * {@inheritDoc}
+     *
+     * @throws \RuntimeException
+     */
     public static function hash($password, array $options = [])
     {
         $hash = password_hash($password, PASSWORD_DEFAULT, $options);
 
-        return new self($hash);
+        if ($hash !== false) {
+            return new self($hash);
+        }
+
+        throw new \RuntimeException('Unsuccessful `password_hash` function call');
     }
 
     /** {@inheritDoc} */