From 107fe404740a896733a9cdac51289167edc82b58 Mon Sep 17 00:00:00 2001
From: WarLikeLaux <warlikelaux080399@mail.ru>
Date: Sun, 7 Jun 2026 23:40:01 +0600
Subject: [PATCH] fix(cryptography): support php builds without argon2

---
 packages/cryptography/src/Password/HashingAlgorithm.php  | 9 +++++++--
 packages/cryptography/src/Password/hashing.config.php    | 6 +++++-
 .../cryptography/tests/Password/PasswordHasherTest.php   | 9 +++++++++
 tests/Integration/Cryptography/PasswordHasherTest.php    | 5 ++++-
 4 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/packages/cryptography/src/Password/HashingAlgorithm.php b/packages/cryptography/src/Password/HashingAlgorithm.php
index a5a04c1d95..83bec76fef 100644
--- a/packages/cryptography/src/Password/HashingAlgorithm.php
+++ b/packages/cryptography/src/Password/HashingAlgorithm.php
@@ -4,13 +4,18 @@
 
 enum HashingAlgorithm: string
 {
+    // The values are the literal strings behind PASSWORD_ARGON2ID and PASSWORD_BCRYPT.
+    // PASSWORD_ARGON2ID is only defined on PHP builds compiled with Argon2, so using the
+    // constant here would make the whole enum unloadable on builds without it. The literals
+    // match what password_hash() expects and what password_get_info() reports.
+
     /**
      * @see https://en.wikipedia.org/wiki/Argon2
      */
-    case ARGON2ID = PASSWORD_ARGON2ID;
+    case ARGON2ID = 'argon2id';
 
     /**
      * @see https://en.wikipedia.org/wiki/bcrypt
      */
-    case BCRYPT = PASSWORD_BCRYPT;
+    case BCRYPT = '2y';
 }
diff --git a/packages/cryptography/src/Password/hashing.config.php b/packages/cryptography/src/Password/hashing.config.php
index c4cbc4a3f7..5abfdfbd35 100644
--- a/packages/cryptography/src/Password/hashing.config.php
+++ b/packages/cryptography/src/Password/hashing.config.php
@@ -1,5 +1,9 @@
 <?php
 
 use Tempest\Cryptography\Password\ArgonConfig;
+use Tempest\Cryptography\Password\BcryptConfig;
+use Tempest\Cryptography\Password\HashingAlgorithm;
 
-return new ArgonConfig();
+return in_array(HashingAlgorithm::ARGON2ID->value, password_algos(), true)
+    ? new ArgonConfig()
+    : new BcryptConfig();
diff --git a/packages/cryptography/tests/Password/PasswordHasherTest.php b/packages/cryptography/tests/Password/PasswordHasherTest.php
index c3816e9383..1e54492797 100644
--- a/packages/cryptography/tests/Password/PasswordHasherTest.php
+++ b/packages/cryptography/tests/Password/PasswordHasherTest.php
@@ -20,6 +20,15 @@ public function test_algorithm(): void
         $this->assertSame(HashingAlgorithm::BCRYPT, $hasher->algorithm);
     }
 
+    public function test_algorithm_values_match_password_constants(): void
+    {
+        $this->assertSame(PASSWORD_BCRYPT, HashingAlgorithm::BCRYPT->value);
+
+        if (defined('PASSWORD_ARGON2ID')) {
+            $this->assertSame(PASSWORD_ARGON2ID, HashingAlgorithm::ARGON2ID->value);
+        }
+    }
+
     public function test_config_options(): void
     {
         $this->assertSame(
diff --git a/tests/Integration/Cryptography/PasswordHasherTest.php b/tests/Integration/Cryptography/PasswordHasherTest.php
index d5596ecd03..5f25da7041 100644
--- a/tests/Integration/Cryptography/PasswordHasherTest.php
+++ b/tests/Integration/Cryptography/PasswordHasherTest.php
@@ -12,7 +12,10 @@ final class PasswordHasherTest extends FrameworkIntegrationTestCase
     public function test_default_algorithm(): void
     {
         $hasher = $this->container->get(PasswordHasher::class);
-        $this->assertSame(HashingAlgorithm::ARGON2ID, $hasher->algorithm);
+        $expected = in_array(HashingAlgorithm::ARGON2ID->value, password_algos(), true)
+            ? HashingAlgorithm::ARGON2ID
+            : HashingAlgorithm::BCRYPT;
+        $this->assertSame($expected, $hasher->algorithm);
     }
 
     public function test_hash_verify(): void