From 76e341530b979dfa5de93985e0df23d8715ed41a Mon Sep 17 00:00:00 2001
From: Matt H <matt_henderson@sil.org>
Date: Thu, 30 May 2024 15:13:58 -0400
Subject: [PATCH] Always use bcrypt to hash the WebAuthn MFA API's api secret

Our MFA APIs use bcrypt for that, and at some point the
`PASSWORD_DEFAULT` may change for PHP. This commit's code change
protects this code from breaking when the default PHP password hashing
algorithm does change.
---
 application/features/bootstrap/AuthenticationContext.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/features/bootstrap/AuthenticationContext.php b/application/features/bootstrap/AuthenticationContext.php
index 2c542da6..ff91ac43 100644
--- a/application/features/bootstrap/AuthenticationContext.php
+++ b/application/features/bootstrap/AuthenticationContext.php
@@ -81,7 +81,7 @@ public function weHaveTheWrongPasswordForTheWebauthnMfaApi()
 
     protected function setWebAuthnApiSecretTo(string $newPlainTextApiSecret)
     {
-        $newHashedApiSecret = password_hash($newPlainTextApiSecret, PASSWORD_DEFAULT);
+        $newHashedApiSecret = password_hash($newPlainTextApiSecret, PASSWORD_BCRYPT);
         $dynamoDbClient = new DynamoDbClient([
             'region'   => getenv('AWS_DEFAULT_REGION'),
             'endpoint' => getenv('AWS_ENDPOINT'),