middlewares
diff --git a/‎CHANGELOG.md
Lines changed: 7 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 22 additions & 0 deletions b/‎README.md
Lines changed: 22 additions & 0 deletions
diff --git a/‎composer.json
Lines changed: 1 addition & 1 deletion b/‎composer.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/BasicAuthentication.php
Lines changed: 16 additions & 3 deletions b/‎src/BasicAuthentication.php
Lines changed: 16 additions & 3 deletions
diff --git a/‎tests/BasicAuthenticationTest.php
Lines changed: 20 additions & 0 deletions b/‎tests/BasicAuthenticationTest.php
Lines changed: 20 additions & 0 deletions
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.1.0] - 2020-04-24
+### Added
+- Option `BasicAuthentication::verifyHash()` [#2]
+
 ## [2.0.0] - 2019-11-30
 ### Added
 - Added a second argument to the constructor to set a `ResponseFactory`
@@ -59,6 +63,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ## 0.1.0 - 2016-10-02
 First version
 
+[#2]: https://github.com/middlewares/http-authentication/issues/2
+
+[2.1.0]: https://github.com/middlewares/http-authentication/compare/v2.0.0...v2.1.0
 [2.0.0]: https://github.com/middlewares/http-authentication/compare/v1.1.0...v2.0.0
 [1.1.0]: https://github.com/middlewares/http-authentication/compare/v1.0.0...v1.1.0
 [1.0.0]: https://github.com/middlewares/http-authentication/compare/v0.5.0...v1.0.0
 
@@ -71,6 +71,28 @@ Dispatcher::run([
 ]);
 ```
 
+### verifyHash
+
+This option verifies the password using [`password_verify`](https://www.php.net/manual/en/function.password-verify.php). Useful if you don't want to provide the passwords in plain text.
+
+```php
+$users = [
+    'username' => password_hash('secret-password', PASSWORD_DEFAULT);
+]
+
+Dispatcher::run([
+    (new Middlewares\BasicAuthentication($users))
+        ->attribute('username')
+        ->verifyHash(),
+
+    function ($request) {
+        $username = $request->getAttribute('username');
+
+        return new Response('Hello '.$username);
+    }
+]);
+```
+
 ## DigestAuthentication
 
 The [Digest access authentication](https://en.wikipedia.org/wiki/Digest_access_authentication) is more secure than basic.
 
@@ -24,7 +24,7 @@
     },
     "require-dev": {
         "phpunit/phpunit": "^8.1",
-        "zendframework/zend-diactoros": "^2.2",
+        "laminas/laminas-diactoros": "^2.2",
         "friendsofphp/php-cs-fixer": "^2.0",
         "squizlabs/php_codesniffer": "^3.0",
         "oscarotero/php-cs-fixer-config": "^1.0"
 
@@ -10,6 +10,8 @@
 
 class BasicAuthentication extends HttpAuthentication implements MiddlewareInterface
 {
+    private $verifyHash = false;
+
     /**
      * Process a server request and return a response.
      */
@@ -29,6 +31,13 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         return $handler->handle($request);
     }
 
+    public function verifyHash($verifyHash = true): self
+    {
+        $this->verifyHash = $verifyHash;
+
+        return $this;
+    }
+
     /**
      * Check the user credentials and return the username
      */
@@ -46,11 +55,15 @@ private function login(ServerRequestInterface $request): ?string
             return null;
         }
 
-        if ($this->users[$authorization['username']] !== $authorization['password']) {
-            return null;
+        if ($this->verifyHash) {
+            return password_verify($authorization['password'], $this->users[$authorization['username']])
+                ? $authorization['username']
+                : null;
         }
 
-        return $authorization['username'];
+        return $this->users[$authorization['username']] === $authorization['password']
+            ? $authorization['username']
+            : null;
     }
 
     /**
 
@@ -74,4 +74,24 @@ function ($request) {
         $this->assertSame(200, $response->getStatusCode());
         $this->assertSame('user', (string) $response->getBody());
     }
+
+    public function testHashSuccess()
+    {
+        $request = Factory::createServerRequest('GET', '/')
+            ->withHeader('Authorization', 'Basic '.base64_encode('user:rasmuslerdorf'));
+
+        $response = Dispatcher::run([
+            (new BasicAuthentication(['user' => '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq']))
+                ->verifyHash()
+                ->realm('My realm')
+                ->attribute('auth-username'),
+
+            function ($request) {
+                echo $request->getAttribute('auth-username');
+            },
+        ], $request);
+
+        $this->assertSame(200, $response->getStatusCode());
+        $this->assertSame('user', (string) $response->getBody());
+    }
 }