Extracting password hashing into as separate method.

This makes is much easier for a subclass to only change how passwords
are hashed.

lib/Cake/Controller/Component/Auth/BaseAuthenticate.php

@@ -73,7 +73,7 @@ abstract class BaseAuthenticate {
 
 		$conditions = array(
 			$model . '.' . $fields['username'] => $username,
-			$model . '.' . $fields['password'] => AuthComponent::password($password),
+			$model . '.' . $fields['password'] => $this->_password($password),
 		);
 		if (!empty($this->settings['scope'])) {
 			$conditions = array_merge($conditions, $this->settings['scope']);
@@ -89,6 +89,17 @@ abstract class BaseAuthenticate {
 		return $result[$model];
 	}
 
+/**
+ * Hash the plain text password so that it matches the hashed/encrytped password
+ * in the datasource.
+ *
+ * @param string $password The plain text password.
+ * @return string The hashed form of the password.
+ */
+	protected function _password($password) {
+		return Security::hash($password, null, true);
+	}
+
 /**
  * Authenticate a user based on the request information.
  *

lib/Cake/Controller/Component/Auth/FormAuthenticate.php

@@ -65,4 +65,4 @@ class FormAuthenticate extends BaseAuthenticate {
 		);
 	}
 
-}
+}

lib/Cake/Controller/Component/AuthComponent.php

@@ -661,6 +661,9 @@ class AuthComponent extends Component {
 /**
  * Hash a password with the application's salt value (as defined with Configure::write('Security.salt');
  *
+ * This method is intended as a convenience wrapper for Security::hash().  If you want to use
+ * a hashing/encryption system not supported by that method, do not use this method.
+ *
  * @param string $password Password to hash
  * @return string Hashed password
  * @link http://book.cakephp.org/view/1263/password