/**
* Does login operation
* @param string $username
* @param string $password
* @param string $yubikeyOTP
* @param bool $writeCookie
* @param bool $isPasswordEncrypted
*
* @throws RuntimeException (Codes: 1 - Incorrect login/password combination,
* 2 - Account is disabled
* 3 - User is not in Users group
* 4 - Invalid Yubikey)
*/
public function doLogin($username, $password, $writeCookie = false, $isPasswordEncrypted = false, $yubikeyOTP = null)
{
parent::doLogin($username, $password, $writeCookie, $isPasswordEncrypted);
if ($this->isYubikeyRequired($this->usr->getId())) {
$available_yubikeys = $this->getAvailableYubikeysList($this->usr->getId());
if (!in_array($this->getYubikeyKeyByOTP($yubikeyOTP), $available_yubikeys)) {
$this->doLogout();
throw new RuntimeException("Invalid Yubikey", static::EXCEPTION_INVALID_YUBIKEY);
} else {
try {
$this->authYubikey->verify($yubikeyOTP);
} catch (YubikeyException $e) {
$this->doLogout();
throw new RuntimeException("Yubikey Validation Failed", static::EXCEPTION_INVALID_YUBIKEY);
}
}
}
}
/**
* Set User Password overriding the old one
*
* @param User $user
* @param string $password
* @throws InvalidArgumentException
* @return integer Affected
*/
public function setUserPassword(User $user, $password)
{
if (empty($password)) {
throw new InvalidArgumentException("\$password can't be empty");
}
$salt = Crypto::secureRandom(512);
$passwordHash = UserAuthorization::getUserPasswordHash($password, $salt);
$qb = new QueryBuilder();
$qb->update(Tbl::get('TBL_USERS'))->set(new Field('password'), $passwordHash)->set(new Field('salt'), $salt)->where($qb->expr()->equal(new Field('id'), $user->id));
return $this->query->exec($qb->getSQL())->affected();
}
