/**
* Generate vault payment public hash
*
* @param PaymentTokenInterface $paymentToken
* @return string
*/
protected function generatePublicHash(PaymentTokenInterface $paymentToken)
{
$hashKey = $paymentToken->getGatewayToken();
if ($paymentToken->getCustomerId()) {
$hashKey = $paymentToken->getCustomerId();
}
$hashKey .= $paymentToken->getPaymentMethodCode() . $paymentToken->getType() . $paymentToken->getTokenDetails();
return $this->encryptor->getHash($hashKey);
}
/**
* Upgrade customer password hash when customer has logged in
*
* @param \Magento\Framework\Event\Observer $observer
* @return void
*/
public function execute(\Magento\Framework\Event\Observer $observer)
{
$password = $observer->getEvent()->getData('password');
/** @var \Magento\Customer\Model\Customer $model */
$model = $observer->getEvent()->getData('model');
$customer = $this->customerRepository->getById($model->getId());
$customerSecure = $this->customerRegistry->retrieveSecureData($model->getId());
if (!$this->encryptor->validateHashVersion($customerSecure->getPasswordHash(), true)) {
$customerSecure->setPasswordHash($this->encryptor->getHash($password, true));
$this->customerRepository->save($customer);
}
}
/**
* Save current admin password to prevent its usage when changed in the future.
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
/* @var $user \Magento\User\Model\User */
$user = $observer->getEvent()->getObject();
if ($user->getId()) {
$password = $user->getCurrentPassword();
$passwordLifetime = $this->observerConfig->getAdminPasswordLifetime();
if ($passwordLifetime && $password && !$user->getForceNewPassword()) {
$passwordHash = $this->encryptor->getHash($password, false);
$this->userResource->trackPassword($user, $passwordHash, $passwordLifetime);
$this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired');
$this->authSession->unsPciAdminUserIsPasswordExpired();
}
}
}
/**
* Generate secret key for controller and action based on form key
*
* @param string $routeName
* @param string $controller Controller name
* @param string $action Action name
* @return string
*/
public function getSecretKey($routeName = null, $controller = null, $action = null)
{
$salt = $this->formKey->getFormKey();
$request = $this->_getRequest();
if (!$routeName) {
if ($request->getBeforeForwardInfo('route_name') !== null) {
$routeName = $request->getBeforeForwardInfo('route_name');
} else {
$routeName = $request->getRouteName();
}
}
if (!$controller) {
if ($request->getBeforeForwardInfo('controller_name') !== null) {
$controller = $request->getBeforeForwardInfo('controller_name');
} else {
$controller = $request->getControllerName();
}
}
if (!$action) {
if ($request->getBeforeForwardInfo('action_name') !== null) {
$action = $request->getBeforeForwardInfo('action_name');
} else {
$action = $request->getActionName();
}
}
$secret = $routeName . $controller . $action . $salt;
return $this->_encryptor->getHash($secret);
}
/**
* Harden admin password change.
*
* New password must be minimum 7 chars length and include alphanumeric characters
* The password is compared to at least last 4 previous passwords to prevent setting them again
*
* @param EventObserver $observer
* @return void
* @throws \Magento\Framework\Exception\LocalizedException
*/
public function execute(EventObserver $observer)
{
/* @var $user \Magento\User\Model\User */
$user = $observer->getEvent()->getObject();
if ($user->getNewPassword()) {
$password = $user->getNewPassword();
} else {
$password = $user->getPassword();
}
if ($password && !$user->getForceNewPassword() && $user->getId()) {
if ($this->encryptor->isValidHash($password, $user->getOrigData('password'))) {
throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.'));
}
// check whether password was used before
$passwordHash = $this->encryptor->getHash($password, false);
foreach ($this->userResource->getOldPasswords($user) as $oldPasswordHash) {
if ($passwordHash === $oldPasswordHash) {
throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.'));
}
}
}
}
/**
* @param PaymentTokenInterface $token
* @param OrderPaymentInterface $payment
* @return bool
*/
public function saveTokenWithPaymentLink(PaymentTokenInterface $token, OrderPaymentInterface $payment)
{
$tokenDuplicate = $this->getByPublicHash($token->getPublicHash(), $token->getCustomerId());
if (!empty($tokenDuplicate)) {
if ($token->getIsVisible()) {
$token->setEntityId($tokenDuplicate->getEntityId());
} else {
$token->setPublicHash($this->encryptor->getHash($token->getPublicHash() . $token->getCreatedAt()));
}
}
$this->paymentTokenRepository->save($token);
$result = $this->addLinkToOrderPayment($token->getEntityId(), $payment->getEntityId());
return $result;
}
/**
* Retrieve encoded password
*
* @param string $password
* @return string
*/
protected function _getEncodedPassword($password)
{
return $this->_encryptor->getHash($password, true);
}
/**
* Return hashed password, which can be directly saved to database.
*
* @param string $password
* @return string
*/
public function getPasswordHash($password)
{
return $this->encryptor->getHash($password);
}
/**
* Generate password string
*
* @return string
*/
protected function generatePassword()
{
return $this->encryptor->getHash($this->data[self::KEY_PASSWORD], true);
}
/**
* Hash customer password
*
* @param string $password
* @param bool|int|string $salt
* @return string
*/
public function hashPassword($password, $salt = true)
{
return $this->_encryptor->getHash($password, $salt);
}
