Ejemplo n.º 1
0
 /**
  * @param string $password
  *
  * @return string|null
  */
 protected function getHashedPassword($password)
 {
     if ($password === null || Blowfish::detect($password)) {
         return $password;
     }
     $password = password_hash($password, PASSWORD_BCRYPT);
     if ($password === false) {
         throw new \RuntimeException('Unable to hash password.');
     }
     return $password;
 }
Ejemplo n.º 2
0
Archivo: Login.php Proyecto: bolt/bolt
 /**
  * Check a user login request for username/password combinations.
  *
  * @param string             $userName
  * @param string             $password
  * @param AccessControlEvent $event
  *
  * @return bool
  */
 protected function loginCheckPassword($userName, $password, AccessControlEvent $event)
 {
     if (!($userEntity = $this->getUserEntity($userName))) {
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
         return false;
     }
     $userAuth = $this->getRepositoryUsers()->getUserAuthData($userEntity->getId());
     if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') {
         $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled'));
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     if ((bool) $userEntity->getEnabled() === false) {
         $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled'));
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     $isValid = $this->passwordFactory->verifyHash($password, $userAuth->getPassword());
     if (!$isValid) {
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD));
         return $this->loginFailed($userEntity);
     }
     // Rehash password if not using Blowfish algorithm
     if (!Blowfish::detect($userAuth->getPassword())) {
         $userEntity->setPassword($this->passwordFactory->createHash($password, '$2y$'));
         try {
             $this->getRepositoryUsers()->update($userEntity);
         } catch (NotNullConstraintViolationException $e) {
             // Database needs updating
         }
     }
     $this->dispatcher->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched());
     return $this->loginFinish($userEntity);
 }
Ejemplo n.º 3
0
 /**
  * @covers PasswordLib\Password\Implementation\Blowfish
  * @dataProvider provideTestDetect
  */
 public function testDetect($from, $expect)
 {
     $this->assertEquals($expect, Blowfish::detect($from));
 }
Ejemplo n.º 4
0
 /**
  * Return a valid hash for a password, of if the password is already hashed
  * just return as is.
  *
  * @param string $password
  *
  * @throws AccessControlException
  *
  * @return string
  */
 private function getValidHash($password)
 {
     if (Password\Blowfish::detect($password)) {
         return $password;
     }
     if (Password\PHPASS::detect($password)) {
         return $password;
     }
     if (strlen($password) < 6) {
         throw new AccessControlException('Can not save a password with a length shorter than 6 characters!');
     }
     return $this->passwordFactory->createHash($password, '$2y$');
 }
Ejemplo n.º 5
0
 /**
  * Check to see if a provided password is valid.
  *
  * @param Entity\Oauth $oauth
  * @param string       $requestPassword
  *
  * @return bool
  */
 protected function isValidPassword(Entity\Oauth $oauth, $requestPassword)
 {
     if (!Blowfish::detect($oauth->getPassword())) {
         return false;
     }
     // We have a Blowfish hash, verify
     return password_verify($requestPassword, $oauth->getPassword());
 }
Ejemplo n.º 6
0
Archivo: Login.php Proyecto: Boorj/bolt
 /**
  * Check a user login request for username/password combinations.
  *
  * @param string             $userName
  * @param string             $password
  * @param AccessControlEvent $event
  *
  * @return bool
  */
 protected function loginCheckPassword($userName, $password, AccessControlEvent $event)
 {
     if (!($userEntity = $this->getUserEntity($userName))) {
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
         return false;
     }
     $userAuth = $this->repositoryUsers->getUserAuthData($userEntity->getId());
     if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') {
         $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('Your account is disabled. Sorry about that.'));
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     if ((bool) $userEntity->getEnabled() === false) {
         $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('Your account is disabled. Sorry about that.'));
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     $isValid = $this->app['password_factory']->verifyHash($password, $userAuth->getPassword());
     if (!$isValid) {
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD));
         return $this->loginFailed($userEntity);
     }
     // Rehash password if not using Blowfish algorithm
     if (!Blowfish::detect($userAuth->getPassword())) {
         $userEntity->setPassword($this->app['password_factory']->createHash($password, '$2y$'));
         $this->repositoryUsers->update($userEntity);
     }
     $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched());
     return $this->loginFinish($userEntity);
 }