public function updatePassword(UpdatePasswordCommand $command, $login = null)
{
$user = $this->getUserOrCurrentUser($login);
$passwordIsValid = $this->passwordEncoder->isPasswordValid($user->getPassword(), $command->getOldPassword(), $user->getNonce());
if (!$passwordIsValid) {
throw new AccountException('Invalid password provided');
}
$this->userManipulator->setPassword($user, $command->getPassword());
}
public function resetPassword($resetToken, $newPassword)
{
$token = $this->tokenRepository->findValidToken($resetToken);
if ($token === null || $token->getType() != TokenManipulator::TYPE_PASSWORD) {
$this->application->abort(401, 'A token is required');
}
$this->userManipulator->setPassword($token->getUser(), $newPassword);
$this->tokenManipulator->delete($token);
}
/**
* {@inheritdoc}
*/
public function getUsrId($username, $password, Request $request)
{
if (null === ($user = $this->repository->findRealUserByLogin($username))) {
return null;
}
if ($user->isSpecial()) {
return null;
}
// check locked account
if ($user->isMailLocked()) {
throw new AccountLockedException('The account is locked', $user->getId());
}
if (false === $user->isSaltedPassword()) {
// we need a quick update and continue
if ($this->oldEncoder->isPasswordValid($user->getPassword(), $password, $user->getNonce())) {
$this->userManipulator->setPassword($user, $password);
}
}
if (false === $this->encoder->isPasswordValid($user->getPassword(), $password, $user->getNonce())) {
return null;
}
return $user->getId();
}
