/**
* Authenticates current user.
*
* This method is expected to implement some kind of session-based
* authentication persistence, thus ignoring any provided or missing
* credentials if that session-based authentication succeeded internally.
*
* @throws unauthorized_exception when authentication fails
* @param mixed $credentials arbitrary data required for authenticating user
* @return user current instance for chaining calls
*/
public function authenticate($credentials)
{
if ($this->isAuthenticated()) {
return $this;
}
exception::enterSensitive();
$record = $this->getRecord();
$token = @$record['password'];
if ($credentials && $token) {
if (blowfish::isValidHash($token)) {
$hash = blowfish::get($credentials, blowfish::extractSalt($token));
} else {
if (ssha::isValidHash($token)) {
$hash = ssha::get($credentials, ssha::extractSalt($token));
} else {
throw new \RuntimeException("unknown hashing on user's token");
}
}
if ($hash === $token) {
if (trim($record['lock']) !== '') {
throw new unauthorized_exception(_L('account is locked'), unauthorized_exception::ACCOUNT_LOCKED, $this);
}
$this->_authenticated = true;
// store credentials in session
$this->saveCredentials($credentials);
// reset any previously cached copy of user's node
$this->record = null;
}
}
exception::leaveSensitive();
if ($this->_authenticated) {
return $this;
}
throw new unauthorized_exception(_L('invalid/missing password.'), unauthorized_exception::TOKEN_MISMATCH, $this);
}
