Hash a password using the configured password hashing strategy
/**
* Creates a new account and sets the given password and roles
*
* @param string $identifier Identifier of the account, must be unique
* @param string $password The clear text password
* @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account
* @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with
* @param string $passwordHashingStrategy Optional password hashing strategy to use for the password
* @return Account A new account, not yet added to the account repository
*/
public function createAccountWithPassword($identifier, $password, $roleIdentifiers = [], $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default')
{
$account = new Account();
$account->setAccountIdentifier($identifier);
$account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy));
$account->setAuthenticationProviderName($authenticationProviderName);
$roles = [];
foreach ($roleIdentifiers as $roleIdentifier) {
$roles[] = $this->policyService->getRole($roleIdentifier);
}
$account->setRoles($roles);
return $account;
}
/**
* Persists a key to the file system
*
* @param string $name
* @param string $password
* @return void
* @throws SecurityException
*/
protected function persistKey($name, $password)
{
$hashedPassword = $this->hashService->hashPassword($password, $this->passwordHashingStrategy);
$keyPathAndFilename = $this->getKeyPathAndFilename($name);
if (!is_dir($this->getPath())) {
Utility\Files::createDirectoryRecursively($this->getPath());
}
$result = file_put_contents($keyPathAndFilename, $hashedPassword);
if ($result === false) {
throw new SecurityException(sprintf('The key could not be stored ("%s").', $keyPathAndFilename), 1305812921);
}
}
/**
* Sets a new password for the given user
*
* This method will iterate over all accounts owned by the given user and, if the account uses a UsernamePasswordToken,
* sets a new password accordingly.
*
* @param User $user The user to set the password for
* @param string $password A new password
* @return void
* @api
*/
public function setUserPassword(User $user, $password)
{
$tokens = $this->authenticationManager->getTokens();
$indexedTokens = array();
foreach ($tokens as $token) {
/** @var TokenInterface $token */
$indexedTokens[$token->getAuthenticationProviderName()] = $token;
}
foreach ($user->getAccounts() as $account) {
/** @var Account $account */
$authenticationProviderName = $account->getAuthenticationProviderName();
if (isset($indexedTokens[$authenticationProviderName]) && $indexedTokens[$authenticationProviderName] instanceof UsernamePassword) {
$account->setCredentialsSource($this->hashService->hashPassword($password));
$this->accountRepository->update($account);
}
}
}
/**
* @test
* @expectedException \Neos\Flow\Security\Exception\MissingConfigurationException
*/
public function hashPasswordThrowsExceptionIfNoDefaultHashingStrategyIsConfigured()
{
$mockSettings = ['security' => ['cryptography' => ['hashingStrategies' => ['TestStrategy' => TestHashingStrategy::class]]]];
$this->hashService->injectSettings($mockSettings);
$this->hashService->hashPassword('myTestPassword');
}
