public function __invoke(Request $request)
{
if ($this->container->hasParameter('partkeepr.auth.allow_password_change') && $this->container->getParameter('partkeepr.auth.allow_password_change') === false) {
throw new PasswordChangeNotAllowedException();
}
$user = $this->userService->getUser();
if (!$request->request->has('oldpassword') && !$request->request->has('newpassword')) {
throw new \Exception('old password and new password need to be specified');
}
$FOSUser = $this->userManager->findUserByUsername($user->getUsername());
if ($FOSUser !== null) {
$encoder = $this->encoderFactory->getEncoder($FOSUser);
$encoded_pass = $encoder->encodePassword($request->request->get('oldpassword'), $FOSUser->getSalt());
if ($FOSUser->getPassword() != $encoded_pass) {
throw new OldPasswordWrongException();
}
$this->userManipulator->changePassword($user->getUsername(), $request->request->get('newpassword'));
} else {
if ($user->isLegacy()) {
if ($user->getPassword() !== md5($request->request->get('oldpassword'))) {
throw new OldPasswordWrongException();
}
$user->setNewPassword($request->request->get('newpassword'));
$this->userService->syncData($user);
} else {
throw new \Exception('Cannot change password for LDAP users');
}
}
$user->setPassword('');
$user->setNewPassword('');
return $user;
}
public function testGetEncoderConfiguredForConcreteClassWithClassName()
{
$factory = new EncoderFactory(array('Symfony\\Component\\Security\\Tests\\Core\\Encoder\\SomeUser' => new MessageDigestPasswordEncoder('sha1')));
$encoder = $factory->getEncoder('Symfony\\Component\\Security\\Tests\\Core\\Encoder\\SomeChildUser');
$expectedEncoder = new MessageDigestPasswordEncoder('sha1');
$this->assertEquals($expectedEncoder->encodePassword('foo', ''), $encoder->encodePassword('foo', ''));
}
public function testGetEncoderWithService()
{
$factory = new EncoderFactory(array('Symfony\\Component\\Security\\Core\\User\\UserInterface' => new MessageDigestPasswordEncoder('sha1')));
$encoder = $factory->getEncoder($this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'));
$expectedEncoder = new MessageDigestPasswordEncoder('sha1');
$this->assertEquals($expectedEncoder->encodePassword('foo', ''), $encoder->encodePassword('foo', ''));
}
/**
* Is user password correct
*
* @param BackendUser $user
* @param string $password
*
* @return boolean $isValid
*/
public function checkUserPassword(BackendUser $user, $password)
{
$encoder = $this->encoder->getEncoder($user);
if (!$encoder) {
return false;
}
$isValid = $encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt());
return $isValid;
}
/**
* @param User $user
*/
private function handleUserChange(User $user)
{
if (!($plainPassword = $user->getPlainPassword())) {
return;
}
$encoder = $this->encoderFactory->getEncoder($user);
$password = $encoder->encodePassword($plainPassword, $user->getSalt());
$user->setPassword($password);
}
/**
* @param User $user
*/
private function updatePassword(User $user)
{
$password = $user->getPlainPassword();
if (0 !== strlen($password)) {
$encoder = $this->encoder->getEncoder($user);
$user->setPassword($encoder->encodePassword($password, $user->getSalt()));
$user->eraseCredentials();
}
}
public function register(User $user)
{
$user->setSalt(md5(time()));
$password = $this->securityEncoderFactory->getEncoder($user)->encodePassword($user->getPassword(), $user->getSalt());
$user->setPassword($password);
$this->em->persist($user);
$this->em->flush();
$token = new UsernamePasswordToken($user, $user->getPassword(), 'app', $user->getRoles());
$this->securityContext->setToken($token);
}
/**
* Injects the password encoder into user resources
*
* @param ActionEvent $event
* @throws AccessDeniedHttpException
*/
public function onActionEvent(ActionEvent $event)
{
if (!in_array($event->getId(), $this->validIds)) {
return;
}
$resource = $event->getData()->getResource();
if ($resource instanceof User) {
$resource->setEncoder($this->encoderFactory->getEncoder($resource));
}
}
/**
* returns int
* 0 - success
* 1 - wrong email
* 2 - any error
*/
public function editUser(User $user, \Symfony\Component\Security\Core\Encoder\EncoderFactory $ef)
{
$encoder = $ef->getEncoder($user);
$password = $encoder->encodePassword($user->getPassword(), $user->getSalt());
$user->setPassword($password);
$user->setActive(true);
$user->setBlocked(false);
$this->em->persist($user);
$this->em->flush();
return $user->getId() > 0 ? 0 : 2;
}
/**
* Set userShop new password
*
* @param array|string $data
* @return $this
*/
public function setPassword($data)
{
$encoder = $this->securityFactory->getEncoder($this->usershop);
if (!empty($data['password'])) {
$existingPassword = $this->usershop->getPassword();
$newPassword = $encoder->encodePassword($data['password'], $this->usershop->getSalt());
if ($existingPassword != $newPassword) {
$this->usershop->setPassword($newPassword);
}
}
return $this;
}
/**
* @param LifecycleEventArgs $args
*/
public function prePersist(LifeCycleEventArgs $args)
{
/** @var AdvancedUserInterface $object */
$object = $args->getEntity();
if ($object instanceof AdvancedUserInterface) {
$salt = md5(uniqid(null, true));
$object->setSalt($salt);
$encoder = $this->encoder->getEncoder($object);
$encodedPassword = $encoder->encodePassword($object->getPlainPassword(), $object->getSalt());
$object->setPassword($encodedPassword);
$object->setLastLogin(new \DateTime(date('Y-m-d H:i:s')));
}
}
/**
* @param $username
* @param $password
* @return bool|mixed
*/
public function checkUsernameAndPassword($username, $password)
{
$user = $this->getUserByUsername($username);
if (!$user) {
return false;
}
$encoder = $this->encoderFactory->getEncoder($user);
$password = $encoder->encodePassword($password, $user->getSalt());
if ($password == $user->getPassword()) {
return $user;
}
return false;
}
public function validate($value, Constraint $constraint)
{
$repo = $this->em->getRepository('UsuarioBundle:Clave');
$user = $this->securityContext->getToken()->getUser();
/* @var $user Usuario */
$rawPassword = $value;
$encoder = $this->encoderFactory->getEncoder($user);
$encodedPassword = $encoder->encodePassword($rawPassword, $user->getSalt());
$clave = $repo->findOneBy(array('usuario' => $user->getId(), 'clave' => $encodedPassword));
if ($clave) {
$this->context->addViolation($constraint->message, array("%string%" => $value));
}
}
public function testGetEncoderForEncoderAwareWithClassName()
{
$factory = new EncoderFactory(array('Symfony\\Component\\Security\\Core\\Tests\\Encoder\\EncAwareUser' => new MessageDigestPasswordEncoder('sha1'), 'encoder_name' => new MessageDigestPasswordEncoder('sha256')));
$encoder = $factory->getEncoder('Symfony\\Component\\Security\\Core\\Tests\\Encoder\\EncAwareUser');
$expectedEncoder = new MessageDigestPasswordEncoder('sha1');
$this->assertEquals($expectedEncoder->encodePassword('foo', ''), $encoder->encodePassword('foo', ''));
}
/**
* @param User $user
* @param string $newPassword
*
* @return User
*/
public function changePassword(User $user, $newPassword)
{
$encoder = $this->encoderFactory->getEncoder($user);
$salt = bin2hex($this->secureRandom->nextBytes(16));
$encodedPassword = $encoder->encodePassword($newPassword, $salt);
$user->setSalt($salt);
$user->setPassword($encodedPassword);
return $user;
}
public function __construct($security_config)
{
$encoder['plaintext'] = new PlaintextPasswordEncoder();
$encoder['sha512'] = new MessageDigestPasswordEncoder('sha512', false, 1);
$encoders = array();
foreach ($security_config['encoders'] as $prov => $enco) {
$encoders[$prov] = $encoder[$enco];
}
return parent::__construct($encoders);
}
public function changePassword(User $User)
{
if (null == $User->getPlainPassword()) {
throw new UserException('Nie ustawiono nowego hasła!');
}
$encoder = $this->encoderFactory->getEncoder($User);
$encoderPassword = $encoder->encodePassword($User->getPlainPassword(), $User->getSalt());
$User->setPassword($encoderPassword);
$em = $this->doctrine->getManager();
$em->persist($User);
$em->flush();
return true;
}
/**
* @param User $user
* @param $password
* @param bool $old_password
* @return bool
*/
public function changePassword(User &$user, $password, $old_password = false)
{
if (empty($password)) {
return false;
}
$encoder = $this->encoderFactory->getEncoder($user);
if ($old_password) {
if (!$encoder->isPasswordValid($user->getPassword(), $old_password, $user->getSalt())) {
return false;
}
}
$user->setPassword($password);
$password = $encoder->encodePassword($user->getPassword(), $user->getSalt());
$user->setPassword($password);
return true;
}
/**
* Create/update user from authentication plugins.
*
* @param User $user
* @param bool|true $createIfNotExists
*
* @return User
*/
public function saveUser(User $user, $createIfNotExists = true)
{
$isNew = !$user->getId();
if ($isNew) {
// Check if user exists and create one if applicable
try {
$user = $this->loadUserByUsername($user->getUsername(), $user->getEmail());
} catch (UsernameNotFoundException $exception) {
if (!$createIfNotExists) {
throw new BadCredentialsException();
}
}
}
// Validation for User objects returned by a plugin
if (!$user->getRole()) {
throw new AuthenticationException('mautic.integration.sso.error.no_role');
}
if (!$user->getUsername()) {
throw new AuthenticationException('mautic.integration.sso.error.no_username');
}
if (!$user->getEmail()) {
throw new AuthenticationException('mautic.integration.sso.error.no_email');
}
if (!$user->getFirstName() || !$user->getLastName()) {
throw new AuthenticationException('mautic.integration.sso.error.no_name');
}
// Check for plain password
$plainPassword = $user->getPlainPassword();
if ($plainPassword) {
// Encode plain text
$user->setPassword($this->encoder->getEncoder($user)->encodePassword($plainPassword, $user->getSalt()));
} elseif (!($password = $user->getPassword())) {
// Generate and encode a random password
$user->setPassword($this->encoder->getEncoder($user)->encodePassword(EncryptionHelper::generateKey(), $user->getSalt()));
}
$event = new UserEvent($user, $isNew);
if ($this->dispatcher->hasListeners(UserEvents::USER_PRE_SAVE)) {
$event = $this->dispatcher->dispatch(UserEvents::USER_PRE_SAVE, $event);
}
$this->userRepository->saveEntity($user);
if ($this->dispatcher->hasListeners(UserEvents::USER_POST_SAVE)) {
$this->dispatcher->dispatch(UserEvents::USER_POST_SAVE, $event);
}
return $user;
}
/**
* Reset and send password by email
*/
public function resetPassword($user)
{
if ($user) {
$utility = new PasswordUtility();
$password = $utility->generatePassword();
$encoder = $this->encoder->getEncoder($user);
$encodedPassword = $encoder->encodePassword($password, $user->getSalt());
$user->setPassword($encodedPassword);
// Send password via email
try {
$message = \Swift_Message::newInstance()->setSubject('Password reset')->setFrom($this->websiteEmail)->setTo($user->getEmail())->setBody($this->templating->render('AiselFrontendUserBundle:Email:newPassword.txt.twig', array('username' => $user->getUsername(), 'password' => $password)));
$response = $this->mailer->send($message);
} catch (\Swift_TransportException $e) {
$response = $e->getMessage();
}
$this->em->persist($user);
$this->em->flush();
return $response;
} else {
return false;
}
}
/**
* @param User $user
* @param $password
*/
private function encodeUserPassword(User $user, $password)
{
$encoder = $this->encoderFactory->getEncoder($user);
$encPassword = $encoder->encodePassword($password, $user->getSalt());
$user->setPassword($encPassword);
}
/**
* Get object
*
* @return mixed
*/
public function get()
{
$encoders = [SecurityUser::class => ['class' => PlaintextPasswordEncoder::class, 'argument' => [false]], User::class => ['class' => MessageDigestPasswordEncoder::class, 'arguments' => ['sha1', 'true', '5000']]];
$factory = new EncoderFactory($encoders);
return $factory->getEncoder(new User());
}
public function setPlainPassword($plainPassword, \Symfony\Component\Security\Core\Encoder\EncoderFactory $encoderFactory = null)
{
$this->plainPassword = $plainPassword;
if ($encoderFactory) {
$encoder = $encoderFactory->getEncoder($this);
$password = $encoder->encodePassword($this->getPlainPassword(), $this->getSalt());
$this->setPassword($password);
}
return $this;
}
/**
* @param string $plainPassword
* @param EncoderFactory $encoderFactory
*
* @return UserEntity
*/
public function setPlainPassword($plainPassword, EncoderFactory $encoderFactory = null)
{
$this->plainPassword = $plainPassword;
if ($encoderFactory) {
$encoder = $encoderFactory->getEncoder($this);
$password = $encoder->encodePassword($this->getPlainPassword(), $this->getSalt());
$this->setPassword($password);
}
return $this;
}
/**
* Encodes the given password, for the given passwort, with he given salt and returns the result.
*
* @param UserInterface $user
* @param string $password
* @param string $salt
*
* @return string
*/
private function encodePassword(UserInterface $user, $password, $salt)
{
$encoder = $this->encoderFactory->getEncoder($user);
return $encoder->encodePassword($password, $salt);
}
/**
* Encode password
*
* @param User $user
* @param $plainPassword
* @return string
*/
private function encodePassword(User $user, $plainPassword)
{
$encoder = $this->encoderFactory->getEncoder($user);
return $encoder->encodePassword($plainPassword, $user->getSalt());
}
/**
* @param User $user
* @return \Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface
*/
public function getEncoder(User $user)
{
return $this->encoderFactory->getEncoder($user);
}
/**
* @param UserInterface $user
* @param string $plaintextPassword
*/
public function setUserPassword(UserInterface $user, $plaintextPassword)
{
$hash = $this->encoderFactory->getEncoder($user)->encodePassword($plaintextPassword, $user->getSalt());
return $hash;
}
/**
* Test a users password
*
* @param User $user
* @param string $password
* @return bool
*/
public function testLogin(User $user, $password)
{
$encoder = $this->encoder_factory->getEncoder($user);
return $encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt());
}
/**
* @param array $credentials
* @param UserInterface $user
*
* @return bool
*/
public function checkCredentials($credentials, UserInterface $user)
{
$plainPassword = $credentials['password'];
$encoder = $this->encoder->getEncoder($user);
$password = $encoder->encodePassword($plainPassword, $user->getSalt());
if ($password != $user->getPassword()) {
throw new BadCredentialsException();
}
return true;
}
