/**
* {@inheritdoc}
*/
public function authenticate($username, $password)
{
try {
switch ($this->advancedLoginConfigProvider->getLoginMode()) {
case LoginMode::LOGIN_TYPE_ONLY_ATTRIBUTE:
$customer = $this->loginViaCustomerAttributeOnly($username);
break;
case LoginMode::LOGIN_TYPE_BOTH:
$customer = $this->loginViaCustomerAttributeOrEmail($username);
break;
default:
$customer = $this->loginViaEmailOnly($username);
break;
}
} catch (NoSuchEntityException $e) {
throw new InvalidEmailOrPasswordException(__('Invalid login or password.'));
}
$this->checkPasswordStrength($password);
$hash = $this->customerRegistry->retrieveSecureData($customer->getId())->getPasswordHash();
if (!$this->encryptor->validateHash($password, $hash)) {
throw new InvalidEmailOrPasswordException(__('Invalid login or password.'));
}
if ($customer->getConfirmation() && $this->isConfirmationRequired($customer)) {
throw new EmailNotConfirmedException(__('This account is not confirmed.'));
}
$customerModel = $this->customerFactory->create()->updateData($customer);
$this->eventManager->dispatch('customer_customer_authenticated', ['model' => $customerModel, 'password' => $password]);
$this->eventManager->dispatch('customer_data_object_login', ['customer' => $customer]);
return $customer;
}
/**
* Validate that password is correct and customer is not locked
*
* @param \Magento\Customer\Api\Data\CustomerInterface $customer
* @param string $password
* @return $this
* @throws InvalidEmailOrPasswordException
*/
public function validatePasswordAndLockStatus(\Magento\Customer\Api\Data\CustomerInterface $customer, $password)
{
$customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
$hash = $customerSecure->getPasswordHash();
if (!$this->encryptor->validateHash($password, $hash)) {
$this->_eventManager->dispatch('customer_password_invalid', ['username' => $customer->getEmail(), 'password' => $password]);
$this->checkIfLocked($customer);
throw new InvalidEmailOrPasswordException(__('The password doesn\'t match this account.'));
}
return $this;
}
/**
* {@inheritdoc}
*/
public function authenticate($customerId, $password)
{
$customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
$hash = $customerSecure->getPasswordHash();
if (!$this->encryptor->validateHash($password, $hash)) {
$this->processAuthenticationFailure($customerId);
if ($this->isLocked($customerId)) {
throw new UserLockedException(__('The account is locked.'));
}
throw new InvalidEmailOrPasswordException(__('Invalid login or password.'));
}
return true;
}
/**
* Ensure that provided password matches the current user password. Check if the current user account is active.
*
* @param string $password
* @return bool
* @throws \Magento\Framework\Exception\AuthenticationException
*/
public function verifyIdentity($password)
{
$result = false;
if ($this->_encryptor->validateHash($password, $this->getPassword())) {
if ($this->getIsActive() != '1') {
throw new AuthenticationException(__('This account is inactive.'));
}
if (!$this->hasAssigned2Role($this->getId())) {
throw new AuthenticationException(__('You need more permissions to access this.'));
}
$result = true;
}
return $result;
}
/**
* Change customer password.
*
* @param CustomerModel $customer
* @param string $currentPassword
* @param string $newPassword
* @return bool true on success
* @throws InputException
* @throws InvalidEmailOrPasswordException
*/
private function changePasswordForCustomer($customer, $currentPassword, $newPassword)
{
$customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
$hash = $customerSecure->getPasswordHash();
if (!$this->encryptor->validateHash($currentPassword, $hash)) {
throw new InvalidEmailOrPasswordException(__('The password doesn\'t match this account.'));
}
$customerSecure->setRpToken(null);
$customerSecure->setRpTokenCreatedAt(null);
$this->checkPasswordStrength($newPassword);
$customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
$this->customerRepository->save($customer);
// FIXME: Are we using the proper template here?
try {
$this->sendPasswordResetNotificationEmail($customer);
} catch (MailException $e) {
$this->logger->critical($e);
}
return true;
}
/**
* Validate user password
*
* @param string $password
* @return bool
*/
public function validateUserPassword($password)
{
$userPasswordHash = $this->_backendAuthSession->getUser()->getPassword();
return $this->_encryptor->validateHash($password, $userPasswordHash);
}
/**
* Authenticate user name and password and save loaded record
*
* @param string $username
* @param string $password
* @return bool
* @throws \Magento\Framework\Model\Exception
* @throws \Magento\Backend\Model\Auth\Exception
* @throws \Magento\Backend\Model\Auth\Plugin\Exception
*/
public function authenticate($username, $password)
{
$config = $this->_config->isSetFlag('admin/security/use_case_sensitive_login');
$result = false;
try {
$this->_eventManager->dispatch('admin_user_authenticate_before', array('username' => $username, 'user' => $this));
$this->loadByUsername($username);
$sensitive = $config ? $username == $this->getUsername() : true;
if ($sensitive && $this->getId() && $this->_encryptor->validateHash($password, $this->getPassword())) {
if ($this->getIsActive() != '1') {
throw new \Magento\Backend\Model\Auth\Exception(__('This account is inactive.'));
}
if (!$this->hasAssigned2Role($this->getId())) {
throw new \Magento\Backend\Model\Auth\Exception(__('Access denied.'));
}
$result = true;
}
$this->_eventManager->dispatch('admin_user_authenticate_after', array('username' => $username, 'password' => $password, 'user' => $this, 'result' => $result));
} catch (\Magento\Framework\Model\Exception $e) {
$this->unsetData();
throw $e;
}
if (!$result) {
$this->unsetData();
}
return $result;
}
/**
* Validate password with salted hash
*
* @param string $password
* @return boolean
*/
public function validatePassword($password)
{
$hash = $this->getPasswordHash();
if (!$hash) {
return false;
}
return $this->_encryptor->validateHash($password, $hash);
}