Exemple #1
0
 public function testVerifyPasswordHash()
 {
     $password = '******';
     $prefix = Blowfish::getPrefix();
     $crypt = new PasswordLib();
     $test = $crypt->createPasswordHash($password, $prefix);
     $this->assertTrue($crypt->verifyPasswordHash($password, $test));
 }
Exemple #2
0
 /**
  * @param string $password
  *
  * @return string|null
  */
 protected function getHashedPassword($password)
 {
     if ($password === null || Blowfish::detect($password)) {
         return $password;
     }
     $password = password_hash($password, PASSWORD_BCRYPT);
     if ($password === false) {
         throw new \RuntimeException('Unable to hash password.');
     }
     return $password;
 }
Exemple #3
0
 public static function provideTestCreate()
 {
     return array(array(Blowfish::getPrefix(), 60), array('$apr1$', 37), array('$S$', 98), array('$P$', 34), array('$H$', 34), array('$pbkdf$', 74));
 }
Exemple #4
0
 /**
  * Check a user login request for username/password combinations.
  *
  * @param string             $userName
  * @param string             $password
  * @param AccessControlEvent $event
  *
  * @return bool
  */
 protected function loginCheckPassword($userName, $password, AccessControlEvent $event)
 {
     if (!($userEntity = $this->getUserEntity($userName))) {
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
         return false;
     }
     $userAuth = $this->getRepositoryUsers()->getUserAuthData($userEntity->getId());
     if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') {
         $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled'));
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     if ((bool) $userEntity->getEnabled() === false) {
         $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled'));
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     $isValid = $this->passwordFactory->verifyHash($password, $userAuth->getPassword());
     if (!$isValid) {
         $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD));
         return $this->loginFailed($userEntity);
     }
     // Rehash password if not using Blowfish algorithm
     if (!Blowfish::detect($userAuth->getPassword())) {
         $userEntity->setPassword($this->passwordFactory->createHash($password, '$2y$'));
         try {
             $this->getRepositoryUsers()->update($userEntity);
         } catch (NotNullConstraintViolationException $e) {
             // Database needs updating
         }
     }
     $this->dispatcher->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched());
     return $this->loginFinish($userEntity);
 }
Exemple #5
0
 public function providePreSaveAlreadyHashed()
 {
     return [[Blowfish::getPrefix() . '07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi'], ['$P$ABCDEFGHIJKLMNOPQRSTUVWXYZ01234']];
 }
Exemple #6
0
 /**
  * @covers PasswordLib\Password\Implementation\Blowfish
  */
 public function testCreateAndVerify()
 {
     $hash = new Blowfish(array('cost' => 10));
     $test = $hash->create('Foobar');
     $this->assertTrue($hash->verify('Foobar', $test));
 }
Exemple #7
0
 /**
  * Return a valid hash for a password, of if the password is already hashed
  * just return as is.
  *
  * @param string $password
  *
  * @throws AccessControlException
  *
  * @return string
  */
 private function getValidHash($password)
 {
     if (Password\Blowfish::detect($password)) {
         return $password;
     }
     if (Password\PHPASS::detect($password)) {
         return $password;
     }
     if (strlen($password) < 6) {
         throw new AccessControlException('Can not save a password with a length shorter than 6 characters!');
     }
     return $this->passwordFactory->createHash($password, '$2y$');
 }
Exemple #8
0
 /**
  * @covers PasswordLib\Password\Implementation\Blowfish::verify
  * @dataProvider provideTestVerify
  * @group Vectors
  */
 public function testVerify($pass, $expect, $value)
 {
     $apr = new Blowfish();
     $this->assertEquals($value, $apr->verify($pass, $expect));
 }
Exemple #9
0
 /**
  * Check to see if a provided password is valid.
  *
  * @param Entity\Oauth $oauth
  * @param string       $requestPassword
  *
  * @return bool
  */
 protected function isValidPassword(Entity\Oauth $oauth, $requestPassword)
 {
     if (!Blowfish::detect($oauth->getPassword())) {
         return false;
     }
     // We have a Blowfish hash, verify
     return password_verify($requestPassword, $oauth->getPassword());
 }
Exemple #10
0
 /**
  * Check a user login request for username/password combinations.
  *
  * @param string             $userName
  * @param string             $password
  * @param AccessControlEvent $event
  *
  * @return bool
  */
 protected function loginCheckPassword($userName, $password, AccessControlEvent $event)
 {
     if (!($userEntity = $this->getUserEntity($userName))) {
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
         return false;
     }
     $userAuth = $this->repositoryUsers->getUserAuthData($userEntity->getId());
     if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') {
         $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('Your account is disabled. Sorry about that.'));
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     if ((bool) $userEntity->getEnabled() === false) {
         $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']);
         $this->flashLogger->error(Trans::__('Your account is disabled. Sorry about that.'));
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
         return $this->loginFailed($userEntity);
     }
     $isValid = $this->app['password_factory']->verifyHash($password, $userAuth->getPassword());
     if (!$isValid) {
         $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD));
         return $this->loginFailed($userEntity);
     }
     // Rehash password if not using Blowfish algorithm
     if (!Blowfish::detect($userAuth->getPassword())) {
         $userEntity->setPassword($this->app['password_factory']->createHash($password, '$2y$'));
         $this->repositoryUsers->update($userEntity);
     }
     $this->app['dispatcher']->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched());
     return $this->loginFinish($userEntity);
 }