private static function set_csrf_token_if_not_set() { if (!isset($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = NeechySecurity::random_hex(40); } return $_SESSION['csrf_token']; }
public function testShouldSetSecureUserPassword() { $user = User::find_by_name('NeechyUser'); $password = '******'; $user->set_password($password); $this->assertTrue(NeechySecurity::verify_password($password, $user->field('password'))); }
public function testHashPassword() { $password = '******'; $stored_hash = NeechySecurity::hash_password($password); $verified = NeechySecurity::verify_password($password, $stored_hash); $this->assertTrue($verified); $unverified = NeechySecurity::verify_password("don't remember", $stored_hash); $this->assertFalse($unverified); }
public function authenticate_user_password() { $key = 'authenticate'; $message = 'Password is incorrect. Please try again.'; if (!NeechySecurity::verify_password($this->value, $this->user->field('password'))) { $this->add_error('authenticate', $message); return false; } else { return true; } }
public function serve() { try { NeechySecurity::start_session(); NeechySecurity::prevent_csrf(); $this->request = NeechyRequest::load(); $this->validate_environment(); $handler = $this->load_handler(); $response = $handler->handle(); } catch (NeechyError $e) { $handler = new ErrorHandler($this->request); $response = $handler->handle_error($e); } $response->send_headers(); $response->render(); }
private function authenticate_user_password() { $form_key = 'login-pass'; $value = $this->request->post($form_key, ''); # Rules if ($this->string_is_empty($value)) { $message = 'Enter your password'; $this->add_error($form_key, $message); throw new LoginException($message); } if (NeechySecurity::verify_password($value, $this->user->field('password'))) { return TRUE; } else { $this->add_error($form_key, self::FAILURE_MESSAGE); throw new LoginException(self::FAILURE_MESSAGE); } }
public static function create_on_install() { # Create System user $system_user_name = NEECHY_USER; $system_user_email = '*****@*****.**'; $system_user = new User(array('name' => $system_user_name, 'email' => $system_user_email, 'status' => self::$STATUS_LEVELS['NEW'])); $system_user->set_password(NeechySecurity::random_hex()); $system_user->save(); # Create Owner (user currently logged in) $app_engine_user = AppAuthService::user(); if ($app_engine_user) { $owner_name = $app_engine_user->getNickname(); $owner_email = $app_engine_user->getEmail(); $owner = new User(array('name' => $owner_name, 'email' => $owner_email, 'status' => self::$STATUS_LEVELS['NEW'])); $owner->set_password(NeechySecurity::random_hex()); $owner->save(); } else { $owner = null; } return array($system_user, $owner); }
protected function create_admin_user() { $this->print_header('Create Admin User'); $name_is_valid = false; $email_is_valid = false; # Choose name (5 tries) $strikes = 5; while (!$name_is_valid) { $validator = new SignUpValidator(); $name = $this->prompt_user('Please enter your new user name'); if (!$validator->validate_signup_user($name, 'name')) { $m = sprintf('invalid user name: %s', implode(', ', $validator->errors['name'])); $this->println($m); $strikes--; } else { $name_is_valid = true; } if ($strikes < 1) { $m = 'User name cannot be validated. Install failed. Please start over.'; throw new NeechyInstallError($m); } } # Input email $strikes = 5; while (!$email_is_valid) { $validator = new SignUpValidator(); $email = $this->prompt_user('Please enter your email'); if (!$validator->validate_signup_email($email, 'email')) { $m = sprintf('invalid email address: %s', implode(', ', $validator->errors['email'])); $this->println($m); $strikes--; } else { $email_is_valid = true; } if ($strikes < 1) { $m = 'Email cannot be validated. Install failed. Please start over.'; throw new NeechyInstallError($m); } } # Register user and create page $password = NeechySecurity::random_hex(); $this->register_admin_user($name, $email, $password); # Feedback $format = <<<STDOUT An admin has been created with your user name: %s Your random password is: %s Please login now and change your password. STDOUT; $this->println(sprintf($format, $name, $password)); }
private function reset_user_password($user, $password = null) { $password = !empty($password) ? $password : NeechySecurity::random_hex(); $user->set_password($password); $user->save(); return $password; }
public function set_password($password) { $this->set('password', NeechySecurity::hash_password($password)); }