/** * Harden admin password change. * * New password must be minimum 7 chars length and include alphanumeric characters * The password is compared to at least last 4 previous passwords to prevent setting them again * * @param EventObserver $observer * @return void * @throws \Magento\Framework\Exception\LocalizedException */ public function execute(EventObserver $observer) { /* @var $user \Magento\User\Model\User */ $user = $observer->getEvent()->getObject(); if ($user->getNewPassword()) { $password = $user->getNewPassword(); } else { $password = $user->getPassword(); } if ($password && !$user->getForceNewPassword() && $user->getId()) { if ($this->encryptor->isValidHash($password, $user->getOrigData('password'))) { throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.')); } // check whether password was used before $passwordHash = $this->encryptor->getHash($password, false); foreach ($this->userResource->getOldPasswords($user) as $oldPasswordHash) { if ($passwordHash === $oldPasswordHash) { throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.')); } } } }
/** * Make sure admin password was changed. * * New password is compared to at least 4 previous passwords to prevent setting them again * * @return bool|string[] */ protected function validatePasswordChange() { $password = $this->getPassword(); if ($password && !$this->getForceNewPassword() && $this->getId()) { $errorMessage = __('Sorry, but this password has already been used. Please create another.'); // Check if password is equal to the current one if ($this->_encryptor->isValidHash($password, $this->getOrigData('password'))) { return [$errorMessage]; } // Check whether password was used before $passwordHash = $this->_encryptor->getHash($password, false); foreach ($this->getResource()->getOldPasswords($this) as $oldPasswordHash) { if ($passwordHash === $oldPasswordHash) { return [$errorMessage]; } } } return true; }