/** * It should detect already hashed passwords. * * @dataProvider providePreSaveAlreadyHashed */ public function testOnPreSavePasswordAlreadyHashed($hash) { $this->storageEvent->getContent()->willReturn($this->user->reveal()); $this->user->getPassword()->willReturn($hash); $this->passwordFactory->createHash(Argument::cetera())->shouldNotBeCalled(); $this->user->setPassword($hash)->shouldBeCalled(); $this->listener->onUserEntityPreSave($this->storageEvent->reveal()); }
/** * Return a valid hash for a password, of if the password is already hashed * just return as is. * * @param string $password * * @throws AccessControlException * * @return string */ private function getValidHash($password) { if (Password\Blowfish::detect($password)) { return $password; } if (Password\PHPASS::detect($password)) { return $password; } if (strlen($password) < 6) { throw new AccessControlException('Can not save a password with a length shorter than 6 characters!'); } return $this->passwordFactory->createHash($password, '$2y$'); }
/** * Check a user login request for username/password combinations. * * @param string $userName * @param string $password * @param AccessControlEvent $event * * @return bool */ protected function loginCheckPassword($userName, $password, AccessControlEvent $event) { if (!($userEntity = $this->getUserEntity($userName))) { $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID)); return false; } $userAuth = $this->getRepositoryUsers()->getUserAuthData($userEntity->getId()); if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') { $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled')); $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } if ((bool) $userEntity->getEnabled() === false) { $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled')); $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } $isValid = $this->passwordFactory->verifyHash($password, $userAuth->getPassword()); if (!$isValid) { $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD)); return $this->loginFailed($userEntity); } // Rehash password if not using Blowfish algorithm if (!Blowfish::detect($userAuth->getPassword())) { $userEntity->setPassword($this->passwordFactory->createHash($password, '$2y$')); try { $this->getRepositoryUsers()->update($userEntity); } catch (NotNullConstraintViolationException $e) { // Database needs updating } } $this->dispatcher->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched()); return $this->loginFinish($userEntity); }
public function testVerifySHA512() { $factory = new Factory(); $this->assertTrue($factory->verifyHash('foo', hash('sha512', 'foo'))); }
/** * Verify a password against a supplied password hash * * @param string $password The supplied password to attempt to verify * @param string $hash The valid hash to verify against * * @throws \DomainException If the hash is invalid or impossible to verify * @return boolean Is the password valid */ public function verifyPasswordHash($password, $hash) { $factory = new PasswordFactory(); return $factory->verifyHash($password, $hash); }