/** * Generate vault payment public hash * * @param PaymentTokenInterface $paymentToken * @return string */ protected function generatePublicHash(PaymentTokenInterface $paymentToken) { $hashKey = $paymentToken->getGatewayToken(); if ($paymentToken->getCustomerId()) { $hashKey = $paymentToken->getCustomerId(); } $hashKey .= $paymentToken->getPaymentMethodCode() . $paymentToken->getType() . $paymentToken->getTokenDetails(); return $this->encryptor->getHash($hashKey); }
/** * Upgrade customer password hash when customer has logged in * * @param \Magento\Framework\Event\Observer $observer * @return void */ public function execute(\Magento\Framework\Event\Observer $observer) { $password = $observer->getEvent()->getData('password'); /** @var \Magento\Customer\Model\Customer $model */ $model = $observer->getEvent()->getData('model'); $customer = $this->customerRepository->getById($model->getId()); $customerSecure = $this->customerRegistry->retrieveSecureData($model->getId()); if (!$this->encryptor->validateHashVersion($customerSecure->getPasswordHash(), true)) { $customerSecure->setPasswordHash($this->encryptor->getHash($password, true)); $this->customerRepository->save($customer); } }
/** * Save current admin password to prevent its usage when changed in the future. * * @param EventObserver $observer * @return void */ public function execute(EventObserver $observer) { /* @var $user \Magento\User\Model\User */ $user = $observer->getEvent()->getObject(); if ($user->getId()) { $password = $user->getCurrentPassword(); $passwordLifetime = $this->observerConfig->getAdminPasswordLifetime(); if ($passwordLifetime && $password && !$user->getForceNewPassword()) { $passwordHash = $this->encryptor->getHash($password, false); $this->userResource->trackPassword($user, $passwordHash, $passwordLifetime); $this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired'); $this->authSession->unsPciAdminUserIsPasswordExpired(); } } }
/** * Generate secret key for controller and action based on form key * * @param string $routeName * @param string $controller Controller name * @param string $action Action name * @return string */ public function getSecretKey($routeName = null, $controller = null, $action = null) { $salt = $this->formKey->getFormKey(); $request = $this->_getRequest(); if (!$routeName) { if ($request->getBeforeForwardInfo('route_name') !== null) { $routeName = $request->getBeforeForwardInfo('route_name'); } else { $routeName = $request->getRouteName(); } } if (!$controller) { if ($request->getBeforeForwardInfo('controller_name') !== null) { $controller = $request->getBeforeForwardInfo('controller_name'); } else { $controller = $request->getControllerName(); } } if (!$action) { if ($request->getBeforeForwardInfo('action_name') !== null) { $action = $request->getBeforeForwardInfo('action_name'); } else { $action = $request->getActionName(); } } $secret = $routeName . $controller . $action . $salt; return $this->_encryptor->getHash($secret); }
/** * Harden admin password change. * * New password must be minimum 7 chars length and include alphanumeric characters * The password is compared to at least last 4 previous passwords to prevent setting them again * * @param EventObserver $observer * @return void * @throws \Magento\Framework\Exception\LocalizedException */ public function execute(EventObserver $observer) { /* @var $user \Magento\User\Model\User */ $user = $observer->getEvent()->getObject(); if ($user->getNewPassword()) { $password = $user->getNewPassword(); } else { $password = $user->getPassword(); } if ($password && !$user->getForceNewPassword() && $user->getId()) { if ($this->encryptor->isValidHash($password, $user->getOrigData('password'))) { throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.')); } // check whether password was used before $passwordHash = $this->encryptor->getHash($password, false); foreach ($this->userResource->getOldPasswords($user) as $oldPasswordHash) { if ($passwordHash === $oldPasswordHash) { throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.')); } } } }
/** * @param PaymentTokenInterface $token * @param OrderPaymentInterface $payment * @return bool */ public function saveTokenWithPaymentLink(PaymentTokenInterface $token, OrderPaymentInterface $payment) { $tokenDuplicate = $this->getByPublicHash($token->getPublicHash(), $token->getCustomerId()); if (!empty($tokenDuplicate)) { if ($token->getIsVisible()) { $token->setEntityId($tokenDuplicate->getEntityId()); } else { $token->setPublicHash($this->encryptor->getHash($token->getPublicHash() . $token->getCreatedAt())); } } $this->paymentTokenRepository->save($token); $result = $this->addLinkToOrderPayment($token->getEntityId(), $payment->getEntityId()); return $result; }
/** * Retrieve encoded password * * @param string $password * @return string */ protected function _getEncodedPassword($password) { return $this->_encryptor->getHash($password, true); }
/** * Return hashed password, which can be directly saved to database. * * @param string $password * @return string */ public function getPasswordHash($password) { return $this->encryptor->getHash($password); }
/** * Generate password string * * @return string */ protected function generatePassword() { return $this->encryptor->getHash($this->data[self::KEY_PASSWORD], true); }
/** * Hash customer password * * @param string $password * @param bool|int|string $salt * @return string */ public function hashPassword($password, $salt = true) { return $this->_encryptor->getHash($password, $salt); }