/** * Check a user login request for username/password combinations. * * @param string $userName * @param string $password * @param AccessControlEvent $event * * @return bool */ protected function loginCheckPassword($userName, $password, AccessControlEvent $event) { if (!($userEntity = $this->getUserEntity($userName))) { $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID)); return false; } $userAuth = $this->getRepositoryUsers()->getUserAuthData($userEntity->getId()); if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') { $this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled')); $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } if ((bool) $userEntity->getEnabled() === false) { $this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']); $this->flashLogger->error(Trans::__('general.phrase.login-account-disabled')); $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED)); return $this->loginFailed($userEntity); } $isValid = $this->passwordFactory->verifyHash($password, $userAuth->getPassword()); if (!$isValid) { $this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD)); return $this->loginFailed($userEntity); } // Rehash password if not using Blowfish algorithm if (!Blowfish::detect($userAuth->getPassword())) { $userEntity->setPassword($this->passwordFactory->createHash($password, '$2y$')); try { $this->getRepositoryUsers()->update($userEntity); } catch (NotNullConstraintViolationException $e) { // Database needs updating } } $this->dispatcher->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched()); return $this->loginFinish($userEntity); }
public function testVerifySHA512() { $factory = new Factory(); $this->assertTrue($factory->verifyHash('foo', hash('sha512', 'foo'))); }
/** * Verify a password against a supplied password hash * * @param string $password The supplied password to attempt to verify * @param string $hash The valid hash to verify against * * @throws \DomainException If the hash is invalid or impossible to verify * @return boolean Is the password valid */ public function verifyPasswordHash($password, $hash) { $factory = new PasswordFactory(); return $factory->verifyHash($password, $hash); }