/**
* It should detect already hashed passwords.
*
* @dataProvider providePreSaveAlreadyHashed
*/
public function testOnPreSavePasswordAlreadyHashed($hash)
{
$this->storageEvent->getContent()->willReturn($this->user->reveal());
$this->user->getPassword()->willReturn($hash);
$this->passwordFactory->createHash(Argument::cetera())->shouldNotBeCalled();
$this->user->setPassword($hash)->shouldBeCalled();
$this->listener->onUserEntityPreSave($this->storageEvent->reveal());
}
/**
* Hash user passwords on save.
*
* Hashstrength has a default of '10', don't allow less than '8'.
*
* @param Entity\Users $usersEntity
*/
protected function passwordHash(Entity\Users $usersEntity)
{
if ($usersEntity->getShadowSave()) {
return;
} elseif ($usersEntity->getPassword() && $usersEntity->getPassword() !== '**dontchange**') {
$hasher = new PasswordHash($this->hashStrength, true);
$usersEntity->setPassword($hasher->HashPassword($usersEntity->getPassword()));
} else {
unset($usersEntity->password);
}
}
/**
* Hash user passwords on save.
*
* @param Entity\Users $usersEntity
*/
protected function passwordHash(Entity\Users $usersEntity)
{
if ($usersEntity->getShadowSave()) {
return;
} elseif ($usersEntity->getPassword() && $usersEntity->getPassword() !== '**dontchange**') {
$crypt = new PasswordLib();
$usersEntity->setPassword($crypt->createPasswordHash($usersEntity->getPassword(), '$2a$', ['cost' => $this->hashStrength]));
} else {
unset($usersEntity->password);
}
}
/**
* Add error messages to logs and update the user.
*
* @param Entity\Users $userEntity
*
* @return false
*/
protected function loginFailed(Entity\Users $userEntity)
{
$this->flashLogger->error(Trans::__('general.phrase.error-user-name-password-incorrect'));
$this->systemLogger->info("Failed login attempt for '" . $userEntity->getDisplayname() . "'.", ['event' => 'authentication']);
// Update the failed login attempts, and perhaps throttle the logins.
$userEntity->setFailedlogins($userEntity->getFailedlogins() + 1);
$userEntity->setThrottleduntil($this->throttleUntil($userEntity->getFailedlogins() + 1));
$userEntity->setPassword(null);
$this->getRepositoryUsers()->save($userEntity);
return false;
}
/**
* Null sensitive data that doesn't need to be passed around.
*
* @param Entity\Users $entity
*/
protected function unsetSensitiveFields(Entity\Users $entity)
{
$entity->setPassword(null);
$entity->setShadowpassword(null);
$entity->setShadowtoken(null);
$entity->setShadowvalidity(null);
}
/**
* Hash user passwords on save.
*
* @param Entity\Users $usersEntity
*/
protected function passwordHash(Entity\Users $usersEntity)
{
if ($usersEntity->getPassword() !== null) {
$usersEntity->setPassword($this->getValidHash($usersEntity->getPassword()));
}
}
/**
* Add error messages to logs and update the user.
*
* @param Entity\Users $userEntity
*
* @return false
*/
protected function loginFailed(Entity\Users $userEntity)
{
$this->flashLogger->error(Trans::__('Username or password not correct. Please check your input.'));
$this->systemLogger->info("Failed login attempt for '" . $userEntity->getDisplayname() . "'.", ['event' => 'authentication']);
// Update the failed login attempts, and perhaps throttle the logins.
$userEntity->setFailedlogins($userEntity->getFailedlogins() + 1);
$userEntity->setThrottleduntil($this->throttleUntil($userEntity->getFailedlogins() + 1));
$userEntity->setPassword(null);
$this->repositoryUsers->save($userEntity);
return false;
}
