private function authenticateWithPassword($login, $passwordHash) { $user = $this->userModel->getUser($login); if (empty($user['login'])) { return new AuthResult(AuthResult::FAILURE, $login, null); } if ($this->passwordHelper->verify($passwordHash, $user['password'])) { if ($this->passwordHelper->needsRehash($user['password'])) { $newPasswordHash = $this->passwordHelper->hash($passwordHash); $this->userModel->updateUser($login, $newPasswordHash, $user['email'], $user['alias'], $user['token_auth']); } return $this->authenticationSuccess($user); } return new AuthResult(AuthResult::FAILURE, $login, null); }
/** * Updates a user in the database. * Only login and password are required (case when we update the password). * When the password changes, the key token for this user will change, which could break * its API calls. * * @see addUser() for all the parameters */ public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false) { Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin); $this->checkUserIsNotAnonymous($userLogin); $userInfo = $this->getUser($userLogin); if (empty($password)) { $password = $userInfo['password']; } else { $password = Common::unsanitizeInputValue($password); if (!$_isPasswordHashed) { UsersManager::checkPassword($password); $password = UsersManager::getPasswordHash($password); } } if (empty($alias)) { $alias = $userInfo['alias']; } if (empty($email)) { $email = $userInfo['email']; } if ($email != $userInfo['email']) { $this->checkEmail($email); } $alias = $this->getCleanAlias($alias, $userLogin); $token_auth = $this->getTokenAuth($userLogin, $password); $this->model->updateUser($userLogin, $password, $email, $alias, $token_auth); Cache::deleteTrackerCache(); /** * Triggered after an existing user has been updated. * * @param string $userLogin The user's login handle. */ Piwik::postEvent('UsersManager.updateUser.end', array($userLogin)); }
/** * Updates a user in the database. * Only login and password are required (case when we update the password). * * If the password changes and the user has an old token_auth (legacy MD5 format) associated, * the token will be regenerated. This could break a user's API calls. * * @see addUser() for all the parameters */ public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false) { Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin); $this->checkUserIsNotAnonymous($userLogin); $this->checkUserExists($userLogin); $userInfo = $this->model->getUser($userLogin); $token_auth = $userInfo['token_auth']; $passwordHasBeenUpdated = false; if (empty($password)) { $password = $userInfo['password']; } else { $password = Common::unsanitizeInputValue($password); if (!$_isPasswordHashed) { UsersManager::checkPassword($password); $password = UsersManager::getPasswordHash($password); } $passwordInfo = $this->password->info($password); if (!isset($passwordInfo['algo']) || 0 >= $passwordInfo['algo']) { // password may have already been fully hashed $password = $this->password->hash($password); } $passwordHasBeenUpdated = true; } if (empty($alias)) { $alias = $userInfo['alias']; } if (empty($email)) { $email = $userInfo['email']; } if ($email != $userInfo['email']) { $this->checkEmail($email); } $alias = $this->getCleanAlias($alias, $userLogin); $this->model->updateUser($userLogin, $password, $email, $alias, $token_auth); Cache::deleteTrackerCache(); /** * Triggered after an existing user has been updated. * Event notify about password change. * * @param string $userLogin The user's login handle. * @param boolean $passwordHasBeenUpdated Flag containing information about password change. */ Piwik::postEvent('UsersManager.updateUser.end', array($userLogin, $passwordHasBeenUpdated, $email, $password, $alias)); }