public function testPasswordIsNotValid()
{
$constraint = new UserPassword(array('message' => 'myMessage'));
$this->encoder->expects($this->once())->method('isPasswordValid')->with(static::PASSWORD, 'secret', static::SALT)->will($this->returnValue(false));
$this->validator->validate('secret', $constraint);
$this->assertViolation('myMessage');
}
public function generatePassword(PasswordEncoderInterface $encoder, HasPassword $object)
{
$salt = '';
if (true === $object instanceof HasSalt || true === $object instanceof UserInterface) {
$salt = $object->getSalt();
}
return $encoder->encodePassword($object->getPlainPassword(), $salt);
}
/**
* @param PasswordEncoderInterface $encoder
*/
public function encodePassword(PasswordEncoderInterface $encoder)
{
if ($this->rawPassword) {
$this->salt = sha1(uniqid(mt_rand()));
$this->password = $encoder->encodePassword($this->rawPassword, $this->salt);
$this->eraseCredentials();
}
}
/**
* Checks for a new password and rehashes if necessary
*
* @param User $entity
* @param PasswordEncoderInterface $encoder
* @param string $submittedPassword
*
* @return string
*/
public function checkNewPassword(User $entity, PasswordEncoderInterface $encoder, $submittedPassword)
{
if (!empty($submittedPassword)) {
//hash the clear password submitted via the form
return $encoder->encodePassword($submittedPassword, $entity->getSalt());
}
return $entity->getPassword();
}
/**
* {@inheritDoc}
*
* @return void
*/
public function run(EntityInterface $user)
{
$user->setActivationKey(base64_encode($this->secureRandom->nextBytes(24)));
$user->setPassword($this->passwordEncoder->encodePassword($user->getPassword(), User::SALT));
$user->setRegistrationDate(new \DateTime());
$this->entityManager->getRepository(User::class)->add($user);
$this->entityManager->flush();
}
public function updatePassword(UpdatePasswordCommand $command, $login = null)
{
$user = $this->getUserOrCurrentUser($login);
$passwordIsValid = $this->passwordEncoder->isPasswordValid($user->getPassword(), $command->getOldPassword(), $user->getNonce());
if (!$passwordIsValid) {
throw new AccountException('Invalid password provided');
}
$this->userManipulator->setPassword($user, $command->getPassword());
}
/**
* @inheritdoc
*/
public function setPassword($raw, PasswordEncoderInterface $encoder = null)
{
$this->salt = md5(uniqid() . microtime());
if (null === $encoder) {
$this->password = $raw;
return;
}
$this->password = $encoder->encodePassword($raw, $this->salt);
}
public function it_does_nothing_if_plain_password_is_empty($encoderFactory, PasswordEncoderInterface $encoder, UserInterface $user)
{
$user->getPlainPassword()->willReturn('');
$user->getSalt()->willReturn('typicalSalt');
$encoderFactory->getEncoder($user)->shouldNotBeCalled();
$encoder->encodePassword('', 'typicalSalt')->shouldNotBeCalled();
$user->setPassword(Argument::any())->shouldNotBeCalled();
$user->eraseCredentials()->shouldNotBeCalled();
$this->updatePassword($user);
}
/**
* Attempt to authenticate the provided token using the provided user provider.
* @param TokenInterface $token
* @param UserProviderInterface $userProvider
* @param string $providerKey
* @return UsernamePasswordToken
* @throws BadCredentialsException
*/
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
if ($user = $userProvider->loadUserByUsername($token->getUsername())) {
$userPassword = $user->getPassword();
$tokenCredentials = $token->getCredentials();
if ($userPassword == $this->initPassword && $user instanceof MutableUserInterface && $userProvider instanceof MutableUserProviderInterface) {
// set both salt & password
$user->setSalt(substr(md5(rand(1, 10000)), 0, 5));
$user->setPassword($this->passwordEncoder->encodePassword($tokenCredentials, $user->getSalt()));
// save the user
$userProvider->saveUser($user);
// return it
return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles());
} else {
if ($this->passwordEncoder->isPasswordValid($userPassword, $tokenCredentials, $user->getSalt())) {
return new UsernamePasswordToken($user, $userPassword, $providerKey, $user->getRoles());
}
}
}
throw new BadCredentialsException('The presented password is invalid.');
}
/**
* Validates the password for wsse.
*
* @param UserInterface $user The provided user.
* @param TokenInterface $token The created token.
*
* @return boolean
*
* @throws NonceExpiredException If the none is used again if the lifetime is expired.
*/
protected function validateDigest(UserInterface $user, TokenInterface $token)
{
$created = $token->getCreated();
$nonce = $token->getNonce();
// expired after the lifetime
if (time() - strtotime($created) > $this->lifetime) {
return false;
}
if ($this->filesystem->exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + $this->lifetime > time()) {
throw new NonceExpiredException('Previously used nonce detected');
}
// if cache directory does not exist it will be created
if ($this->filesystem->exists($this->cacheDir) === false) {
$this->filesystem->mkdir($this->cacheDir, 0777);
}
$this->filesystem->dumpFile($this->cacheDir . '/' . $nonce, time());
$salt = base64_decode($nonce) . $created;
if (!$this->encoder->isPasswordValid($token->getDigest(), $user->getPassword(), $salt)) {
throw new BadCredentialsException('The presented password is invalid.');
}
return true;
}
public function processChangedPassword(PasswordEncoderInterface $encoder)
{
$this->generateSalt();
$this->outputEncodedPassword = $encoder->encodePassword($this->password, $this->outputSalt);
}
/**
* Encode a password
*
* @param string $password Password
* @param string $salt salt
*
* @return string password encrypted
*/
public function encryptPassword($password, $salt = null)
{
return $this->passwordEncoder->encodePassword($password, $salt);
}
protected function getEncodedPassword(UserInterface $user, $password)
{
return !$this->encoder instanceof PasswordEncoderInterface ? $this->encoder->encodePassword($user, $password, $user->getSalt()) : $this->encoder->getEncoder($user)->encodePassword($password, $user->getSalt());
}
public function encodePassword(PasswordEncoderInterface $encoder)
{
$this->password = $encoder->encodePassword($this->password, $this->salt);
}
/**
* Sets the password for a user.
*
* @param user $user
* @param string $password
*/
private function doSetPassword(User $user, $password)
{
$user->setNonce(base_convert(sha1(uniqid(mt_rand(), true)), 16, 36));
$user->setPassword($this->passwordEncoder->encodePassword($password, $user->getNonce()));
$user->setSaltedPassword(true);
}
public function createNewAccount(PasswordEncoderInterface $encoder, ObjectManager $em, $email, $password, array $data = array())
{
// set default values
foreach ($data as $field => $val) {
$method = 'set' . ucfirst($field);
if (method_exists($this, $method)) {
$this->{$method}($val);
}
}
$password = $encoder->encodePassword($password, $this->getSalt());
$this->setPassword($password);
$this->setEmail($email);
$this->setCreateAt(new \DateTime());
$this->setLastActivity(new \DateTime());
$this->setUpdateAt(new \DateTime());
$this->setIsActive(true);
$em->persist($this);
$em->flush();
}
/**
* @param PasswordEncoderInterface $passwordencoder
*/
public function updatePassword(PasswordEncoderInterface $passwordencoder)
{
$this->password = $passwordencoder->encodePassword($this->plainPassword, $this->getSalt());
}
public function encodePlainPassword(PasswordEncoderInterface $encoder)
{
$this->salt = $this->generateRandomSalt();
$password = $encoder->encodePassword($this->plainPassword, $this->salt);
$this->setPassword($password);
}
/**
* Sets the password for a user.
*
* @param user $user
* @param string $password
*/
private function doSetPassword(User $user, $password)
{
$user->setNonce($this->generator->generateString(64));
$user->setPassword($this->passwordEncoder->encodePassword($password, $user->getNonce()));
$user->setSaltedPassword(true);
}
