public function updatePassword(UpdatePasswordCommand $command, $login = null) { $user = $this->getUserOrCurrentUser($login); $passwordIsValid = $this->passwordEncoder->isPasswordValid($user->getPassword(), $command->getOldPassword(), $user->getNonce()); if (!$passwordIsValid) { throw new AccountException('Invalid password provided'); } $this->userManipulator->setPassword($user, $command->getPassword()); }
/** * Attempt to authenticate the provided token using the provided user provider. * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param string $providerKey * @return UsernamePasswordToken * @throws BadCredentialsException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if ($user = $userProvider->loadUserByUsername($token->getUsername())) { $userPassword = $user->getPassword(); $tokenCredentials = $token->getCredentials(); if ($userPassword == $this->initPassword && $user instanceof MutableUserInterface && $userProvider instanceof MutableUserProviderInterface) { // set both salt & password $user->setSalt(substr(md5(rand(1, 10000)), 0, 5)); $user->setPassword($this->passwordEncoder->encodePassword($tokenCredentials, $user->getSalt())); // save the user $userProvider->saveUser($user); // return it return new UsernamePasswordToken($user, $user->getPassword(), $providerKey, $user->getRoles()); } else { if ($this->passwordEncoder->isPasswordValid($userPassword, $tokenCredentials, $user->getSalt())) { return new UsernamePasswordToken($user, $userPassword, $providerKey, $user->getRoles()); } } } throw new BadCredentialsException('The presented password is invalid.'); }
/** * Validates the password for wsse. * * @param UserInterface $user The provided user. * @param TokenInterface $token The created token. * * @return boolean * * @throws NonceExpiredException If the none is used again if the lifetime is expired. */ protected function validateDigest(UserInterface $user, TokenInterface $token) { $created = $token->getCreated(); $nonce = $token->getNonce(); // expired after the lifetime if (time() - strtotime($created) > $this->lifetime) { return false; } if ($this->filesystem->exists($this->cacheDir . '/' . $nonce) && file_get_contents($this->cacheDir . '/' . $nonce) + $this->lifetime > time()) { throw new NonceExpiredException('Previously used nonce detected'); } // if cache directory does not exist it will be created if ($this->filesystem->exists($this->cacheDir) === false) { $this->filesystem->mkdir($this->cacheDir, 0777); } $this->filesystem->dumpFile($this->cacheDir . '/' . $nonce, time()); $salt = base64_decode($nonce) . $created; if (!$this->encoder->isPasswordValid($token->getDigest(), $user->getPassword(), $salt)) { throw new BadCredentialsException('The presented password is invalid.'); } return true; }