public function getEncryptedPasswordAndRemoveNonencryptedVersion()
{
if (!$this->arePasswordsEqual()) {
throw new Exception('Passwords are not equal; so it is not allowed to call getEncryptedPassword().', 1464087097);
}
$encrypted = $this->hashService->hashPassword($this->password);
$this->password = null;
$this->passwordConfirmation = null;
return $encrypted;
}
/**
* Creates a new account and sets the given password and roles
*
* @param string $identifier Identifier of the account, must be unique
* @param string $password The clear text password
* @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account
* @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with
* @param string $passwordHashingStrategy Optional password hashing strategy to use for the password
* @return \TYPO3\Flow\Security\Account A new account, not yet added to the account repository
*/
public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default')
{
$account = new \TYPO3\Flow\Security\Account();
$account->setAccountIdentifier($identifier);
$account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy));
$account->setAuthenticationProviderName($authenticationProviderName);
$roles = array();
foreach ($roleIdentifiers as $roleIdentifier) {
$roles[] = $this->policyService->getRole($roleIdentifier);
}
$account->setRoles($roles);
return $account;
}
/**
* @param string $emailAddress
* @param string $requirement
*
* @throws \Exception
*
* @return string
*/
public function resetPasswordAction($emailAddress, $requirement = '')
{
if ($requirement !== '') {
throw new \Exception('Bot detection', 12393182738);
}
$locale = new Locale('nl');
$account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($emailAddress, 'DefaultProvider');
if ($account instanceof Account) {
try {
/** @var Person $profile */
$profile = $this->profileService->getProfileNodeOfAccount($account);
$password = $this->randomPassword();
$hashedPassword = $this->hashService->hashPassword($password, 'default');
$this->mailerService->sendEmail(array('email' => $emailAddress, 'name' => $profile->getDisplayName()), 'Nieuw wachtwoord', 'Packages/Application/BuJitsuDo.Authentication/Resources/Private/Templates/Email/PasswordReset.html', array('password' => $password, 'profile' => $profile));
$account->setCredentialsSource($hashedPassword);
$this->accountRepository->update($account);
$this->persistenceManager->persistAll();
} catch (\Exception $exception) {
return $exception->getMessage();
}
} else {
$this->response->setHeader('Notification', $this->translator->translateById('profile.reset.password.response.failure', [], NULL, $locale, 'Main', 'BuJitsuDo.Authentication'));
$this->response->setHeader('NotificationType', 'alert');
return '';
}
$this->response->setHeader('Notification', $this->translator->translateById('profile.reset.password.response.success', [], NULL, $locale, 'Main', 'BuJitsuDo.Authentication'));
$this->response->setHeader('NotificationType', 'success');
return '';
}
/**
* Sets a new password for the given user
*
* @param User $user The user to set the password for
* @param string $password A new password
* @return void
*/
public function setUserPassword(User $user, $password)
{
foreach ($user->getAccounts() as $account) {
/** @var Account $account */
$account->setCredentialsSource($this->hashService->hashPassword($password, 'default'));
$this->accountRepository->update($account);
}
}
/**
* @test
*/
public function hashPasswordWillIncludeStrategyIdentifierInHashedPassword()
{
$settings = array('security' => array('cryptography' => array('hashingStrategies' => array('TestStrategy' => 'TYPO3\\Flow\\Test\\TestStrategy'))));
$this->hashService->injectSettings($settings);
$mockStrategy = $this->getMock('TYPO3\\Flow\\Security\\Cryptography\\PasswordHashingStrategyInterface');
$mockStrategy->expects($this->any())->method('hashPassword')->will($this->returnValue('---hashed-password---'));
$mockObjectManager = $this->getMock('TYPO3\\Flow\\Object\\ObjectManagerInterface');
$mockObjectManager->expects($this->any())->method('get')->will($this->returnValue($mockStrategy));
\TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->hashService, 'objectManager', $mockObjectManager, TRUE);
$result = $this->hashService->hashPassword('myTestPassword', 'TestStrategy');
$this->assertEquals('TestStrategy=>---hashed-password---', $result);
}
/**
* Persists a key to the file system
*
* @param string $name
* @param string $password
* @return void
* @throws \TYPO3\Flow\Security\Exception
*/
protected function persistKey($name, $password)
{
$hashedPassword = $this->hashService->hashPassword($password, $this->passwordHashingStrategy);
$keyPathAndFilename = $this->getKeyPathAndFilename($name);
if (!is_dir($this->getPath())) {
Files::createDirectoryRecursively($this->getPath());
}
$result = file_put_contents($keyPathAndFilename, $hashedPassword);
if ($result === false) {
throw new \TYPO3\Flow\Security\Exception(sprintf('The key could not be stored ("%s").', $keyPathAndFilename), 1305812921);
}
}
/**
* @param \DLigo\Animaltool\Domain\Model\User $user
* @param array $username
* @Flow\Validate(argumentName="$username", type="notEmpty")
* @param array $password
* @param string $role
* @Flow\Validate(argumentName="$password", type="\DLigo\Animaltool\Validation\Validator\PasswordValidator", options={"allowEmpty"=true})
* @Flow\Validate(argumentName="$username", type="\DLigo\Animaltool\Validation\Validator\AccountExistsValidator")
* @return void
*/
public function updateAction(User $user, $username, $password = null, $role = null)
{
if ($role) {
$roleObj = $this->policyService->getRole($role);
foreach ($user->getAccounts() as $account) {
$account->setRoles(array($role => $roleObj));
$account->setAccountIdentifier($username['new']);
$account->setCredentialsSource($this->hashService->hashPassword($password[0], 'default'));
$this->accountRepository->update($account);
}
}
$this->userRepository->update($user);
$this->addFlashMessage('Updated the user.', '', \TYPO3\Flow\Error\Message::SEVERITY_OK, array(), 'flash.user.update');
$this->redirect('index');
}
/**
* Set a new password for the given user
*
* @param string $username user to modify
* @param string $password new password
* @param string $authenticationProvider Name of the authentication provider to use for finding the user. Default: "Sandstorm.UserManagement:Login".
* @return void
*/
public function setPasswordCommand($username, $password, $authenticationProvider = 'Sandstorm.UserManagement:Login')
{
// If we're in Neos context, we simply forward the command to the Neos command controller.
if ($this->shouldUseNeosService()) {
$cliRequest = new Request($this->request);
$cliRequest->setControllerObjectName(UserCommandController::class);
$cliRequest->setControllerCommandName('setPassword');
$cliRequest->setArguments(['username' => $username, 'password' => $password, 'authenticationProvider' => $authenticationProvider]);
$cliResponse = new Response($this->response);
$this->dispatcher->dispatch($cliRequest, $cliResponse);
$this->quit(0);
}
// Otherwise, we use our own logic.
$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($username, $authenticationProvider);
if ($account === null) {
$this->outputLine('The user <b>' . $username . '</b> could not be found with auth provider <b>' . $authenticationProvider . '</b>.');
$this->quit(1);
}
$encrypted = $this->hashService->hashPassword($password);
$account->setCredentialsSource($encrypted);
$this->accountRepository->update($account);
$this->outputLine('Password for user <b>' . $username . '</b> changed.');
}
/**
* @param string $password,
* @param string $passwordconfirm
* @param string $code
* @return string|void
*/
public function changePasswordAction($password = NULL, $passwordconfirm = NULL, $code = NULL)
{
if ($code !== NULL) {
$cryptJson = $code;
$cryptKey = md5($this->providerName);
$uncryptJson = base64_decode($cryptJson);
$uncryptJson = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $cryptKey, $uncryptJson, MCRYPT_MODE_CBC, md5($cryptKey));
$uncryptJson = rtrim($uncryptJson, "");
$json = json_decode($uncryptJson);
} else {
$json = NULL;
}
$this->view->assign('code', $code);
// @TODO Check if User has random number
if ($json != NULL) {
if ($this->time->getTimestamp() - $json->date > 86400) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error($this->translator->translateById('login.messages.registration.not_valid', array(), NULL, NULL, 'Main', 'Incvisio.LostFound')));
$this->redirect('index', 'Standard', NULL, array());
} else {
$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($json->username, $this->providerName);
if ($password == $passwordconfirm && $password !== NULL) {
$account->setExpirationDate(NULL);
$account->setCredentialsSource($this->hashService->hashPassword($password, 'default'));
$this->accountRepository->update($account);
$this->flashMessageContainer->addMessage(new Message($this->translator->translateById('login.login.update', array(), NULL, NULL, 'Main', 'Incvisio.LostFound')));
$this->redirect('index', 'Standard', NULL, array());
} else {
if ($password !== NULL) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error("Sorry"));
}
}
}
} else {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error($this->translator->translateById('login.messages.registration.not_valid', array(), NULL, NULL, 'Main', 'Incvisio.LostFound')));
$this->redirect('index', 'Standard', NULL, array());
}
}
/**
* Sends an email to a user with the new password
*
* @param \TYPO3\Flow\Security\Account $account
* @param array $settings
* @param string $newEnteredPassword
* @return boolean $success
*/
public function sendMail(Account $account, $settings, $newEnteredPassword = NULL)
{
if ($newEnteredPassword !== NULL) {
$newPassword = $newEnteredPassword;
} else {
$newPassword = $this->algorithms->generateRandomString(10);
$account->setCredentialsSource($this->hashService->hashPassword($newPassword, 'default'));
$this->accountRepository->update($account);
}
// @TODO: Localize the email format
$mailBody[] = 'Dear %1$s';
$mailBody[] = '';
$mailBody[] = 'Your password for First Visit.';
$mailBody[] = 'The password is %2$s';
$mailBody[] = '';
$mailBody[] = 'If you haven\'t requested this information, please change your password at once';
$mailBody[] = 'as others might be able to access your account';
$success = FALSE;
$message = new SwiftMessage();
if ($message->setTo(array($account->getAccountIdentifier() => $account->getParty()->getName()))->setFrom(array($settings['PasswordRecovery']['Sender']['Email'] => $settings['PasswordRecovery']['Sender']['Name']))->setSubject($settings['PasswordRecovery']['Subject'])->setBody(vsprintf(implode(PHP_EOL, $mailBody), array($account->getParty()->getName(), $newPassword)))->send()) {
$success = TRUE;
}
return $success;
}
/**
* @param string $newPassword
* @param \TYPO3\Flow\Security\Cryptography\HashService $hashService
* @throws \InvalidArgumentException
*/
public function changePassword($newPassword, $hashService)
{
$newPassword = trim($newPassword);
if (empty($newPassword)) {
throw new \InvalidArgumentException('Password must be set.');
}
$this->edits++;
$this->login->setCredentialsSource($hashService->hashPassword($newPassword, 'default'));
}
/**
* Sets a new password for the given user
*
* This method will iterate over all accounts owned by the given user and, if the account uses a UsernamePasswordToken,
* sets a new password accordingly.
*
* @param User $user The user to set the password for
* @param string $password A new password
* @return void
* @api
*/
public function setUserPassword(User $user, $password)
{
$tokens = $this->authenticationManager->getTokens();
$indexedTokens = array();
foreach ($tokens as $token) {
/** @var TokenInterface $token */
$indexedTokens[$token->getAuthenticationProviderName()] = $token;
}
foreach ($user->getAccounts() as $account) {
/** @var Account $account */
$authenticationProviderName = $account->getAuthenticationProviderName();
if (isset($indexedTokens[$authenticationProviderName]) && $indexedTokens[$authenticationProviderName] instanceof UsernamePassword) {
$account->setCredentialsSource($this->hashService->hashPassword($password));
$this->accountRepository->update($account);
}
}
}
/**
* Set a new password for the given account
*
* This allows for setting a new password for an existing user account.
*
* @param Account $account
* @param $password
* @param string $passwordHashingStrategy
*
* @return boolean
*/
public function resetPassword(Account $account, $password, $passwordHashingStrategy = 'default')
{
$account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy));
$this->accountRepository->update($account);
return TRUE;
}
