public function testInvalidPassword()
{
$this->_user->setPassword(1243213235235);
$this->assertFalse($this->_validateCollection->isValid($this->_user));
}
public function updatePassword(UserModel $user, $newPassword, $oldPassword = null)
{
if (!$user->getId()) {
throw new InvalidArgumentException('Supplied user model does not have an Id');
}
if (!$newPassword) {
throw new InvalidArgumentException('newPassword param not given');
}
$userId = $user->getId();
// Fetch password hashing resource
$bootstrap = \Zend_Controller_Front::getInstance()->getParam('bootstrap');
$phpass = $bootstrap->getResource('PHPass');
if ($oldPassword && !$phpass->checkPassword($oldPassword, $user->getPassword())) {
throw new \Application\Exceptions\ValidateException("Invalid old password given", ValidationCodes::USER_INVALID_PASSWORD);
}
// Validate password
$user->setPassword($newPassword);
$this->validatePassword($user);
// Store a hashed version of the password in the user profile
$user->setPassword($phpass->hashPassword($newPassword));
$user->setLastPasswordChange(time());
// Update last used passwords
$lastUsedPasswordsLimit = \App::config('lastUsedPasswordsLimit', 10);
$lastUsedPasswords = $this->getLastUsedPasswords($userId);
if (!$lastUsedPasswords) {
$lastUsedPasswords = array();
}
if (count($lastUsedPasswords) >= $lastUsedPasswordsLimit) {
$limit = $lastUsedPasswordsLimit - 1;
$lastUsedPasswords = array_slice($lastUsedPasswords, $limit * -1, $limit);
}
array_push($lastUsedPasswords, sha1($newPassword));
UserMapper::getInstance()->insertLastUsedPasswords($user->id, $lastUsedPasswords);
// Persist the changes
$user->save();
// Remove old token if exists
$userMapper = \Application\Model\Mapper\UserMapper::getInstance();
$userMapper->removeLostPasswordToken($user->getId());
\App::audit('Updated password for user with Id ' . $user->getId(), $user);
$this->_sendEvent('update', $user);
return $user;
}
