Only login and password are required (case when we update the password).
If the password changes and the user has an old token_auth (legacy MD5 format) associated,
the token will be regenerated. This could break a user's API calls.
| public updateUser ( $userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false ) |
protected function execute(InputInterface $input, OutputInterface $output)
{
$login = $input->getArgument('login');
$user = $this->usersManagerApi->getUser($login);
if (!UserMapper::isUserLdapUser($user)) {
throw new Exception("User '{$login}' is not an LDAP user. To regenerate this user's token_auth, change the user's password.");
}
if (!$this->userMapper->isRandomTokenAuthGenerationEnabled()) {
throw new Exception("Random token_auth generation is disabled in [LoginLdap] config. This means any changes made by this " . "command will be overwritten when the user logs in. Aborting.");
}
$newPassword = $this->userMapper->generateRandomPassword();
$this->usersManagerApi->updateUser($login, $newPassword, $email = false, $alias = false, $isPasswordHash = true);
$user = $this->usersManagerApi->getUser($login);
$this->writeSuccessMessage($output, array("token_auth for '{$login}' regenerated successfully, new token_auth = '{$user['token_auth']}'"));
}
/**
* normal case, reused in other tests
*/
public function testUpdateUser()
{
$login = "******";
$user = array('login' => $login, 'password' => "geqgeagae", 'email' => "*****@*****.**", 'alias' => "alias");
$this->api->addUser($user['login'], $user['password'], $user['email'], $user['alias']);
$this->api->updateUser($login, "passowordOK", "*****@*****.**", "NEW ALIAS");
$this->_checkUserHasNotChanged($user, "passowordOK", "*****@*****.**", "NEW ALIAS");
}
public function test_updateUser()
{
$this->api->updateUser($this->login, 'newPassword', '*****@*****.**', 'newAlias', false);
$user = $this->api->getUser($this->login);
$this->assertSame('14a88b9d2f52c55b5fbcf9c5d9c11875', $user['password']);
$this->assertSame('*****@*****.**', $user['email']);
$this->assertSame('newAlias', $user['alias']);
}
/**
* Decrypts the password (if encrypted) and calls the original function on
* the decrypted value.
*
* @see the parent class function for parameters and return value
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false, $directCall = false)
{
// check if this function is called directly
// Reason: updateUser() is called in following situations:
// 1. With an already decrypted password by:
// * Piwik\Plugins\Login\PasswordResetter::confirmNewPassword()
// on password change via the form before login
// * Controller::processPasswordChange() when any user changes
// their own password in their account settings
// 2. With an encrypted password when called directly by (so,
// decryption is needed in this case):
// * /plugins/UsersManagerEncrypted/javascripts/usersManager.js::sendUpdateUserAJAX()
// when a super user changes someone's password in Piwik user administration.
if ($directCall == 'true') {
$password = Crypto::decrypt($password);
}
return parent::updateUser($userLogin, $password, $email, $alias, $_isPasswordHashed);
}
