| public updateUser ( $userLogin, $hashedPassword, $email, $alias, $tokenAuth ) |
private function authenticateWithPassword($login, $passwordHash)
{
$user = $this->userModel->getUser($login);
if (empty($user['login'])) {
return new AuthResult(AuthResult::FAILURE, $login, null);
}
if ($this->passwordHelper->verify($passwordHash, $user['password'])) {
if ($this->passwordHelper->needsRehash($user['password'])) {
$newPasswordHash = $this->passwordHelper->hash($passwordHash);
$this->userModel->updateUser($login, $newPasswordHash, $user['email'], $user['alias'], $user['token_auth']);
}
return $this->authenticationSuccess($user);
}
return new AuthResult(AuthResult::FAILURE, $login, null);
}
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
* When the password changes, the key token for this user will change, which could break
* its API calls.
*
* @see addUser() for all the parameters
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false)
{
Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
$userInfo = $this->getUser($userLogin);
if (empty($password)) {
$password = $userInfo['password'];
} else {
$password = Common::unsanitizeInputValue($password);
if (!$_isPasswordHashed) {
UsersManager::checkPassword($password);
$password = UsersManager::getPasswordHash($password);
}
}
if (empty($alias)) {
$alias = $userInfo['alias'];
}
if (empty($email)) {
$email = $userInfo['email'];
}
if ($email != $userInfo['email']) {
$this->checkEmail($email);
}
$alias = $this->getCleanAlias($alias, $userLogin);
$token_auth = $this->getTokenAuth($userLogin, $password);
$this->model->updateUser($userLogin, $password, $email, $alias, $token_auth);
Cache::deleteTrackerCache();
/**
* Triggered after an existing user has been updated.
*
* @param string $userLogin The user's login handle.
*/
Piwik::postEvent('UsersManager.updateUser.end', array($userLogin));
}
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
*
* If the password changes and the user has an old token_auth (legacy MD5 format) associated,
* the token will be regenerated. This could break a user's API calls.
*
* @see addUser() for all the parameters
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false)
{
Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
$this->checkUserExists($userLogin);
$userInfo = $this->model->getUser($userLogin);
$token_auth = $userInfo['token_auth'];
$passwordHasBeenUpdated = false;
if (empty($password)) {
$password = $userInfo['password'];
} else {
$password = Common::unsanitizeInputValue($password);
if (!$_isPasswordHashed) {
UsersManager::checkPassword($password);
$password = UsersManager::getPasswordHash($password);
}
$passwordInfo = $this->password->info($password);
if (!isset($passwordInfo['algo']) || 0 >= $passwordInfo['algo']) {
// password may have already been fully hashed
$password = $this->password->hash($password);
}
$passwordHasBeenUpdated = true;
}
if (empty($alias)) {
$alias = $userInfo['alias'];
}
if (empty($email)) {
$email = $userInfo['email'];
}
if ($email != $userInfo['email']) {
$this->checkEmail($email);
}
$alias = $this->getCleanAlias($alias, $userLogin);
$this->model->updateUser($userLogin, $password, $email, $alias, $token_auth);
Cache::deleteTrackerCache();
/**
* Triggered after an existing user has been updated.
* Event notify about password change.
*
* @param string $userLogin The user's login handle.
* @param boolean $passwordHasBeenUpdated Flag containing information about password change.
*/
Piwik::postEvent('UsersManager.updateUser.end', array($userLogin, $passwordHasBeenUpdated, $email, $password, $alias));
}
