Checks the password hash length. Used as a sanity check.
| public static checkPasswordHash ( string $passwordHash, string $exceptionMessage ) | ||
| $passwordHash | string | The password hash to check. |
| $exceptionMessage | string | Message of the exception thrown. |
/**
* Sets the password hash to use when authentication.
*
* @param string $passwordHash The password hash.
*/
public function setPasswordHash($passwordHash)
{
if ($passwordHash === null) {
$this->hashedPassword = null;
return;
}
// check that the password hash is valid (sanity check)
UsersManager::checkPasswordHash($passwordHash, Piwik::translate('Login_ExceptionPasswordMD5HashExpected'));
$this->hashedPassword = $passwordHash;
}
/**
* Checks the password hash that was retrieved from the Option table. Used as a sanity check
* when finishing the reset password process. If a password is obviously malformed, changing
* a user's password to it will keep the user from being able to login again.
*
* Derived classes can override this method to provide fewer or more checks.
*
* @param string $passwordHash The password hash to check.
* @throws Exception if the password hash length is incorrect.
*/
protected function checkPasswordHash($passwordHash)
{
UsersManager::checkPasswordHash($passwordHash, Piwik::translate('Login_ExceptionPasswordMD5HashExpected'));
}
/**
* Generates a unique MD5 for the given login & password
*
* @param string $userLogin Login
* @param string $md5Password hashed string of the password (using current hash function; MD5-named for historical reasons)
* @return string
*/
public function getTokenAuth($userLogin, $md5Password)
{
UsersManager::checkPasswordHash($md5Password, Piwik::translate('UsersManager_ExceptionPasswordMD5HashExpected'));
return md5($userLogin . $md5Password);
}
/**
* Returns the user's API token.
*
* If the username/password combination is incorrect an invalid token will be returned.
*
* @param string $userLogin Login
* @param string $md5Password hashed string of the password (using current hash function; MD5-named for historical reasons)
* @return string
*/
public function getTokenAuth($userLogin, $md5Password)
{
UsersManager::checkPasswordHash($md5Password, Piwik::translate('UsersManager_ExceptionPasswordMD5HashExpected'));
$user = $this->model->getUser($userLogin);
if (!$this->password->verify($md5Password, $user['password'])) {
return md5($userLogin . microtime(true) . Common::generateUniqId());
}
if ($this->password->needsRehash($user['password'])) {
$this->updateUser($userLogin, $this->password->hash($md5Password));
}
return $user['token_auth'];
}