/** * It should detect already hashed passwords. * * @dataProvider providePreSaveAlreadyHashed */ public function testOnPreSavePasswordAlreadyHashed($hash) { $this->storageEvent->getContent()->willReturn($this->user->reveal()); $this->user->getPassword()->willReturn($hash); $this->passwordFactory->createHash(Argument::cetera())->shouldNotBeCalled(); $this->user->setPassword($hash)->shouldBeCalled(); $this->listener->onUserEntityPreSave($this->storageEvent->reveal()); }
/** * Hash user passwords on save. * * Hashstrength has a default of '10', don't allow less than '8'. * * @param Entity\Users $usersEntity */ protected function passwordHash(Entity\Users $usersEntity) { if ($usersEntity->getShadowSave()) { return; } elseif ($usersEntity->getPassword() && $usersEntity->getPassword() !== '**dontchange**') { $hasher = new PasswordHash($this->hashStrength, true); $usersEntity->setPassword($hasher->HashPassword($usersEntity->getPassword())); } else { unset($usersEntity->password); } }
/** * Hash user passwords on save. * * @param Entity\Users $usersEntity */ protected function passwordHash(Entity\Users $usersEntity) { if ($usersEntity->getShadowSave()) { return; } elseif ($usersEntity->getPassword() && $usersEntity->getPassword() !== '**dontchange**') { $crypt = new PasswordLib(); $usersEntity->setPassword($crypt->createPasswordHash($usersEntity->getPassword(), '$2a$', ['cost' => $this->hashStrength])); } else { unset($usersEntity->password); } }
/** * Add error messages to logs and update the user. * * @param Entity\Users $userEntity * * @return false */ protected function loginFailed(Entity\Users $userEntity) { $this->flashLogger->error(Trans::__('general.phrase.error-user-name-password-incorrect')); $this->systemLogger->info("Failed login attempt for '" . $userEntity->getDisplayname() . "'.", ['event' => 'authentication']); // Update the failed login attempts, and perhaps throttle the logins. $userEntity->setFailedlogins($userEntity->getFailedlogins() + 1); $userEntity->setThrottleduntil($this->throttleUntil($userEntity->getFailedlogins() + 1)); $userEntity->setPassword(null); $this->getRepositoryUsers()->save($userEntity); return false; }
/** * Null sensitive data that doesn't need to be passed around. * * @param Entity\Users $entity */ protected function unsetSensitiveFields(Entity\Users $entity) { $entity->setPassword(null); $entity->setShadowpassword(null); $entity->setShadowtoken(null); $entity->setShadowvalidity(null); }
/** * Hash user passwords on save. * * @param Entity\Users $usersEntity */ protected function passwordHash(Entity\Users $usersEntity) { if ($usersEntity->getPassword() !== null) { $usersEntity->setPassword($this->getValidHash($usersEntity->getPassword())); } }
/** * Add error messages to logs and update the user. * * @param Entity\Users $userEntity * * @return false */ protected function loginFailed(Entity\Users $userEntity) { $this->flashLogger->error(Trans::__('Username or password not correct. Please check your input.')); $this->systemLogger->info("Failed login attempt for '" . $userEntity->getDisplayname() . "'.", ['event' => 'authentication']); // Update the failed login attempts, and perhaps throttle the logins. $userEntity->setFailedlogins($userEntity->getFailedlogins() + 1); $userEntity->setThrottleduntil($this->throttleUntil($userEntity->getFailedlogins() + 1)); $userEntity->setPassword(null); $this->repositoryUsers->save($userEntity); return false; }