/**
* Hash string.
*
* @param string $string
* @return string
* @throws RuntimeException
*/
public function hash($string)
{
if (!static::$hasher) {
throw new \RuntimeException("A hasher has not been provided for the user.");
}
return static::$hasher->hash($string);
}
/**
* Finds a user by the given credentials.
*
* @param array $credentials
* @return \Cartalyst\Sentry\Users\UserInterface
* @throws \Cartalyst\Sentry\Users\UserNotFoundException
*/
public function findByCredentials(array $credentials)
{
$model = $this->createModel();
$loginName = $model->getLoginName();
if ( ! array_key_exists($loginName, $credentials))
{
throw new \InvalidArgumentException("Login attribute [$loginName] was not provided.");
}
$passwordName = $model->getPasswordName();
$query = $model;
$hashableAttributes = $model->getHashableAttributes();
$hashedCredentials = array();
// build query from given credentials
foreach ($credentials as $credential => $value)
{
// Remove hashed attributes to check later as we need to check these
// values after we retrieved them because of salts
if (in_array($credential, $hashableAttributes))
{
$hashedCredentials = array_merge($hashedCredentials, array($credential => $value));
}
else
{
$query = $query->where($credential, '=', $value);
}
}
$user = $query->find();
if ( ! $user->loaded() )
{
throw new UserNotFoundException("A user was not found with the given credentials.");
}
// Now check the hashed credentials match ours
foreach ($hashedCredentials as $credential => $value)
{
if ( ! $this->hasher->checkHash($value, $user->{$credential}))
{
$message = "A user was found to match all plain text credentials however hashed credential [$credential] did not match.";
if ($credential == $passwordName)
{
throw new WrongPasswordException($message);
}
throw new UserNotFoundException($message);
}
}
return $user;
}
/**
* Finds a user by the given credentials.
*
* @param array $credentials
*
* @throws \Cartalyst\Sentry\Users\UserNotFoundException
*
* @return \Cartalyst\Sentry\Users\UserInterface
*/
public function findByCredentials(array $credentials)
{
$model = $this->createModel();
$loginName = $model->getLoginName();
if (!array_key_exists($loginName, $credentials)) {
throw new \InvalidArgumentException("Login attribute [{$loginName}] was not provided.");
}
$passwordName = $model->getPasswordName();
$query = $model->newQuery();
$hashableAttributes = $model->getHashableAttributes();
$hashedCredentials = [];
// build query from given credentials
foreach ($credentials as $credential => $value) {
// Remove hashed attributes to check later as we need to check these
// values after we retrieved them because of salts
if (in_array($credential, $hashableAttributes)) {
$hashedCredentials = array_merge($hashedCredentials, [$credential => $value]);
} else {
$query = $query->where($credential, '=', $value);
}
}
if (!($user = $query->first())) {
throw new UserNotFoundException('A user was not found with the given credentials.');
}
// Now check the hashed credentials match ours
foreach ($hashedCredentials as $credential => $value) {
if (!$this->hasher->checkhash($value, $user->{$credential})) {
$message = "A user was found to match all plain text credentials however hashed credential [{$credential}] did not match.";
if ($credential == $passwordName) {
throw new WrongPasswordException($message);
}
throw new UserNotFoundException($message);
} elseif ($credential == $passwordName) {
if (method_exists($this->hasher, 'needsRehashed') && $this->hasher->needsRehashed($user->{$credential})) {
// The algorithm used to create the hash is outdated and insecure.
// Rehash the password and save.
$user->{$credential} = $value;
$user->save();
}
}
}
return $user;
}
