/** * Test the event. */ public function test_event() { $this->resetAfterTest(); $user1 = $this->getDataGenerator()->create_user(); $context1 = context_user::instance($user1->id); $user2 = $this->getDataGenerator()->create_user(); $context2 = context_user::instance($user2->id); $this->setUser($user1); // Changing own password. $event = \core\event\user_password_updated::create_from_user($user1); $this->assertEventContextNotUsed($event); $this->assertEquals($user1->id, $event->relateduserid); $this->assertSame($context1, $event->get_context()); $this->assertEventLegacyLogData(null, $event); $this->assertFalse($event->other['forgottenreset']); $event->trigger(); // Changing password of other user. $event = \core\event\user_password_updated::create_from_user($user2); $this->assertEventContextNotUsed($event); $this->assertEquals($user2->id, $event->relateduserid); $this->assertSame($context2, $event->get_context()); $this->assertEventLegacyLogData(null, $event); $this->assertFalse($event->other['forgottenreset']); $event->trigger(); // Password reset. $event = \core\event\user_password_updated::create_from_user($user1, true); $this->assertEventContextNotUsed($event); $this->assertEquals($user1->id, $event->relateduserid); $this->assertSame($context1, $event->get_context()); $this->assertEventLegacyLogData(array(SITEID, 'user', 'set password', 'profile.php?id=' . $user1->id, $user1->id), $event); $this->assertTrue($event->other['forgottenreset']); $event->trigger(); }
/** * Update password hash in user object (if necessary). * * The password is updated if: * 1. The password has changed (the hash of $user->password is different * to the hash of $password). * 2. The existing hash is using an out-of-date algorithm (or the legacy * md5 algorithm). * * Updating the password will modify the $user object and the database * record to use the current hashing algorithm. * It will remove Web Services user tokens too. * * @param stdClass $user User object (password property may be updated). * @param string $password Plain text password. * @param bool $fasthash If true, use a low cost factor when generating the hash * This is much faster to generate but makes the hash * less secure. It is used when lots of hashes need to * be generated quickly. * @return bool Always returns true. */ function update_internal_user_password($user, $password, $fasthash = false) { global $CFG, $DB; // Figure out what the hashed password should be. if (!isset($user->auth)) { debugging('User record in update_internal_user_password() must include field auth', DEBUG_DEVELOPER); $user->auth = $DB->get_field('user', 'auth', array('id' => $user->id)); } $authplugin = get_auth_plugin($user->auth); if ($authplugin->prevent_local_passwords()) { $hashedpassword = AUTH_PASSWORD_NOT_CACHED; } else { $hashedpassword = hash_internal_user_password($password, $fasthash); } $algorithmchanged = false; if ($hashedpassword === AUTH_PASSWORD_NOT_CACHED) { // Password is not cached, update it if not set to AUTH_PASSWORD_NOT_CACHED. $passwordchanged = $user->password !== $hashedpassword; } else { if (isset($user->password)) { // If verification fails then it means the password has changed. $passwordchanged = !password_verify($password, $user->password); $algorithmchanged = password_needs_rehash($user->password, PASSWORD_DEFAULT); } else { // While creating new user, password in unset in $user object, to avoid // saving it with user_create() $passwordchanged = true; } } if ($passwordchanged || $algorithmchanged) { $DB->set_field('user', 'password', $hashedpassword, array('id' => $user->id)); $user->password = $hashedpassword; // Trigger event. $user = $DB->get_record('user', array('id' => $user->id)); \core\event\user_password_updated::create_from_user($user)->trigger(); // Remove WS user tokens. if (!empty($CFG->passwordchangetokendeletion)) { require_once $CFG->dirroot . '/webservice/lib.php'; webservice::delete_user_ws_tokens($user->id); } } return true; }
/** * Update password hash in user object (if necessary). * * The password is updated if: * 1. The password has changed (the hash of $user->password is different * to the hash of $password). * 2. The existing hash is using an out-of-date algorithm (or the legacy * md5 algorithm). * * Updating the password will modify the $user object and the database * record to use the current hashing algorithm. * * @param stdClass $user User object (password property may be updated). * @param string $password Plain text password. * @param bool $fasthash If true, use a low cost factor when generating the hash * This is much faster to generate but makes the hash * less secure. It is used when lots of hashes need to * be generated quickly. * @return bool Always returns true. */ function update_internal_user_password($user, $password, $fasthash = false) { global $CFG, $DB; require_once $CFG->libdir . '/password_compat/lib/password.php'; // Figure out what the hashed password should be. if (!isset($user->auth)) { debugging('User record in update_internal_user_password() must include field auth', DEBUG_DEVELOPER); $user->auth = $DB->get_field('user', 'auth', array('id' => $user->id)); } $authplugin = get_auth_plugin($user->auth); if ($authplugin->prevent_local_passwords()) { $hashedpassword = AUTH_PASSWORD_NOT_CACHED; } else { $hashedpassword = hash_internal_user_password($password, $fasthash); } // If verification fails then it means the password has changed. if (isset($user->password)) { // While creating new user, password in unset in $user object, to avoid // saving it with user_create() $passwordchanged = !password_verify($password, $user->password); $algorithmchanged = password_needs_rehash($user->password, PASSWORD_DEFAULT); } else { $passwordchanged = true; } if ($passwordchanged || $algorithmchanged) { $DB->set_field('user', 'password', $hashedpassword, array('id' => $user->id)); $user->password = $hashedpassword; // Trigger event. $user = $DB->get_record('user', array('id' => $user->id)); \core\event\user_password_updated::create_from_user($user)->trigger(); } return true; }
public static function user_password_updated(\core\event\user_password_updated $event) { $sync_to_joomla = get_config('auth/joomdle', 'sync_to_joomla'); if (!$sync_to_joomla) { return true; } $user = $event->get_record_snapshot('user', $event->contextinstanceid); if ($user->auth != 'joomdle') { return true; } $auth_joomdle = new auth_plugin_joomdle(); $auth_joomdle->call_method('changePassword', $user->username, $user->password); }