/** * @param IToken $dbToken * @param string $token * @return boolean */ private function checkTokenCredentials(IToken $dbToken, $token) { // Check whether login credentials are still valid and the user was not disabled // This check is performed each 5 minutes $lastCheck = $dbToken->getLastCheck() ?: 0; $now = $this->timeFacory->getTime(); if ($lastCheck > $now - 60 * 5) { // Checked performed recently, nothing to do now return true; } try { $pwd = $this->tokenProvider->getPassword($dbToken, $token); } catch (InvalidTokenException $ex) { // An invalid token password was used -> log user out return false; } catch (PasswordlessTokenException $ex) { // Token has no password if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { $this->tokenProvider->invalidateToken($token); return false; } $dbToken->setLastCheck($now); $this->tokenProvider->updateToken($dbToken); return true; } if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false || !is_null($this->activeUser) && !$this->activeUser->isEnabled()) { $this->tokenProvider->invalidateToken($token); // Password has changed or user was disabled -> log user out return false; } $dbToken->setLastCheck($now); $this->tokenProvider->updateToken($dbToken); return true; }
/** * Encrypt and set the password of the given token * * @param IToken $token * @param string $tokenId * @param string $password * @throws InvalidTokenException */ public function setPassword(IToken $token, $tokenId, $password) { if (!$token instanceof DefaultToken) { throw new InvalidTokenException(); } /** @var DefaultToken $token */ $token->setPassword($this->encryptPassword($password, $tokenId)); $this->mapper->update($token); }
/** * @param IToken $savedToken * @param string $tokenId session token * @throws InvalidTokenException * @throws PasswordlessTokenException * @return string */ public function getPassword(IToken $savedToken, $tokenId) { $password = $savedToken->getPassword(); if (is_null($password)) { throw new PasswordlessTokenException(); } return $this->decryptPassword($password, $tokenId); }