public function getEncryptedPasswordAndRemoveNonencryptedVersion() { if (!$this->arePasswordsEqual()) { throw new Exception('Passwords are not equal; so it is not allowed to call getEncryptedPassword().', 1464087097); } $encrypted = $this->hashService->hashPassword($this->password); $this->password = null; $this->passwordConfirmation = null; return $encrypted; }
/** * Creates a new account and sets the given password and roles * * @param string $identifier Identifier of the account, must be unique * @param string $password The clear text password * @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account * @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with * @param string $passwordHashingStrategy Optional password hashing strategy to use for the password * @return \TYPO3\Flow\Security\Account A new account, not yet added to the account repository */ public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default') { $account = new \TYPO3\Flow\Security\Account(); $account->setAccountIdentifier($identifier); $account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy)); $account->setAuthenticationProviderName($authenticationProviderName); $roles = array(); foreach ($roleIdentifiers as $roleIdentifier) { $roles[] = $this->policyService->getRole($roleIdentifier); } $account->setRoles($roles); return $account; }
/** * @param string $emailAddress * @param string $requirement * * @throws \Exception * * @return string */ public function resetPasswordAction($emailAddress, $requirement = '') { if ($requirement !== '') { throw new \Exception('Bot detection', 12393182738); } $locale = new Locale('nl'); $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($emailAddress, 'DefaultProvider'); if ($account instanceof Account) { try { /** @var Person $profile */ $profile = $this->profileService->getProfileNodeOfAccount($account); $password = $this->randomPassword(); $hashedPassword = $this->hashService->hashPassword($password, 'default'); $this->mailerService->sendEmail(array('email' => $emailAddress, 'name' => $profile->getDisplayName()), 'Nieuw wachtwoord', 'Packages/Application/BuJitsuDo.Authentication/Resources/Private/Templates/Email/PasswordReset.html', array('password' => $password, 'profile' => $profile)); $account->setCredentialsSource($hashedPassword); $this->accountRepository->update($account); $this->persistenceManager->persistAll(); } catch (\Exception $exception) { return $exception->getMessage(); } } else { $this->response->setHeader('Notification', $this->translator->translateById('profile.reset.password.response.failure', [], NULL, $locale, 'Main', 'BuJitsuDo.Authentication')); $this->response->setHeader('NotificationType', 'alert'); return ''; } $this->response->setHeader('Notification', $this->translator->translateById('profile.reset.password.response.success', [], NULL, $locale, 'Main', 'BuJitsuDo.Authentication')); $this->response->setHeader('NotificationType', 'success'); return ''; }
/** * Sets a new password for the given user * * @param User $user The user to set the password for * @param string $password A new password * @return void */ public function setUserPassword(User $user, $password) { foreach ($user->getAccounts() as $account) { /** @var Account $account */ $account->setCredentialsSource($this->hashService->hashPassword($password, 'default')); $this->accountRepository->update($account); } }
/** * @test */ public function hashPasswordWillIncludeStrategyIdentifierInHashedPassword() { $settings = array('security' => array('cryptography' => array('hashingStrategies' => array('TestStrategy' => 'TYPO3\\Flow\\Test\\TestStrategy')))); $this->hashService->injectSettings($settings); $mockStrategy = $this->getMock('TYPO3\\Flow\\Security\\Cryptography\\PasswordHashingStrategyInterface'); $mockStrategy->expects($this->any())->method('hashPassword')->will($this->returnValue('---hashed-password---')); $mockObjectManager = $this->getMock('TYPO3\\Flow\\Object\\ObjectManagerInterface'); $mockObjectManager->expects($this->any())->method('get')->will($this->returnValue($mockStrategy)); \TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->hashService, 'objectManager', $mockObjectManager, TRUE); $result = $this->hashService->hashPassword('myTestPassword', 'TestStrategy'); $this->assertEquals('TestStrategy=>---hashed-password---', $result); }
/** * Persists a key to the file system * * @param string $name * @param string $password * @return void * @throws \TYPO3\Flow\Security\Exception */ protected function persistKey($name, $password) { $hashedPassword = $this->hashService->hashPassword($password, $this->passwordHashingStrategy); $keyPathAndFilename = $this->getKeyPathAndFilename($name); if (!is_dir($this->getPath())) { Files::createDirectoryRecursively($this->getPath()); } $result = file_put_contents($keyPathAndFilename, $hashedPassword); if ($result === false) { throw new \TYPO3\Flow\Security\Exception(sprintf('The key could not be stored ("%s").', $keyPathAndFilename), 1305812921); } }
/** * @param \DLigo\Animaltool\Domain\Model\User $user * @param array $username * @Flow\Validate(argumentName="$username", type="notEmpty") * @param array $password * @param string $role * @Flow\Validate(argumentName="$password", type="\DLigo\Animaltool\Validation\Validator\PasswordValidator", options={"allowEmpty"=true}) * @Flow\Validate(argumentName="$username", type="\DLigo\Animaltool\Validation\Validator\AccountExistsValidator") * @return void */ public function updateAction(User $user, $username, $password = null, $role = null) { if ($role) { $roleObj = $this->policyService->getRole($role); foreach ($user->getAccounts() as $account) { $account->setRoles(array($role => $roleObj)); $account->setAccountIdentifier($username['new']); $account->setCredentialsSource($this->hashService->hashPassword($password[0], 'default')); $this->accountRepository->update($account); } } $this->userRepository->update($user); $this->addFlashMessage('Updated the user.', '', \TYPO3\Flow\Error\Message::SEVERITY_OK, array(), 'flash.user.update'); $this->redirect('index'); }
/** * Set a new password for the given user * * @param string $username user to modify * @param string $password new password * @param string $authenticationProvider Name of the authentication provider to use for finding the user. Default: "Sandstorm.UserManagement:Login". * @return void */ public function setPasswordCommand($username, $password, $authenticationProvider = 'Sandstorm.UserManagement:Login') { // If we're in Neos context, we simply forward the command to the Neos command controller. if ($this->shouldUseNeosService()) { $cliRequest = new Request($this->request); $cliRequest->setControllerObjectName(UserCommandController::class); $cliRequest->setControllerCommandName('setPassword'); $cliRequest->setArguments(['username' => $username, 'password' => $password, 'authenticationProvider' => $authenticationProvider]); $cliResponse = new Response($this->response); $this->dispatcher->dispatch($cliRequest, $cliResponse); $this->quit(0); } // Otherwise, we use our own logic. $account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($username, $authenticationProvider); if ($account === null) { $this->outputLine('The user <b>' . $username . '</b> could not be found with auth provider <b>' . $authenticationProvider . '</b>.'); $this->quit(1); } $encrypted = $this->hashService->hashPassword($password); $account->setCredentialsSource($encrypted); $this->accountRepository->update($account); $this->outputLine('Password for user <b>' . $username . '</b> changed.'); }
/** * @param string $password, * @param string $passwordconfirm * @param string $code * @return string|void */ public function changePasswordAction($password = NULL, $passwordconfirm = NULL, $code = NULL) { if ($code !== NULL) { $cryptJson = $code; $cryptKey = md5($this->providerName); $uncryptJson = base64_decode($cryptJson); $uncryptJson = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $cryptKey, $uncryptJson, MCRYPT_MODE_CBC, md5($cryptKey)); $uncryptJson = rtrim($uncryptJson, ""); $json = json_decode($uncryptJson); } else { $json = NULL; } $this->view->assign('code', $code); // @TODO Check if User has random number if ($json != NULL) { if ($this->time->getTimestamp() - $json->date > 86400) { $this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error($this->translator->translateById('login.messages.registration.not_valid', array(), NULL, NULL, 'Main', 'Incvisio.LostFound'))); $this->redirect('index', 'Standard', NULL, array()); } else { $account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($json->username, $this->providerName); if ($password == $passwordconfirm && $password !== NULL) { $account->setExpirationDate(NULL); $account->setCredentialsSource($this->hashService->hashPassword($password, 'default')); $this->accountRepository->update($account); $this->flashMessageContainer->addMessage(new Message($this->translator->translateById('login.login.update', array(), NULL, NULL, 'Main', 'Incvisio.LostFound'))); $this->redirect('index', 'Standard', NULL, array()); } else { if ($password !== NULL) { $this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error("Sorry")); } } } } else { $this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error($this->translator->translateById('login.messages.registration.not_valid', array(), NULL, NULL, 'Main', 'Incvisio.LostFound'))); $this->redirect('index', 'Standard', NULL, array()); } }
/** * Sends an email to a user with the new password * * @param \TYPO3\Flow\Security\Account $account * @param array $settings * @param string $newEnteredPassword * @return boolean $success */ public function sendMail(Account $account, $settings, $newEnteredPassword = NULL) { if ($newEnteredPassword !== NULL) { $newPassword = $newEnteredPassword; } else { $newPassword = $this->algorithms->generateRandomString(10); $account->setCredentialsSource($this->hashService->hashPassword($newPassword, 'default')); $this->accountRepository->update($account); } // @TODO: Localize the email format $mailBody[] = 'Dear %1$s'; $mailBody[] = ''; $mailBody[] = 'Your password for First Visit.'; $mailBody[] = 'The password is %2$s'; $mailBody[] = ''; $mailBody[] = 'If you haven\'t requested this information, please change your password at once'; $mailBody[] = 'as others might be able to access your account'; $success = FALSE; $message = new SwiftMessage(); if ($message->setTo(array($account->getAccountIdentifier() => $account->getParty()->getName()))->setFrom(array($settings['PasswordRecovery']['Sender']['Email'] => $settings['PasswordRecovery']['Sender']['Name']))->setSubject($settings['PasswordRecovery']['Subject'])->setBody(vsprintf(implode(PHP_EOL, $mailBody), array($account->getParty()->getName(), $newPassword)))->send()) { $success = TRUE; } return $success; }
/** * @param string $newPassword * @param \TYPO3\Flow\Security\Cryptography\HashService $hashService * @throws \InvalidArgumentException */ public function changePassword($newPassword, $hashService) { $newPassword = trim($newPassword); if (empty($newPassword)) { throw new \InvalidArgumentException('Password must be set.'); } $this->edits++; $this->login->setCredentialsSource($hashService->hashPassword($newPassword, 'default')); }
/** * Sets a new password for the given user * * This method will iterate over all accounts owned by the given user and, if the account uses a UsernamePasswordToken, * sets a new password accordingly. * * @param User $user The user to set the password for * @param string $password A new password * @return void * @api */ public function setUserPassword(User $user, $password) { $tokens = $this->authenticationManager->getTokens(); $indexedTokens = array(); foreach ($tokens as $token) { /** @var TokenInterface $token */ $indexedTokens[$token->getAuthenticationProviderName()] = $token; } foreach ($user->getAccounts() as $account) { /** @var Account $account */ $authenticationProviderName = $account->getAuthenticationProviderName(); if (isset($indexedTokens[$authenticationProviderName]) && $indexedTokens[$authenticationProviderName] instanceof UsernamePassword) { $account->setCredentialsSource($this->hashService->hashPassword($password)); $this->accountRepository->update($account); } } }
/** * Set a new password for the given account * * This allows for setting a new password for an existing user account. * * @param Account $account * @param $password * @param string $passwordHashingStrategy * * @return boolean */ public function resetPassword(Account $account, $password, $passwordHashingStrategy = 'default') { $account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy)); $this->accountRepository->update($account); return TRUE; }