class.ilUserPasswordManager.php

Go to the documentation of this file.

<?php
/* Copyright (c) 1998-2014 ILIAS open source, Extended GPL, see docs/LICENSE */

require_once 'Services/User/exceptions/class.ilUserException.php';

class ilUserPasswordManager
{
        const MIN_SALT_SIZE = 16;

        private static $instance;

        protected $encoder_factory;

        protected $encoder_name;

        protected $config = array();

        public function __construct(array $config = array())
        {
                if(!empty($config))
                {
                        foreach($config as $key => $value)
                        {
                                switch(strtolower($key))
                                {
                                        case 'password_encoder':
                                                $this->setEncoderName($value);
                                                break;
                                        case 'encoder_factory':
                                                $this->setEncoderFactory($value);
                                                break;
                                }
                        }
                }

                if(!$this->getEncoderName())
                {
                        throw new ilUserException(sprintf('"password_encoder" must be set in %s.', json_encode($config)));
                }

                if(!($this->getEncoderFactory() instanceof ilUserPasswordEncoderFactory))
                {
                        throw new ilUserException(sprintf('"encoder_factory" must be instance of ilUserPasswordEncoderFactory and set in %s.', json_encode($config)));
                }
        }

        public static function getInstance()
        {
                if(self::$instance instanceof self)
                {
                        return self::$instance;
                }

                require_once 'Services/User/classes/class.ilUserPasswordEncoderFactory.php';
                $password_manager = new ilUserPasswordManager(
                        array(
                                'encoder_factory' => new ilUserPasswordEncoderFactory(
                                        array(
                                                'default_password_encoder' => 'bcryptphp',
                                                'ignore_security_flaw'     => true
                                        )
                                ),
                                'password_encoder' => 'bcryptphp'
                        )
                );

                self::$instance = $password_manager;
                return self::$instance;
        }

        public function getEncoderName()
        {
                return $this->encoder_name;
        }

        public function setEncoderName($encoder_name)
        {
                $this->encoder_name = $encoder_name;
        }

        public function getEncoderFactory()
        {
                return $this->encoder_factory;
        }

        public function setEncoderFactory(ilUserPasswordEncoderFactory $encoder_factory)
        {
                $this->encoder_factory = $encoder_factory;
        }
        
        public function encodePassword(ilObjUser $user, $raw)
        {
                $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
                $user->setPasswordEncodingType($encoder->getName());
                if($encoder->requiresSalt())
                {
                        require_once 'Services/Password/classes/class.ilPasswordUtils.php';
                        $user->setPasswordSalt(
                                substr(str_replace('+', '.', base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))), 0, 22)
                        );
                }
                else
                {
                        $user->setPasswordSalt(null);
                }
                $user->setPasswd($encoder->encodePassword($raw, $user->getPasswordSalt()), IL_PASSWD_CRYPTED);
        }

        public function isEncodingTypeSupported($name)
        {
                return in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
        }

        public function verifyPassword(ilObjUser $user, $raw)
        {
                $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType(), true);
                if($this->getEncoderName() != $encoder->getName())
                {
                        if($encoder->isPasswordValid($user->getPasswd(), $raw, $user->getPasswordSalt()))
                        {
                                $user->resetPassword($raw, $raw);
                                return true;
                        }
                }
                else if($encoder->isPasswordValid($user->getPasswd(), $raw, $user->getPasswordSalt()))
                {
                        if($encoder->requiresReencoding($user->getPasswd()))
                        {
                                $user->resetPassword($raw, $raw);
                        }

                        return true;
                }

                return false;
        }
}