ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilUserPasswordManager.php
Go to the documentation of this file.
1<?php declare(strict_types=1);
2/* Copyright (c) 1998-2014 ILIAS open source, Extended GPL, see docs/LICENSE */
3
9class ilUserPasswordManager
10{
12 const MIN_SALT_SIZE = 16;
13
15 private static $instance;
16
18 protected $encoderFactory;
19
21 protected $encoderName;
22
24 protected $config = [];
25
27 protected $settings;
28
30 protected $db;
31
38 public function __construct(array $config = [])
39 {
40 if (!empty($config)) {
41 foreach ($config as $key => $value) {
42 switch (strtolower($key)) {
43 case 'settings':
44 $this->setSettings($value);
45 break;
46 case 'db':
47 $this->setDb($value);
48 break;
49 case 'password_encoder':
50 $this->setEncoderName($value);
51 break;
52 case 'encoder_factory':
53 $this->setEncoderFactory($value);
54 break;
55 }
56 }
57 }
58
59 if (!$this->getEncoderName()) {
60 throw new ilUserException(sprintf('"password_encoder" must be set in %s.', json_encode($config)));
61 }
62
63 if (!($this->getEncoderFactory() instanceof ilUserPasswordEncoderFactory)) {
64 throw new ilUserException(sprintf(
65 '"encoder_factory" must be instance of ilUserPasswordEncoderFactory and set in %s.',
66 json_encode($config)
67 ));
68 }
69 }
70
77 public static function getInstance() : self
78 {
79 global $DIC;
80
81 if (self::$instance instanceof self) {
82 return self::$instance;
83 }
84
85 $password_manager = new ilUserPasswordManager(
86 [
87 'encoder_factory' => new ilUserPasswordEncoderFactory(
88 [
89 'default_password_encoder' => 'bcryptphp',
90 'ignore_security_flaw' => true,
91 'data_directory' => ilUtil::getDataDir()
92 ]
93 ),
94 'password_encoder' => 'bcryptphp',
95 'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,
96 'db' => $DIC->database(),
97 ]
98 );
99
100 self::$instance = $password_manager;
101 return self::$instance;
102 }
103
107 public function setSettings(?ilSetting $settings) : void
108 {
109 $this->settings = $settings;
110 }
111
115 public function setDb(ilDBInterface $db) : void
116 {
117 $this->db = $db;
118 }
119
123 public function getEncoderName() : ?string
124 {
125 return $this->encoderName;
126 }
127
131 public function setEncoderName(string $encoderName) : void
132 {
133 $this->encoderName = $encoderName;
134 }
135
139 public function getEncoderFactory() : ?ilUserPasswordEncoderFactory
140 {
141 return $this->encoderFactory;
142 }
143
147 public function setEncoderFactory(ilUserPasswordEncoderFactory $encoderFactory) : void
148 {
149 $this->encoderFactory = $encoderFactory;
150 }
151
157 public function encodePassword(ilObjUser $user, string $raw) : void
158 {
159 $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
160 $user->setPasswordEncodingType($encoder->getName());
161 if ($encoder->requiresSalt()) {
162 $user->setPasswordSalt(
163 substr(str_replace('+', '.', base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))), 0, 22)
164 );
165 } else {
166 $user->setPasswordSalt(null);
167 }
168 $user->setPasswd($encoder->encodePassword($raw, (string) $user->getPasswordSalt()), IL_PASSWD_CRYPTED);
169 }
170
175 public function isEncodingTypeSupported(string $name) : bool
176 {
177 return in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
178 }
179
186 public function verifyPassword(ilObjUser $user, string $raw) : bool
187 {
188 $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType(), true);
189 if ($this->getEncoderName() != $encoder->getName()) {
190 if ($encoder->isPasswordValid((string) $user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
191 $user->resetPassword($raw, $raw);
192 return true;
193 }
194 } elseif ($encoder->isPasswordValid((string) $user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
195 if ($encoder->requiresReencoding((string) $user->getPasswd())) {
196 $user->resetPassword($raw, $raw);
197 }
198
199 return true;
200 }
201
202 return false;
203 }
204
208 public function resetLastPasswordChangeForLocalUsers() : void
209 {
210 $defaultAuthMode = $this->settings->get('auth_mode');
211 $defaultAuthModeCondition = '';
212 if ((int) $defaultAuthMode === (int) AUTH_LOCAL) {
213 $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');
214 }
215
216 $this->db->manipulateF(
217 "
218 UPDATE usr_data
219 SET passwd_policy_reset = %s
220 WHERE (auth_mode = %s $defaultAuthModeCondition)",
221 ['integer', 'text'],
222 [1, 'local']
223 );
224 }
225}
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:7
ilObjUser\setPasswordEncodingType
setPasswordEncodingType($password_encryption_type)
Definition: class.ilObjUser.php:318
ilObjUser\setPasswd
setPasswd($a_str, $a_type=IL_PASSWD_PLAIN)
set password @access public
Definition: class.ilObjUser.php:1558
ilObjUser\setPasswordSalt
setPasswordSalt($password_salt)
Definition: class.ilObjUser.php:334
ilObjUser\getPasswd
getPasswd()
get password
Definition: class.ilObjUser.php:1571
ilPasswordUtils\getBytes
static getBytes($length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
Definition: class.ilPasswordUtils.php:16
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilUserException
Class for user related exception handling in ILIAS.
Definition: class.ilUserException.php:34
ilUserPasswordManager\verifyPassword
verifyPassword(ilObjUser $user, string $raw)
Definition: class.ilUserPasswordManager.php:186
ilUserPasswordManager\__construct
__construct(array $config=[])
Please use the singleton method for instance creation The constructor is still public because of the ...
Definition: class.ilUserPasswordManager.php:38
ilUserPasswordManager\getInstance
static getInstance()
Single method to reduce footprint (included files, created instances)
Definition: class.ilUserPasswordManager.php:77
ilUserPasswordManager\setEncoderFactory
setEncoderFactory(ilUserPasswordEncoderFactory $encoderFactory)
Definition: class.ilUserPasswordManager.php:147
ilUserPasswordManager\encodePassword
encodePassword(ilObjUser $user, string $raw)
Definition: class.ilUserPasswordManager.php:157
ilUtil\getDataDir
static getDataDir()
get data directory (outside webspace)
Definition: class.ilUtil.php:1530
$DIC
global $DIC
Definition: goto.php:24
ilDBInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilDBInterface.php:26
$name
if($format !==null) $name
Definition: metadata.php:230
settings
settings()
Definition: settings.php:2