db/d0f/class_8ilUserPasswordManager_8php_source.html

<?php


declare(strict_types=1);


class ilUserPasswordManager

{

    private const MIN_SALT_SIZE = 16;


    private static ?self $instance = null;


    protected ?ilUserPasswordEncoderFactory $encoderFactory = null;

    protected ?ilSetting $settings = null;

    protected ?ilDBInterface $db = null;

    protected ?string $encoderName = null;

    protected array $config = [];


    public function __construct(array $config = [])

    {

        if (!empty($config)) {

            foreach ($config as $key => $value) {

                switch (strtolower($key)) {

                    case 'settings':

                        $this->setSettings($value);

                        break;

                    case 'db':

                        $this->setDb($value);

                        break;

                    case 'password_encoder':

                        $this->setEncoderName($value);

                        break;

                    case 'encoder_factory':

                        $this->setEncoderFactory($value);

                        break;

                }

            }

        }


        if (!$this->getEncoderName()) {

            throw new ilUserException(sprintf(

                '"password_encoder" must be set in %s.',

                json_encode($config, JSON_THROW_ON_ERROR)

            ));

        }


        if (!($this->getEncoderFactory() instanceof ilUserPasswordEncoderFactory)) {

            throw new ilUserException(sprintf(

                '"encoder_factory" must be instance of ilUserPasswordEncoderFactory and set in %s.',

                json_encode($config, JSON_THROW_ON_ERROR)

            ));

        }

    }


    public static function getInstance(): self

    {

        global $DIC;


        if (self::$instance instanceof self) {

            return self::$instance;

        }


        $password_manager = new ilUserPasswordManager(

            [

                'encoder_factory' => new ilUserPasswordEncoderFactory(

                    [

                        'default_password_encoder' => 'bcryptphp',

                        'ignore_security_flaw' => true,

                        'data_directory' => ilFileUtils::getDataDir()

                    ]

                ),

                'password_encoder' => 'bcryptphp',

                'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,

                'db' => $DIC->database(),

            ]

        );


        self::$instance = $password_manager;

        return self::$instance;

    }


    public function setSettings(?ilSetting $settings): void

    {

        $this->settings = $settings;

    }


    public function setDb(ilDBInterface $db): void

    {

        $this->db = $db;

    }


    public function getEncoderName(): ?string

    {

        return $this->encoderName;

    }


    public function setEncoderName(string $encoderName): void

    {

        $this->encoderName = $encoderName;

    }


    public function getEncoderFactory(): ?ilUserPasswordEncoderFactory

    {

        return $this->encoderFactory;

    }


    public function setEncoderFactory(ilUserPasswordEncoderFactory $encoderFactory): void

    {

        $this->encoderFactory = $encoderFactory;

    }


    public function encodePassword(ilObjUser $user, string $raw): void

    {

        $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());

        $user->setPasswordEncodingType($encoder->getName());

        if ($encoder->requiresSalt()) {

            $user->setPasswordSalt(

                substr(str_replace('+', '.', base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))), 0, 22)

            );

        } else {

            $user->setPasswordSalt(null);

        }

        $user->setPasswd($encoder->encodePassword($raw, (string) $user->getPasswordSalt()), ilObjUser::PASSWD_CRYPTED);

    }


    public function isEncodingTypeSupported(string $name): bool

    {

        return in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());

    }


    public function verifyPassword(ilObjUser $user, string $raw): bool

    {

        $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType(), true);

        if ($this->getEncoderName() !== $encoder->getName()) {

            if ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {

                $user->resetPassword($raw, $raw);

                return true;

            }

        } elseif ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {

            if ($encoder->requiresReencoding($user->getPasswd())) {

                $user->resetPassword($raw, $raw);

            }


            return true;

        }


        return false;

    }


    public function resetLastPasswordChangeForLocalUsers(): void

    {

        $defaultAuthMode = $this->settings->get('auth_mode');

        $defaultAuthModeCondition = '';

        if ((int) $defaultAuthMode === ilAuthUtils::AUTH_LOCAL) {

            $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');

        }


        $this->db->manipulateF(

            "UPDATE usr_data SET passwd_policy_reset = %s WHERE (auth_mode = %s $defaultAuthModeCondition)",

            ['integer', 'text'],

            [1, 'local']

        );

    }

}

ilAuthUtils\AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:33

ilFileUtils\getDataDir
static getDataDir()
get data directory (outside webspace)
Definition: class.ilFileUtils.php:358

ilObjUser
User class.
Definition: class.ilObjUser.php:28

ilObjUser\resetPassword
resetPassword(string $raw, string $raw_retype)
Resets the user password.
Definition: class.ilObjUser.php:760

ilObjUser\setPasswordSalt
setPasswordSalt(?string $password_salt)
Definition: class.ilObjUser.php:227

ilObjUser\getPasswordSalt
getPasswordSalt()
Definition: class.ilObjUser.php:222

ilObjUser\setPasswordEncodingType
setPasswordEncodingType(?string $password_encryption_type)
Definition: class.ilObjUser.php:217

ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:30

ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1231

ilObjUser\getPasswd
getPasswd()
Definition: class.ilObjUser.php:1242

ilObjUser\getPasswordEncodingType
getPasswordEncodingType()
Definition: class.ilObjUser.php:212

ilPasswordUtils\getBytes
static getBytes(int $length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
Definition: class.ilPasswordUtils.php:32

ilSetting
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSetting.php:27

ilUserException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserException.php:22

ilUserPasswordEncoderFactory
Definition: class.ilUserPasswordEncoderFactory.php:27

ilUserPasswordManager
Definition: class.ilUserPasswordManager.php:27

ilUserPasswordManager\setDb
setDb(ilDBInterface $db)
Definition: class.ilUserPasswordManager.php:122

ilUserPasswordManager\getEncoderFactory
getEncoderFactory()
Definition: class.ilUserPasswordManager.php:137

ilUserPasswordManager\setEncoderName
setEncoderName(string $encoderName)
Definition: class.ilUserPasswordManager.php:132

ilUserPasswordManager\$encoderName
string $encoderName
Definition: class.ilUserPasswordManager.php:35

ilUserPasswordManager\verifyPassword
verifyPassword(ilObjUser $user, string $raw)
Definition: class.ilUserPasswordManager.php:166

ilUserPasswordManager\getEncoderName
getEncoderName()
Definition: class.ilUserPasswordManager.php:127

ilUserPasswordManager\$instance
static self $instance
Definition: class.ilUserPasswordManager.php:30

ilUserPasswordManager\$db
ilDBInterface $db
Definition: class.ilUserPasswordManager.php:34

ilUserPasswordManager\__construct
__construct(array $config=[])
Please use the singleton method for instance creation The constructor is still public because of the ...
Definition: class.ilUserPasswordManager.php:48

ilUserPasswordManager\MIN_SALT_SIZE
const MIN_SALT_SIZE
Definition: class.ilUserPasswordManager.php:28

ilUserPasswordManager\getInstance
static getInstance()
Singleton method to reduce footprint (included files, created instances)
Definition: class.ilUserPasswordManager.php:90

ilUserPasswordManager\$config
array $config
Definition: class.ilUserPasswordManager.php:39

ilUserPasswordManager\isEncodingTypeSupported
isEncodingTypeSupported(string $name)
Definition: class.ilUserPasswordManager.php:161

ilUserPasswordManager\setEncoderFactory
setEncoderFactory(ilUserPasswordEncoderFactory $encoderFactory)
Definition: class.ilUserPasswordManager.php:142

ilUserPasswordManager\setSettings
setSettings(?ilSetting $settings)
Definition: class.ilUserPasswordManager.php:117

ilUserPasswordManager\$settings
ilSetting $settings
Definition: class.ilUserPasswordManager.php:33

ilUserPasswordManager\resetLastPasswordChangeForLocalUsers
resetLastPasswordChangeForLocalUsers()
Definition: class.ilUserPasswordManager.php:185

ilUserPasswordManager\$encoderFactory
ilUserPasswordEncoderFactory $encoderFactory
Definition: class.ilUserPasswordManager.php:32

ilUserPasswordManager\encodePassword
encodePassword(ilObjUser $user, string $raw)
Definition: class.ilUserPasswordManager.php:147

$DIC
global $DIC
Definition: feed.php:28

ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:27

$name
if($format !==null) $name
Definition: metadata.php:247

ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193

ILIAS\Repository\settings
settings()
Definition: trait.GlobalDICDomainServices.php:91