ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
Public Member Functions | Static Public Member Functions | Private Attributes | Static Private Attributes
ilUserPasswordManager Class Reference
+ Collaboration diagram for ilUserPasswordManager:

Public Member Functions

 __construct (array $config=[])
 Please use the singleton method for instance creation The constructor is still public because of the unit tests. More...
 
 setSettings (?ilSetting $settings)
 
 setDb (ilDBInterface $db)
 
 getEncoderName ()
 
 setEncoderName (string $encoderName)
 
 getEncoderFactory ()
 
 setEncoderFactory (ilUserPasswordEncoderFactory $encoderFactory)
 
 encodePassword (ilObjUser $user, string $raw)
 
 isEncodingTypeSupported (string $name)
 
 verifyPassword (ilObjUser $user, string $raw)
 
 resetLastPasswordChangeForLocalUsers ()
 

Static Public Member Functions

static getInstance ()
 Singleton method to reduce footprint (included files, created instances) More...
 

Private Attributes

const MIN_SALT_SIZE = 16
 
ilUserPasswordEncoderFactory $encoderFactory = null
 
ilSetting $settings = null
 
ilDBInterface $db = null
 
string $encoderName = null
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 21 of file class.ilUserPasswordManager.php.

Constructor & Destructor Documentation

◆ __construct()

ilUserPasswordManager::__construct ( array  $config = [])

Please use the singleton method for instance creation The constructor is still public because of the unit tests.

Parameters
array<string,mixed>$config
Exceptions
ilUserException

Definition at line 38 of file class.ilUserPasswordManager.php.

References ILIAS\LTI\ToolProvider\$key, getEncoderFactory(), getEncoderName(), setDb(), setEncoderFactory(), setEncoderName(), and setSettings().

39  {
40  if (!empty($config)) {
41  foreach ($config as $key => $value) {
42  switch (strtolower($key)) {
43  case 'settings':
44  $this->setSettings($value);
45  break;
46  case 'db':
47  $this->setDb($value);
48  break;
49  case 'password_encoder':
50  $this->setEncoderName($value);
51  break;
52  case 'encoder_factory':
53  $this->setEncoderFactory($value);
54  break;
55  }
56  }
57  }
58 
59  if (!$this->getEncoderName()) {
60  throw new ilUserException(sprintf(
61  '"password_encoder" must be set in %s.',
62  print_r($config, true)
63  ));
64  }
65 
66  if (!($this->getEncoderFactory() instanceof ilUserPasswordEncoderFactory)) {
67  throw new ilUserException(sprintf(
68  '"encoder_factory" must be instance of ilUserPasswordEncoderFactory and set in %s.',
69  print_r($config, true)
70  ));
71  }
72  }
ilUserException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserException.php:21
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilUserPasswordManager\setEncoderFactory
setEncoderFactory(ilUserPasswordEncoderFactory $encoderFactory)
Definition: class.ilUserPasswordManager.php:132
+ Here is the call graph for this function:

Member Function Documentation

◆ encodePassword()

ilUserPasswordManager::encodePassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 137 of file class.ilUserPasswordManager.php.

References ilPasswordUtils\getBytes(), getEncoderFactory(), getEncoderName(), ilObjUser\getPasswordSalt(), ilObjUser\PASSWD_CRYPTED, ilObjUser\setPasswd(), ilObjUser\setPasswordEncodingType(), and ilObjUser\setPasswordSalt().

137  : void
138  {
139  $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
140  $user->setPasswordEncodingType($encoder->getName());
141  if ($encoder->requiresSalt()) {
142  $user->setPasswordSalt(
143  substr(str_replace('+', '.', base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))), 0, 22)
144  );
145  } else {
146  $user->setPasswordSalt(null);
147  }
148  $user->setPasswd($encoder->encodePassword($raw, (string) $user->getPasswordSalt()), ilObjUser::PASSWD_CRYPTED);
149  }
ilObjUser\setPasswordSalt
setPasswordSalt(?string $password_salt)
Definition: class.ilObjUser.php:240
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1258
ilPasswordUtils\getBytes
static getBytes(int $length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
Definition: class.ilPasswordUtils.php:32
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:36
ilObjUser\setPasswordEncodingType
setPasswordEncodingType(?string $password_encryption_type)
Definition: class.ilObjUser.php:230
+ Here is the call graph for this function:

◆ getEncoderFactory()

ilUserPasswordManager::getEncoderFactory ( )

Definition at line 127 of file class.ilUserPasswordManager.php.

References $encoderFactory.

Referenced by __construct(), encodePassword(), isEncodingTypeSupported(), and verifyPassword().

127  : ?ilUserPasswordEncoderFactory
128  {
129  return $this->encoderFactory;
130  }
ilUserPasswordManager\$encoderFactory
ilUserPasswordEncoderFactory $encoderFactory
Definition: class.ilUserPasswordManager.php:27
+ Here is the caller graph for this function:

◆ getEncoderName()

ilUserPasswordManager::getEncoderName ( )

Definition at line 117 of file class.ilUserPasswordManager.php.

References $encoderName.

Referenced by __construct(), encodePassword(), and verifyPassword().

117  : ?string
118  {
119  return $this->encoderName;
120  }
+ Here is the caller graph for this function:

◆ getInstance()

static ilUserPasswordManager::getInstance ( )
static

Singleton method to reduce footprint (included files, created instances)

Exceptions
ilUserException
ilPasswordException

Definition at line 79 of file class.ilUserPasswordManager.php.

References $DIC, and ilFileUtils\getDataDir().

Referenced by ilPDNewsBlockGUI\changeFeedSettings(), ilObjUserFolderGUI\forceUserPasswordResetObject(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\resetPassword(), ilObjUser\saveAsNew(), ilPersonalSettingsGUI\savePassword(), ilObjUser\update(), and ilAuthProviderDatabase\withoutPasswordVerification().

79  : self
80  {
81  global $DIC;
82 
83  if (self::$instance instanceof self) {
84  return self::$instance;
85  }
86 
87  $password_manager = new ilUserPasswordManager(
88  [
89  'encoder_factory' => new ilUserPasswordEncoderFactory(
90  [
91  'default_password_encoder' => 'bcryptphp', // bcrypt (native PHP impl.) is still the default for the factory
92  'memory_cost' => 19_456, // Recommended: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
93  'ignore_security_flaw' => true,
94  'data_directory' => ilFileUtils::getDataDir()
95  ]
96  ),
97  'password_encoder' => 'argon2id', // https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
98  'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,
99  'db' => $DIC->database(),
100  ]
101  );
102 
103  self::$instance = $password_manager;
104  return self::$instance;
105  }
$DIC
global $DIC
Definition: feed.php:28
ilFileUtils\getDataDir
static getDataDir()
get data directory (outside webspace)
Definition: class.ilFileUtils.php:243
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isEncodingTypeSupported()

ilUserPasswordManager::isEncodingTypeSupported ( string  $name)

Definition at line 151 of file class.ilUserPasswordManager.php.

References getEncoderFactory().

151  : bool
152  {
153  return in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
154  }
+ Here is the call graph for this function:

◆ resetLastPasswordChangeForLocalUsers()

ilUserPasswordManager::resetLastPasswordChangeForLocalUsers ( )

Definition at line 175 of file class.ilUserPasswordManager.php.

References ilAuthUtils\AUTH_LOCAL, and ILIAS\Repository\settings().

175  : void
176  {
177  $defaultAuthMode = $this->settings->get('auth_mode');
178  $defaultAuthModeCondition = '';
179  if ((int) $defaultAuthMode === ilAuthUtils::AUTH_LOCAL) {
180  $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');
181  }
182 
183  $this->db->manipulateF(
184  "UPDATE usr_data SET passwd_policy_reset = %s WHERE (auth_mode = %s $defaultAuthModeCondition)",
185  ['integer', 'text'],
186  [1, 'local']
187  );
188  }
+ Here is the call graph for this function:

◆ setDb()

ilUserPasswordManager::setDb ( ilDBInterface  $db)

Definition at line 112 of file class.ilUserPasswordManager.php.

References $db.

Referenced by __construct().

112  : void
113  {
114  $this->db = $db;
115  }
+ Here is the caller graph for this function:

◆ setEncoderFactory()

ilUserPasswordManager::setEncoderFactory ( ilUserPasswordEncoderFactory  $encoderFactory)

Definition at line 132 of file class.ilUserPasswordManager.php.

References $encoderFactory.

Referenced by __construct().

132  : void
133  {
134  $this->encoderFactory = $encoderFactory;
135  }
ilUserPasswordManager\$encoderFactory
ilUserPasswordEncoderFactory $encoderFactory
Definition: class.ilUserPasswordManager.php:27
+ Here is the caller graph for this function:

◆ setEncoderName()

ilUserPasswordManager::setEncoderName ( string  $encoderName)

Definition at line 122 of file class.ilUserPasswordManager.php.

References $encoderName.

Referenced by __construct().

122  : void
123  {
124  $this->encoderName = $encoderName;
125  }
+ Here is the caller graph for this function:

◆ setSettings()

ilUserPasswordManager::setSettings ( ?ilSetting  $settings)

Definition at line 107 of file class.ilUserPasswordManager.php.

References $settings, and ILIAS\Repository\settings().

Referenced by __construct().

107  : void
108  {
109  $this->settings = $settings;
110  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ verifyPassword()

ilUserPasswordManager::verifyPassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 156 of file class.ilUserPasswordManager.php.

References getEncoderFactory(), getEncoderName(), ilObjUser\getPasswd(), ilObjUser\getPasswordEncodingType(), ilObjUser\getPasswordSalt(), and ilObjUser\resetPassword().

156  : bool
157  {
158  $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType());
159  if ($this->getEncoderName() !== $encoder->getName()) {
160  if ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
161  $user->resetPassword($raw, $raw);
162  return true;
163  }
164  } elseif ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
165  if ($encoder->requiresReencoding($user->getPasswd())) {
166  $user->resetPassword($raw, $raw);
167  }
168 
169  return true;
170  }
171 
172  return false;
173  }
ilObjUser\resetPassword
resetPassword(string $raw, string $raw_retype)
Resets the user password.
Definition: class.ilObjUser.php:780
+ Here is the call graph for this function:

Field Documentation

◆ $db

ilDBInterface ilUserPasswordManager::$db = null
private

Definition at line 29 of file class.ilUserPasswordManager.php.

Referenced by setDb().

◆ $encoderFactory

ilUserPasswordEncoderFactory ilUserPasswordManager::$encoderFactory = null
private

Definition at line 27 of file class.ilUserPasswordManager.php.

Referenced by getEncoderFactory(), and setEncoderFactory().

◆ $encoderName

string ilUserPasswordManager::$encoderName = null
private

Definition at line 30 of file class.ilUserPasswordManager.php.

Referenced by getEncoderName(), and setEncoderName().

◆ $instance

self ilUserPasswordManager::$instance = null
staticprivate

Definition at line 25 of file class.ilUserPasswordManager.php.

◆ $settings

ilSetting ilUserPasswordManager::$settings = null
private

Definition at line 28 of file class.ilUserPasswordManager.php.

Referenced by setSettings().

◆ MIN_SALT_SIZE

const ilUserPasswordManager::MIN_SALT_SIZE = 16
private

Definition at line 23 of file class.ilUserPasswordManager.php.

The documentation for this class was generated from the following file: