ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
Public Member Functions | Static Public Member Functions | Private Attributes | Static Private Attributes
ILIAS\Data\Password\LocalUserPasswordManager Class Reference
+ Collaboration diagram for ILIAS\Data\Password\LocalUserPasswordManager:

Public Member Functions

 __construct (array $config=[])
 Please use the singleton method for instance creation The constructor is still public because of the unit tests. More...
 
 setSettings (?ilSetting $settings)
 
 setDb (ilDBInterface $db)
 
 getEncoderName ()
 
 setEncoderName (string $encoderName)
 
 getEncoderFactory ()
 
 setEncoderFactory (LocalUserPasswordEncoderFactory $encoderFactory)
 
 encodePassword (ilObjUser $user, string $raw)
 
 isEncodingTypeSupported (string $name)
 
 verifyPassword (ilObjUser $user, string $raw)
 
 resetLastPasswordChangeForLocalUsers ()
 
 allowPasswordChange (ilObjUser $user)
 

Static Public Member Functions

static getInstance ()
 Singleton method to reduce footprint (included files, created instances) More...
 

Private Attributes

const int MIN_SALT_SIZE = 16
 
LocalUserPasswordEncoderFactory $encoderFactory = null
 
ilSetting $settings = null
 
ilDBInterface $db = null
 
string $encoderName = null
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 33 of file class.LocalUserPasswordManager.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\Data\Password\LocalUserPasswordManager::__construct ( array  $config = [])

Please use the singleton method for instance creation The constructor is still public because of the unit tests.

Parameters
array<string,mixed>$config
Exceptions
ilUserException

Definition at line 49 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), ILIAS\Data\Password\LocalUserPasswordManager\setDb(), ILIAS\Data\Password\LocalUserPasswordManager\setEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\setEncoderName(), and ILIAS\Data\Password\LocalUserPasswordManager\setSettings().

50  {
51  if (!empty($config)) {
52  foreach ($config as $key => $value) {
53  switch (strtolower($key)) {
54  case 'settings':
55  $this->setSettings($value);
56 
57  break;
58  case 'db':
59  $this->setDb($value);
60 
61  break;
62  case 'password_encoder':
63  $this->setEncoderName($value);
64 
65  break;
66  case 'encoder_factory':
67  $this->setEncoderFactory($value);
68 
69  break;
70  }
71  }
72  }
73 
74  if (!$this->getEncoderName()) {
75  throw new ilUserException(
76  \sprintf(
77  '"password_encoder" must be set in %s.',
78  print_r($config, true)
79  )
80  );
81  }
82 
83  if (!$this->getEncoderFactory() instanceof LocalUserPasswordEncoderFactory) {
84  throw new ilUserException(
85  \sprintf(
86  '"encoder_factory" must be instance of LocalUserPasswordEncoderFactory and set in %s.',
87  print_r($config, true)
88  )
89  );
90  }
91  }
ILIAS\Data\Password\LocalUserPasswordManager\setEncoderFactory
setEncoderFactory(LocalUserPasswordEncoderFactory $encoderFactory)
Definition: class.LocalUserPasswordManager.php:155
+ Here is the call graph for this function:

Member Function Documentation

◆ allowPasswordChange()

ILIAS\Data\Password\LocalUserPasswordManager::allowPasswordChange ( ilObjUser  $user)

Definition at line 225 of file class.LocalUserPasswordManager.php.

References ilSession\get(), ilObjUser\getAuthMode(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\isPasswordExpired(), and ilAuthUtils\isPasswordModificationEnabled().

225  : bool
226  {
227  if (ilSession::get('used_external_auth_mode')) {
228  return false;
229  }
230 
231  $status = ilAuthUtils::isPasswordModificationEnabled($user->getAuthMode(true));
232  if ($status) {
233  return true;
234  }
235 
236  return ilAuthUtils::isPasswordModificationHidden()
237  && ($user->isPasswordChangeDemanded() || $user->isPasswordExpired());
238  }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilObjUser\getAuthMode
getAuthMode(bool $a_auth_key=false)
Definition: class.ilObjUser.php:2653
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:575
+ Here is the call graph for this function:

◆ encodePassword()

ILIAS\Data\Password\LocalUserPasswordManager::encodePassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 160 of file class.LocalUserPasswordManager.php.

References ilPasswordUtils\getBytes(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswordSalt(), null, ilObjUser\PASSWD_CRYPTED, ilObjUser\setPasswd(), ilObjUser\setPasswordEncodingType(), and ilObjUser\setPasswordSalt().

160  : void
161  {
162  $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
163  $user->setPasswordEncodingType($encoder->getName());
164  if ($encoder->requiresSalt()) {
165  $user->setPasswordSalt(
166  substr(
167  str_replace(
168  '+',
169  '.',
170  base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))
171  ),
172  0,
173  22
174  )
175  );
176  } else {
177  $user->setPasswordSalt(null);
178  }
179  $user->setPasswd(
180  $encoder->encodePassword($raw, (string) $user->getPasswordSalt()),
181  ilObjUser::PASSWD_CRYPTED
182  );
183  }
ilObjUser\setPasswordSalt
setPasswordSalt(?string $password_salt)
Definition: class.ilObjUser.php:240
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1266
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilPasswordUtils\getBytes
static getBytes(int $length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
Definition: class.ilPasswordUtils.php:32
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:39
ilObjUser\setPasswordEncodingType
setPasswordEncodingType(?string $password_encryption_type)
Definition: class.ilObjUser.php:230
+ Here is the call graph for this function:

◆ getEncoderFactory()

ILIAS\Data\Password\LocalUserPasswordManager::getEncoderFactory ( )

Definition at line 150 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct(), ILIAS\Data\Password\LocalUserPasswordManager\encodePassword(), ILIAS\Data\Password\LocalUserPasswordManager\isEncodingTypeSupported(), and ILIAS\Data\Password\LocalUserPasswordManager\verifyPassword().

150  : ?LocalUserPasswordEncoderFactory
151  {
152  return $this->encoderFactory;
153  }
+ Here is the caller graph for this function:

◆ getEncoderName()

ILIAS\Data\Password\LocalUserPasswordManager::getEncoderName ( )

Definition at line 140 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct(), ILIAS\Data\Password\LocalUserPasswordManager\encodePassword(), and ILIAS\Data\Password\LocalUserPasswordManager\verifyPassword().

140  : ?string
141  {
142  return $this->encoderName;
143  }
+ Here is the caller graph for this function:

◆ getInstance()

static ILIAS\Data\Password\LocalUserPasswordManager::getInstance ( )
static

Singleton method to reduce footprint (included files, created instances)

Exceptions
ilUserException
ilPasswordException

Definition at line 98 of file class.LocalUserPasswordManager.php.

References $DIC, ilFileUtils\getDataDir(), and null.

98  : self
99  {
100  global $DIC;
101 
102  if (self::$instance instanceof self) {
103  return self::$instance;
104  }
105 
106  $password_manager = new LocalUserPasswordManager(
107  [
108  'encoder_factory' => new LocalUserPasswordEncoderFactory(
109  [
110  // bcrypt (native PHP impl.) is still the default for the factory
111  'default_password_encoder' => 'bcryptphp',
112  // Recommended: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
113  'memory_cost' => 19_456,
114  'ignore_security_flaw' => true,
115  'data_directory' => ilFileUtils::getDataDir()
116  ]
117  ),
118  // https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
119  'password_encoder' => 'argon2id',
120  'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,
121  'db' => $DIC->database(),
122  ]
123  );
124 
125  self::$instance = $password_manager;
126 
127  return self::$instance;
128  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
$DIC
global $DIC
Definition: shib_login.php:26
ilFileUtils\getDataDir
static getDataDir()
get data directory (outside webspace)
Definition: class.ilFileUtils.php:250
+ Here is the call graph for this function:

◆ isEncodingTypeSupported()

ILIAS\Data\Password\LocalUserPasswordManager::isEncodingTypeSupported ( string  $name)

Definition at line 185 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory().

185  : bool
186  {
187  return \in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
188  }
+ Here is the call graph for this function:

◆ resetLastPasswordChangeForLocalUsers()

ILIAS\Data\Password\LocalUserPasswordManager::resetLastPasswordChangeForLocalUsers ( )

Definition at line 210 of file class.LocalUserPasswordManager.php.

References ilAuthUtils\AUTH_LOCAL, and ILIAS\Repository\settings().

210  : void
211  {
212  $defaultAuthMode = $this->settings->get('auth_mode');
213  $defaultAuthModeCondition = '';
214  if ((int) $defaultAuthMode === ilAuthUtils::AUTH_LOCAL) {
215  $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');
216  }
217 
218  $this->db->manipulateF(
219  "UPDATE usr_data SET passwd_policy_reset = %s WHERE (auth_mode = %s $defaultAuthModeCondition)",
220  ['integer', 'text'],
221  [1, 'local']
222  );
223  }
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:27
+ Here is the call graph for this function:

◆ setDb()

ILIAS\Data\Password\LocalUserPasswordManager::setDb ( ilDBInterface  $db)

Definition at line 135 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$db.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

135  : void
136  {
137  $this->db = $db;
138  }
+ Here is the caller graph for this function:

◆ setEncoderFactory()

ILIAS\Data\Password\LocalUserPasswordManager::setEncoderFactory ( LocalUserPasswordEncoderFactory  $encoderFactory)

Definition at line 155 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

155  : void
156  {
157  $this->encoderFactory = $encoderFactory;
158  }
+ Here is the caller graph for this function:

◆ setEncoderName()

ILIAS\Data\Password\LocalUserPasswordManager::setEncoderName ( string  $encoderName)

Definition at line 145 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

145  : void
146  {
147  $this->encoderName = $encoderName;
148  }
+ Here is the caller graph for this function:

◆ setSettings()

ILIAS\Data\Password\LocalUserPasswordManager::setSettings ( ?ilSetting  $settings)

Definition at line 130 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$settings, and ILIAS\Repository\settings().

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

130  : void
131  {
132  $this->settings = $settings;
133  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ verifyPassword()

ILIAS\Data\Password\LocalUserPasswordManager::verifyPassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 190 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswd(), ilObjUser\getPasswordEncodingType(), ilObjUser\getPasswordSalt(), and ilObjUser\resetPassword().

190  : bool
191  {
192  $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType());
193  if ($this->getEncoderName() !== $encoder->getName()) {
194  if ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
195  $user->resetPassword($raw, $raw);
196 
197  return true;
198  }
199  } elseif ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
200  if ($encoder->requiresReencoding($user->getPasswd())) {
201  $user->resetPassword($raw, $raw);
202  }
203 
204  return true;
205  }
206 
207  return false;
208  }
ilObjUser\resetPassword
resetPassword(string $raw, string $raw_retype)
Resets the user password.
Definition: class.ilObjUser.php:780
+ Here is the call graph for this function:

Field Documentation

◆ $db

ilDBInterface ILIAS\Data\Password\LocalUserPasswordManager::$db = null
private

Definition at line 40 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\setDb().

◆ $encoderFactory

LocalUserPasswordEncoderFactory ILIAS\Data\Password\LocalUserPasswordManager::$encoderFactory = null
private

Definition at line 38 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), and ILIAS\Data\Password\LocalUserPasswordManager\setEncoderFactory().

◆ $encoderName

string ILIAS\Data\Password\LocalUserPasswordManager::$encoderName = null
private

Definition at line 41 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), and ILIAS\Data\Password\LocalUserPasswordManager\setEncoderName().

◆ $instance

self ILIAS\Data\Password\LocalUserPasswordManager::$instance = null
staticprivate

Definition at line 37 of file class.LocalUserPasswordManager.php.

◆ $settings

ilSetting ILIAS\Data\Password\LocalUserPasswordManager::$settings = null
private

Definition at line 39 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\setSettings().

◆ MIN_SALT_SIZE

const int ILIAS\Data\Password\LocalUserPasswordManager::MIN_SALT_SIZE = 16
private

Definition at line 35 of file class.LocalUserPasswordManager.php.

The documentation for this class was generated from the following file: