ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
ILIAS\Authentication\Password\LocalUserPasswordManager Class Reference
+ Collaboration diagram for ILIAS\Authentication\Password\LocalUserPasswordManager:

Public Member Functions

 __construct (array $config=[])
 Please use the singleton method for instance creation The constructor is still public because of the unit tests. More...
 
 setSettings (?ilSetting $settings)
 
 setDb (ilDBInterface $db)
 
 getEncoderName ()
 
 setEncoderName (string $encoderName)
 
 getEncoderFactory ()
 
 setEncoderFactory (LocalUserPasswordEncoderFactory $encoderFactory)
 
 encodePassword (ilObjUser $user, string $raw)
 
 isEncodingTypeSupported (string $name)
 
 verifyPassword (ilObjUser $user, string $raw)
 
 resetLastPasswordChangeForLocalUsers ()
 
 allowPasswordChange (ilObjUser $user)
 

Static Public Member Functions

static getInstance ()
 Singleton method to reduce footprint (included files, created instances) More...
 

Private Attributes

const int MIN_SALT_SIZE = 16
 
LocalUserPasswordEncoderFactory $encoderFactory = null
 
ilSetting $settings = null
 
ilDBInterface $db = null
 
string $encoderName = null
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 33 of file class.LocalUserPasswordManager.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\Authentication\Password\LocalUserPasswordManager::__construct ( array  $config = [])

Please use the singleton method for instance creation The constructor is still public because of the unit tests.

Parameters
array<string,mixed>$config
Exceptions
ilUserException

Definition at line 49 of file class.LocalUserPasswordManager.php.

50 {
51 if (!empty($config)) {
52 foreach ($config as $key => $value) {
53 switch (strtolower($key)) {
54 case 'settings':
55 $this->setSettings($value);
56
57 break;
58 case 'db':
59 $this->setDb($value);
60
61 break;
62 case 'password_encoder':
63 $this->setEncoderName($value);
64
65 break;
66 case 'encoder_factory':
67 $this->setEncoderFactory($value);
68
69 break;
70 }
71 }
72 }
73
74 if (!$this->getEncoderName()) {
75 throw new ilUserException(
76 \sprintf(
77 '"password_encoder" must be set in %s.',
78 print_r($config, true)
79 )
80 );
81 }
82
83 if (!$this->getEncoderFactory() instanceof LocalUserPasswordEncoderFactory) {
84 throw new ilUserException(
85 \sprintf(
86 '"encoder_factory" must be instance of LocalUserPasswordEncoderFactory and set in %s.',
87 print_r($config, true)
88 )
89 );
90 }
91 }
setEncoderFactory(LocalUserPasswordEncoderFactory $encoderFactory)

References ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderName(), ILIAS\Authentication\Password\LocalUserPasswordManager\setDb(), ILIAS\Authentication\Password\LocalUserPasswordManager\setEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\setEncoderName(), and ILIAS\Authentication\Password\LocalUserPasswordManager\setSettings().

+ Here is the call graph for this function:

Member Function Documentation

◆ allowPasswordChange()

ILIAS\Authentication\Password\LocalUserPasswordManager::allowPasswordChange ( ilObjUser  $user)

Definition at line 225 of file class.LocalUserPasswordManager.php.

225 : bool
226 {
227 if (ilSession::get('used_external_auth_mode')) {
228 return false;
229 }
230
232 if ($status) {
233 return true;
234 }
235
236 return ilAuthUtils::isPasswordModificationHidden()
237 && ($user->isPasswordChangeDemanded() || $user->isPasswordExpired());
238 }
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
getAuthMode(bool $a_auth_key=false)
static get(string $a_var)

References ilSession\get(), ilObjUser\getAuthMode(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\isPasswordExpired(), and ilAuthUtils\isPasswordModificationEnabled().

+ Here is the call graph for this function:

◆ encodePassword()

ILIAS\Authentication\Password\LocalUserPasswordManager::encodePassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 160 of file class.LocalUserPasswordManager.php.

160 : void
161 {
162 $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
163 $user->setPasswordEncodingType($encoder->getName());
164 if ($encoder->requiresSalt()) {
165 $user->setPasswordSalt(
166 substr(
167 str_replace(
168 '+',
169 '.',
170 base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))
171 ),
172 0,
173 22
174 )
175 );
176 } else {
177 $user->setPasswordSalt(null);
178 }
179 $user->setPasswd(
180 $encoder->encodePassword($raw, (string) $user->getPasswordSalt()),
182 );
183 }
setPasswordSalt(?string $password_salt)
setPasswordEncodingType(?string $password_encryption_type)
const PASSWD_CRYPTED
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
static getBytes(int $length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.

References ilPasswordUtils\getBytes(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswordSalt(), ilObjUser\PASSWD_CRYPTED, ilObjUser\setPasswd(), ilObjUser\setPasswordEncodingType(), and ilObjUser\setPasswordSalt().

+ Here is the call graph for this function:

◆ getEncoderFactory()

◆ getEncoderName()

◆ getInstance()

static ILIAS\Authentication\Password\LocalUserPasswordManager::getInstance ( )
static

Singleton method to reduce footprint (included files, created instances)

Exceptions
ilUserException
ilPasswordException

Definition at line 98 of file class.LocalUserPasswordManager.php.

98 : self
99 {
100 global $DIC;
101
102 if (self::$instance instanceof self) {
103 return self::$instance;
104 }
105
106 $password_manager = new LocalUserPasswordManager(
107 [
108 'encoder_factory' => new LocalUserPasswordEncoderFactory(
109 [
110 // bcrypt (native PHP impl.) is still the default for the factory
111 'default_password_encoder' => 'bcryptphp',
112 // Recommended: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
113 'memory_cost' => 19_456,
114 'ignore_security_flaw' => true,
115 'data_directory' => ilFileUtils::getDataDir()
116 ]
117 ),
118 // https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
119 'password_encoder' => 'argon2id',
120 'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,
121 'db' => $DIC->database(),
122 ]
123 );
124
125 self::$instance = $password_manager;
126
127 return self::$instance;
128 }
static getDataDir()
get data directory (outside webspace)
global $DIC
Definition: shib_login.php:26

References $DIC, ILIAS\Authentication\Password\LocalUserPasswordManager\$instance, and ilFileUtils\getDataDir().

Referenced by ILIAS\User\Presentation\SettingsTabs\changePasswordAvailable(), and ILIAS\User\Settings\Administration\SettingsGUI\forcePasswordResetCmd().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isEncodingTypeSupported()

ILIAS\Authentication\Password\LocalUserPasswordManager::isEncodingTypeSupported ( string  $name)

Definition at line 185 of file class.LocalUserPasswordManager.php.

185 : bool
186 {
187 return \in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
188 }

References ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory().

+ Here is the call graph for this function:

◆ resetLastPasswordChangeForLocalUsers()

ILIAS\Authentication\Password\LocalUserPasswordManager::resetLastPasswordChangeForLocalUsers ( )

Definition at line 210 of file class.LocalUserPasswordManager.php.

210 : void
211 {
212 $defaultAuthMode = $this->settings->get('auth_mode');
213 $defaultAuthModeCondition = '';
214 if ((int) $defaultAuthMode === ilAuthUtils::AUTH_LOCAL) {
215 $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');
216 }
217
218 $this->db->manipulateF(
219 "UPDATE usr_data SET passwd_policy_reset = %s WHERE (auth_mode = %s $defaultAuthModeCondition)",
220 ['integer', 'text'],
221 [1, 'local']
222 );
223 }
const int AUTH_LOCAL

References ilAuthUtils\AUTH_LOCAL, and ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ setDb()

ILIAS\Authentication\Password\LocalUserPasswordManager::setDb ( ilDBInterface  $db)

Definition at line 135 of file class.LocalUserPasswordManager.php.

135 : void
136 {
137 $this->db = $db;
138 }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$db.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

+ Here is the caller graph for this function:

◆ setEncoderFactory()

ILIAS\Authentication\Password\LocalUserPasswordManager::setEncoderFactory ( LocalUserPasswordEncoderFactory  $encoderFactory)

Definition at line 155 of file class.LocalUserPasswordManager.php.

155 : void
156 {
157 $this->encoderFactory = $encoderFactory;
158 }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

+ Here is the caller graph for this function:

◆ setEncoderName()

ILIAS\Authentication\Password\LocalUserPasswordManager::setEncoderName ( string  $encoderName)

Definition at line 145 of file class.LocalUserPasswordManager.php.

145 : void
146 {
147 $this->encoderName = $encoderName;
148 }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

+ Here is the caller graph for this function:

◆ setSettings()

ILIAS\Authentication\Password\LocalUserPasswordManager::setSettings ( ?ilSetting  $settings)

Definition at line 130 of file class.LocalUserPasswordManager.php.

References ILIAS\Authentication\Password\LocalUserPasswordManager\$settings, and ILIAS\Repository\settings().

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ verifyPassword()

ILIAS\Authentication\Password\LocalUserPasswordManager::verifyPassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 190 of file class.LocalUserPasswordManager.php.

190 : bool
191 {
192 $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType());
193 if ($this->getEncoderName() !== $encoder->getName()) {
194 if ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
195 $user->resetPassword($raw);
196
197 return true;
198 }
199 } elseif ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
200 if ($encoder->requiresReencoding($user->getPasswd())) {
201 $user->resetPassword($raw);
202 }
203
204 return true;
205 }
206
207 return false;
208 }
resetPassword(string $new_raw_password)

References ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswd(), ilObjUser\getPasswordEncodingType(), ilObjUser\getPasswordSalt(), and ilObjUser\resetPassword().

+ Here is the call graph for this function:

Field Documentation

◆ $db

ilDBInterface ILIAS\Authentication\Password\LocalUserPasswordManager::$db = null
private

◆ $encoderFactory

◆ $encoderName

string ILIAS\Authentication\Password\LocalUserPasswordManager::$encoderName = null
private

◆ $instance

self ILIAS\Authentication\Password\LocalUserPasswordManager::$instance = null
staticprivate

◆ $settings

ilSetting ILIAS\Authentication\Password\LocalUserPasswordManager::$settings = null
private

◆ MIN_SALT_SIZE

const int ILIAS\Authentication\Password\LocalUserPasswordManager::MIN_SALT_SIZE = 16
private

Definition at line 35 of file class.LocalUserPasswordManager.php.


The documentation for this class was generated from the following file: