Collaboration diagram for ILIAS\Authentication\Password\LocalUserPasswordManager:

Public Member Functions
	__construct (array $config=[])
	Please use the singleton method for instance creation The constructor is still public because of the unit tests. More...

	setSettings (?ilSetting $settings)

	setDb (ilDBInterface $db)

	getEncoderName ()

	setEncoderName (string $encoderName)

	getEncoderFactory ()

	setEncoderFactory (LocalUserPasswordEncoderFactory $encoderFactory)

	encodePassword (ilObjUser $user, string $raw)

	isEncodingTypeSupported (string $name)

	verifyPassword (ilObjUser $user, string $raw)

	resetLastPasswordChangeForLocalUsers ()

	allowPasswordChange (ilObjUser $user)

Static Public Member Functions
static	getInstance ()
	Singleton method to reduce footprint (included files, created instances) More...

Private Attributes
const int	MIN_SALT_SIZE = 16

LocalUserPasswordEncoderFactory	$encoderFactory = null

ilSetting	$settings = null

ilDBInterface	$db = null

string	$encoderName = null

Static Private Attributes
static self	$instance = null

Detailed Description

Definition at line 33 of file class.LocalUserPasswordManager.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\Authentication\Password\LocalUserPasswordManager::__construct ( array $config = [] )

Please use the singleton method for instance creation The constructor is still public because of the unit tests.

Parameters

array<string,mixed> $config

Exceptions

ilUserException

Definition at line 49 of file class.LocalUserPasswordManager.php.

    {
        if (!empty($config)) {
            foreach ($config as $key => $value) {
                switch (strtolower($key)) {
                    case 'settings':
                        $this->setSettings($value);
 
                        break;
                    case 'db':
                        $this->setDb($value);
 
                        break;
                    case 'password_encoder':
                        $this->setEncoderName($value);
 
                        break;
                    case 'encoder_factory':
                        $this->setEncoderFactory($value);
 
                        break;
                }
            }
        }
 
        if (!$this->getEncoderName()) {
            throw new ilUserException(
                \sprintf(
                    '"password_encoder" must be set in %s.',
                    print_r($config, true)
                )
            );
        }
 
        if (!$this->getEncoderFactory() instanceof LocalUserPasswordEncoderFactory) {
            throw new ilUserException(
                \sprintf(
                    '"encoder_factory" must be instance of LocalUserPasswordEncoderFactory and set in %s.',
                    print_r($config, true)
                )
            );
        }
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderName(), ILIAS\Authentication\Password\LocalUserPasswordManager\setDb(), ILIAS\Authentication\Password\LocalUserPasswordManager\setEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\setEncoderName(), and ILIAS\Authentication\Password\LocalUserPasswordManager\setSettings().

Here is the call graph for this function:

Member Function Documentation

◆ allowPasswordChange()

ILIAS\Authentication\Password\LocalUserPasswordManager::allowPasswordChange ( ilObjUser $user )

Definition at line 225 of file class.LocalUserPasswordManager.php.

                                                        : bool
    {
        if (ilSession::get('used_external_auth_mode')) {
            return false;
        }
 
        $status = ilAuthUtils::isPasswordModificationEnabled($user->getAuthMode(true));
        if ($status) {
            return true;
        }
 
        return ilAuthUtils::isPasswordModificationHidden()
            && ($user->isPasswordChangeDemanded() || $user->isPasswordExpired());
    }

References ilSession\get(), ilObjUser\getAuthMode(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\isPasswordExpired(), and ilAuthUtils\isPasswordModificationEnabled().

Here is the call graph for this function:

◆ encodePassword()

ILIAS\Authentication\Password\LocalUserPasswordManager::encodePassword	(	ilObjUser	$user,
		string	$raw
	)

Definition at line 160 of file class.LocalUserPasswordManager.php.

                                                                : void
    {
        $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
        $user->setPasswordEncodingType($encoder->getName());
        if ($encoder->requiresSalt()) {
            $user->setPasswordSalt(
                substr(
                    str_replace(
                        '+',
                        '.',
                        base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))
                    ),
                    0,
                    22
                )
            );
        } else {
            $user->setPasswordSalt(null);
        }
        $user->setPasswd(
            $encoder->encodePassword($raw, (string) $user->getPasswordSalt()),
            ilObjUser::PASSWD_CRYPTED
        );
    }

References ilPasswordUtils\getBytes(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswordSalt(), ilObjUser\PASSWD_CRYPTED, ilObjUser\setPasswd(), ilObjUser\setPasswordEncodingType(), and ilObjUser\setPasswordSalt().

Here is the call graph for this function:

◆ getEncoderFactory()

ILIAS\Authentication\Password\LocalUserPasswordManager::getEncoderFactory ( )

Definition at line 150 of file class.LocalUserPasswordManager.php.

                                       : ?LocalUserPasswordEncoderFactory
    {
        return $this->encoderFactory;
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct(), ILIAS\Authentication\Password\LocalUserPasswordManager\encodePassword(), ILIAS\Authentication\Password\LocalUserPasswordManager\isEncodingTypeSupported(), and ILIAS\Authentication\Password\LocalUserPasswordManager\verifyPassword().

Here is the caller graph for this function:

◆ getEncoderName()

ILIAS\Authentication\Password\LocalUserPasswordManager::getEncoderName ( )

Definition at line 140 of file class.LocalUserPasswordManager.php.

                                    : ?string
    {
        return $this->encoderName;
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct(), ILIAS\Authentication\Password\LocalUserPasswordManager\encodePassword(), and ILIAS\Authentication\Password\LocalUserPasswordManager\verifyPassword().

Here is the caller graph for this function:

◆ getInstance()

static ILIAS\Authentication\Password\LocalUserPasswordManager::getInstance ( )

static

Singleton method to reduce footprint (included files, created instances)

Exceptions

ilUserException
ilPasswordException

Definition at line 98 of file class.LocalUserPasswordManager.php.

                                        : self
    {
        global $DIC;
 
        if (self::$instance instanceof self) {
            return self::$instance;
        }
 
        $password_manager = new LocalUserPasswordManager(
            [
                'encoder_factory' => new LocalUserPasswordEncoderFactory(
                    [
                        // bcrypt (native PHP impl.) is still the default for the factory
                        'default_password_encoder' => 'bcryptphp',
                        // Recommended: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
                        'memory_cost' => 19_456,
                        'ignore_security_flaw' => true,
                        'data_directory' => ilFileUtils::getDataDir()
                    ]
                ),
                // https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
                'password_encoder' => 'argon2id',
                'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,
                'db' => $DIC->database(),
            ]
        );
 
        self::$instance = $password_manager;
 
        return self::$instance;
    }

References $DIC, ILIAS\Authentication\Password\LocalUserPasswordManager\$instance, and ilFileUtils\getDataDir().

Referenced by ILIAS\User\Presentation\SettingsTabs\changePasswordAvailable(), and ILIAS\User\Settings\Administration\SettingsGUI\forcePasswordResetCmd().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isEncodingTypeSupported()

ILIAS\Authentication\Password\LocalUserPasswordManager::isEncodingTypeSupported ( string $name )

Definition at line 185 of file class.LocalUserPasswordManager.php.

                                                         : bool
    {
        return \in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\getEncoderFactory().

Here is the call graph for this function:

◆ resetLastPasswordChangeForLocalUsers()

ILIAS\Authentication\Password\LocalUserPasswordManager::resetLastPasswordChangeForLocalUsers ( )

Definition at line 210 of file class.LocalUserPasswordManager.php.

                                                          : void
    {
        $defaultAuthMode = $this->settings->get('auth_mode');
        $defaultAuthModeCondition = '';
        if ((int) $defaultAuthMode === ilAuthUtils::AUTH_LOCAL) {
            $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');
        }
 
        $this->db->manipulateF(
            "UPDATE usr_data SET passwd_policy_reset = %s WHERE (auth_mode = %s $defaultAuthModeCondition)",
            ['integer', 'text'],
            [1, 'local']
        );
    }

References ilAuthUtils\AUTH_LOCAL, and ILIAS\Repository\settings().

Here is the call graph for this function:

◆ setDb()

ILIAS\Authentication\Password\LocalUserPasswordManager::setDb ( ilDBInterface $db )

Definition at line 135 of file class.LocalUserPasswordManager.php.

                                            : void
    {
        $this->db = $db;
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$db.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

Here is the caller graph for this function:

◆ setEncoderFactory()

ILIAS\Authentication\Password\LocalUserPasswordManager::setEncoderFactory ( LocalUserPasswordEncoderFactory $encoderFactory )

Definition at line 155 of file class.LocalUserPasswordManager.php.

                                                                                      : void
    {
        $this->encoderFactory = $encoderFactory;
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

Here is the caller graph for this function:

◆ setEncoderName()

ILIAS\Authentication\Password\LocalUserPasswordManager::setEncoderName ( string $encoderName )

Definition at line 145 of file class.LocalUserPasswordManager.php.

                                                       : void
    {
        $this->encoderName = $encoderName;
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

Here is the caller graph for this function:

◆ setSettings()

ILIAS\Authentication\Password\LocalUserPasswordManager::setSettings ( ?ilSetting $settings )

Definition at line 130 of file class.LocalUserPasswordManager.php.

                                                     : void
    {
        $this->settings = $settings;
    }

References ILIAS\Authentication\Password\LocalUserPasswordManager\$settings, and ILIAS\Repository\settings().

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\__construct().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ verifyPassword()

ILIAS\Authentication\Password\LocalUserPasswordManager::verifyPassword	(	ilObjUser	$user,
		string	$raw
	)

Definition at line 190 of file class.LocalUserPasswordManager.php.

                                                                : bool
    {
        $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType());
        if ($this->getEncoderName() !== $encoder->getName()) {
            if ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
                $user->resetPassword($raw);
 
                return true;
            }
        } elseif ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
            if ($encoder->requiresReencoding($user->getPasswd())) {
                $user->resetPassword($raw);
            }
 
            return true;
        }
 
        return false;
    }