ILIAS  trunk Revision v11.0_alpha-1861-g09f3d197f78
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Static Public Member Functions | Private Attributes | Static Private Attributes
ILIAS\Data\Password\LocalUserPasswordManager Class Reference
+ Collaboration diagram for ILIAS\Data\Password\LocalUserPasswordManager:

Public Member Functions

 __construct (array $config=[])
 Please use the singleton method for instance creation The constructor is still public because of the unit tests. More...
 
 setSettings (?ilSetting $settings)
 
 setDb (ilDBInterface $db)
 
 getEncoderName ()
 
 setEncoderName (string $encoderName)
 
 getEncoderFactory ()
 
 setEncoderFactory (LocalUserPasswordEncoderFactory $encoderFactory)
 
 encodePassword (ilObjUser $user, string $raw)
 
 isEncodingTypeSupported (string $name)
 
 verifyPassword (ilObjUser $user, string $raw)
 
 resetLastPasswordChangeForLocalUsers ()
 
 allowPasswordChange (ilObjUser $user)
 

Static Public Member Functions

static getInstance ()
 Singleton method to reduce footprint (included files, created instances) More...
 

Private Attributes

const MIN_SALT_SIZE = 16
 
LocalUserPasswordEncoderFactory $encoderFactory = null
 
ilSetting $settings = null
 
ilDBInterface $db = null
 
string $encoderName = null
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 33 of file class.LocalUserPasswordManager.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\Data\Password\LocalUserPasswordManager::__construct ( array  $config = [])

Please use the singleton method for instance creation The constructor is still public because of the unit tests.

Parameters
array<string,mixed>$config
Exceptions
ilUserException

Definition at line 49 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), ILIAS\Data\Password\LocalUserPasswordManager\setDb(), ILIAS\Data\Password\LocalUserPasswordManager\setEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\setEncoderName(), and ILIAS\Data\Password\LocalUserPasswordManager\setSettings().

50  {
51  if (!empty($config)) {
52  foreach ($config as $key => $value) {
53  switch (strtolower($key)) {
54  case 'settings':
55  $this->setSettings($value);
56 
57  break;
58  case 'db':
59  $this->setDb($value);
60 
61  break;
62  case 'password_encoder':
63  $this->setEncoderName($value);
64 
65  break;
66  case 'encoder_factory':
67  $this->setEncoderFactory($value);
68 
69  break;
70  }
71  }
72  }
73 
74  if (!$this->getEncoderName()) {
75  throw new ilUserException(sprintf(
76  '"password_encoder" must be set in %s.',
77  print_r($config, true)
78  ));
79  }
80 
81  if (!$this->getEncoderFactory() instanceof LocalUserPasswordEncoderFactory) {
82  throw new ilUserException(sprintf(
83  '"encoder_factory" must be instance of LocalUserPasswordEncoderFactory and set in %s.',
84  print_r($config, true)
85  ));
86  }
87  }
ILIAS\Data\Password\LocalUserPasswordManager\setEncoderFactory
setEncoderFactory(LocalUserPasswordEncoderFactory $encoderFactory)
Definition: class.LocalUserPasswordManager.php:151
+ Here is the call graph for this function:

Member Function Documentation

◆ allowPasswordChange()

ILIAS\Data\Password\LocalUserPasswordManager::allowPasswordChange ( ilObjUser  $user)

Definition at line 221 of file class.LocalUserPasswordManager.php.

References ilSession\get(), ilObjUser\getAuthMode(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\isPasswordExpired(), and ilAuthUtils\isPasswordModificationEnabled().

221  : bool
222  {
223  if (ilSession::get('used_external_auth_mode')) {
224  return false;
225  }
226 
227  $status = ilAuthUtils::isPasswordModificationEnabled($user->getAuthMode(true));
228  if ($status) {
229  return true;
230  }
231 
232  return ilAuthUtils::isPasswordModificationHidden()
233  && ($user->isPasswordChangeDemanded() || $user->isPasswordExpired());
234  }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
ilObjUser\getAuthMode
getAuthMode(bool $a_auth_key=false)
Definition: class.ilObjUser.php:2651
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:621
+ Here is the call graph for this function:

◆ encodePassword()

ILIAS\Data\Password\LocalUserPasswordManager::encodePassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 156 of file class.LocalUserPasswordManager.php.

References ilPasswordUtils\getBytes(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswordSalt(), null, ilObjUser\PASSWD_CRYPTED, ilObjUser\setPasswd(), ilObjUser\setPasswordEncodingType(), and ilObjUser\setPasswordSalt().

156  : void
157  {
158  $encoder = $this->getEncoderFactory()->getEncoderByName($this->getEncoderName());
159  $user->setPasswordEncodingType($encoder->getName());
160  if ($encoder->requiresSalt()) {
161  $user->setPasswordSalt(
162  substr(
163  str_replace(
164  '+',
165  '.',
166  base64_encode(ilPasswordUtils::getBytes(self::MIN_SALT_SIZE))
167  ),
168  0,
169  22
170  )
171  );
172  } else {
173  $user->setPasswordSalt(null);
174  }
175  $user->setPasswd(
176  $encoder->encodePassword($raw, (string) $user->getPasswordSalt()),
177  ilObjUser::PASSWD_CRYPTED
178  );
179  }
ilObjUser\setPasswordSalt
setPasswordSalt(?string $password_salt)
Definition: class.ilObjUser.php:238
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1264
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilPasswordUtils\getBytes
static getBytes(int $length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
Definition: class.ilPasswordUtils.php:32
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:38
ilObjUser\setPasswordEncodingType
setPasswordEncodingType(?string $password_encryption_type)
Definition: class.ilObjUser.php:228
+ Here is the call graph for this function:

◆ getEncoderFactory()

ILIAS\Data\Password\LocalUserPasswordManager::getEncoderFactory ( )

Definition at line 146 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct(), ILIAS\Data\Password\LocalUserPasswordManager\encodePassword(), ILIAS\Data\Password\LocalUserPasswordManager\isEncodingTypeSupported(), and ILIAS\Data\Password\LocalUserPasswordManager\verifyPassword().

146  : ?LocalUserPasswordEncoderFactory
147  {
148  return $this->encoderFactory;
149  }
+ Here is the caller graph for this function:

◆ getEncoderName()

ILIAS\Data\Password\LocalUserPasswordManager::getEncoderName ( )

Definition at line 136 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct(), ILIAS\Data\Password\LocalUserPasswordManager\encodePassword(), and ILIAS\Data\Password\LocalUserPasswordManager\verifyPassword().

136  : ?string
137  {
138  return $this->encoderName;
139  }
+ Here is the caller graph for this function:

◆ getInstance()

static ILIAS\Data\Password\LocalUserPasswordManager::getInstance ( )
static

Singleton method to reduce footprint (included files, created instances)

Exceptions
ilUserException
ilPasswordException

Definition at line 94 of file class.LocalUserPasswordManager.php.

References $DIC, ilFileUtils\getDataDir(), and null.

94  : self
95  {
96  global $DIC;
97 
98  if (self::$instance instanceof self) {
99  return self::$instance;
100  }
101 
102  $password_manager = new LocalUserPasswordManager(
103  [
104  'encoder_factory' => new LocalUserPasswordEncoderFactory(
105  [
106  // bcrypt (native PHP impl.) is still the default for the factory
107  'default_password_encoder' => 'bcryptphp',
108  // Recommended: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
109  'memory_cost' => 19_456,
110  'ignore_security_flaw' => true,
111  'data_directory' => ilFileUtils::getDataDir()
112  ]
113  ),
114  // https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
115  'password_encoder' => 'argon2id',
116  'settings' => $DIC->isDependencyAvailable('settings') ? $DIC->settings() : null,
117  'db' => $DIC->database(),
118  ]
119  );
120 
121  self::$instance = $password_manager;
122 
123  return self::$instance;
124  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$DIC
global $DIC
Definition: shib_login.php:22
ilFileUtils\getDataDir
static getDataDir()
get data directory (outside webspace)
Definition: class.ilFileUtils.php:250
+ Here is the call graph for this function:

◆ isEncodingTypeSupported()

ILIAS\Data\Password\LocalUserPasswordManager::isEncodingTypeSupported ( string  $name)

Definition at line 181 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory().

181  : bool
182  {
183  return in_array($name, $this->getEncoderFactory()->getSupportedEncoderNames());
184  }
+ Here is the call graph for this function:

◆ resetLastPasswordChangeForLocalUsers()

ILIAS\Data\Password\LocalUserPasswordManager::resetLastPasswordChangeForLocalUsers ( )

Definition at line 206 of file class.LocalUserPasswordManager.php.

References ilAuthUtils\AUTH_LOCAL, and ILIAS\Repository\settings().

206  : void
207  {
208  $defaultAuthMode = $this->settings->get('auth_mode');
209  $defaultAuthModeCondition = '';
210  if ((int) $defaultAuthMode === ilAuthUtils::AUTH_LOCAL) {
211  $defaultAuthModeCondition = ' OR auth_mode = ' . $this->db->quote('default', 'text');
212  }
213 
214  $this->db->manipulateF(
215  "UPDATE usr_data SET passwd_policy_reset = %s WHERE (auth_mode = %s $defaultAuthModeCondition)",
216  ['integer', 'text'],
217  [1, 'local']
218  );
219  }
+ Here is the call graph for this function:

◆ setDb()

ILIAS\Data\Password\LocalUserPasswordManager::setDb ( ilDBInterface  $db)

Definition at line 131 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$db.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

131  : void
132  {
133  $this->db = $db;
134  }
+ Here is the caller graph for this function:

◆ setEncoderFactory()

ILIAS\Data\Password\LocalUserPasswordManager::setEncoderFactory ( LocalUserPasswordEncoderFactory  $encoderFactory)

Definition at line 151 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderFactory.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

151  : void
152  {
153  $this->encoderFactory = $encoderFactory;
154  }
+ Here is the caller graph for this function:

◆ setEncoderName()

ILIAS\Data\Password\LocalUserPasswordManager::setEncoderName ( string  $encoderName)

Definition at line 141 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$encoderName.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

141  : void
142  {
143  $this->encoderName = $encoderName;
144  }
+ Here is the caller graph for this function:

◆ setSettings()

ILIAS\Data\Password\LocalUserPasswordManager::setSettings ( ?ilSetting  $settings)

Definition at line 126 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\$settings, and ILIAS\Repository\settings().

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\__construct().

126  : void
127  {
128  $this->settings = $settings;
129  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ verifyPassword()

ILIAS\Data\Password\LocalUserPasswordManager::verifyPassword ( ilObjUser  $user,
string  $raw 
)

Definition at line 186 of file class.LocalUserPasswordManager.php.

References ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), ilObjUser\getPasswd(), ilObjUser\getPasswordEncodingType(), ilObjUser\getPasswordSalt(), and ilObjUser\resetPassword().

186  : bool
187  {
188  $encoder = $this->getEncoderFactory()->getEncoderByName($user->getPasswordEncodingType());
189  if ($this->getEncoderName() !== $encoder->getName()) {
190  if ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
191  $user->resetPassword($raw, $raw);
192 
193  return true;
194  }
195  } elseif ($encoder->isPasswordValid($user->getPasswd(), $raw, (string) $user->getPasswordSalt())) {
196  if ($encoder->requiresReencoding($user->getPasswd())) {
197  $user->resetPassword($raw, $raw);
198  }
199 
200  return true;
201  }
202 
203  return false;
204  }
ilObjUser\resetPassword
resetPassword(string $raw, string $raw_retype)
Resets the user password.
Definition: class.ilObjUser.php:778
+ Here is the call graph for this function:

Field Documentation

◆ $db

ilDBInterface ILIAS\Data\Password\LocalUserPasswordManager::$db = null
private

Definition at line 40 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\setDb().

◆ $encoderFactory

LocalUserPasswordEncoderFactory ILIAS\Data\Password\LocalUserPasswordManager::$encoderFactory = null
private

Definition at line 38 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\getEncoderFactory(), and ILIAS\Data\Password\LocalUserPasswordManager\setEncoderFactory().

◆ $encoderName

string ILIAS\Data\Password\LocalUserPasswordManager::$encoderName = null
private

Definition at line 41 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\getEncoderName(), and ILIAS\Data\Password\LocalUserPasswordManager\setEncoderName().

◆ $instance

self ILIAS\Data\Password\LocalUserPasswordManager::$instance = null
staticprivate

Definition at line 37 of file class.LocalUserPasswordManager.php.

◆ $settings

ilSetting ILIAS\Data\Password\LocalUserPasswordManager::$settings = null
private

Definition at line 39 of file class.LocalUserPasswordManager.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\setSettings().

◆ MIN_SALT_SIZE

const ILIAS\Data\Password\LocalUserPasswordManager::MIN_SALT_SIZE = 16
private

Definition at line 35 of file class.LocalUserPasswordManager.php.

The documentation for this class was generated from the following file: