ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilLocalUserPasswordSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\Data\Password;
22 use ILIAS\UI\Factory as UIFactory;
23 use ILIAS\UI\Renderer as UIRenderer;
24 use ILIAS\Refinery\Factory as Refinery;
25 use Psr\Http\Message\ServerRequestInterface;
26 use ILIAS\UI\Component\MessageBox\MessageBox;
27 use ILIAS\Authentication\Password\LocalUserPasswordManager;
28 use ILIAS\UI\Component\Input\Container\Form\Standard as Form;
29 use ILIAS\UI\Component\Input\Field\Password as PasswordInput;
30 
31 class ilLocalUserPasswordSettingsGUI
32 {
33  private const NEW_PASSWORD = 'new_password';
34  private const CURRENT_PASSWORD = 'current_password';
35  public const CMD_SHOW_PASSWORD = 'showPassword';
36  public const CMD_SAVE_PASSWORD = 'savePassword';
37  private readonly ServerRequestInterface $request;
38  private readonly ilErrorHandling $error;
39  private readonly Refinery $refinery;
40  private readonly UIFactory $ui_factory;
41  private readonly UIRenderer $ui_renderer;
42  private readonly ilGlobalTemplateInterface $tpl;
43  private readonly ilLanguage $lng;
44  private readonly ilObjUser $user;
45  private readonly ilCtrlInterface $ctrl;
46  private readonly LocalUserPasswordManager $password_manager;
47 
48  public function __construct()
49  {
50  global $DIC;
51  $this->user = $DIC->user();
52  $this->ctrl = $DIC->ctrl();
53  $this->error = $DIC['ilErr'];
54  $this->lng = $DIC->language();
55  $this->refinery = $DIC->refinery();
56  $this->tpl = $DIC->ui()->mainTemplate();
57  $this->request = $DIC->http()->request();
58  $this->ui_factory = $DIC->ui()->factory();
59  $this->ui_renderer = $DIC->ui()->renderer();
60  $this->password_manager = LocalUserPasswordManager::getInstance();
61  $this->lng->loadLanguageModule('user');
62  }
63 
64  public function executeCommand(): void
65  {
66  $cmd = $this->ctrl->getCmd();
67  switch ($cmd) {
68  default:
69  if (method_exists($this, $cmd)) {
70  $this->$cmd();
71  } else {
72  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
73  }
74 
75  break;
76  }
77  }
78 
79  public function showPassword(
80  ?Form $form = null,
81  bool $hide_form = false,
82  ?MessageBox $message_box = null
83  ): void {
84  // check whether password of user have to be changed
85  // due to first login or password of user is expired
86  if ($this->user->isPasswordChangeDemanded()) {
87  $this->tpl->setOnScreenMessage(
88  $this->tpl::MESSAGE_TYPE_INFO,
89  $this->lng->txt('password_change_on_first_login_demand')
90  );
91  } elseif ($this->user->isPasswordExpired()) {
92  $msg = $this->lng->txt('password_expired');
93  $password_age = $this->user->getPasswordAge();
94  $this->tpl->setOnScreenMessage($this->tpl::MESSAGE_TYPE_INFO, sprintf($msg, $password_age));
95  }
96 
97  if (!$form && !$hide_form) {
98  $form = $this->getPasswordForm();
99  }
100  $this->tpl->setContent(
101  !$hide_form ? $this->ui_renderer->render($form) : $this->ui_renderer->render($message_box)
102  );
103  $this->tpl->printToStdout();
104  }
105 
106  public function getPasswordForm(
107  ?ServerRequestInterface $request = null,
108  array $errors = []
109  ): Form {
110  $items = [];
111  if ($this->password_manager->allowPasswordChange($this->user)) {
112  $pw_info_set = false;
113  if ((int) $this->user->getAuthMode(true) === ilAuthUtils::AUTH_LOCAL) {
114  $cpass = $this->ui_factory->input()->field()->password(
115  $this->lng->txt(self::CURRENT_PASSWORD),
116  ilSecuritySettingsChecker::getPasswordRequirementsInfo()
117  );
118 
119  $pw_info_set = true;
120  if ($this->user->getPasswd()) {
121  $cpass = $cpass->withRequired(true);
122  }
123  $cpass = $cpass->withRevelation(true);
124  $cpass_error = $errors[self::CURRENT_PASSWORD] ?? [];
125  if ($cpass_error !== []) {
126  $cpass = $cpass->withError(implode('<br>', $cpass_error));
127  }
128  $cpass = $cpass->withAdditionalTransformation(
129  $this->refinery->custom()->constraint(function (Password $value): bool {
130  return
131  ((int) $this->user->getAuthMode(true) !== ilAuthUtils::AUTH_LOCAL) ||
132  LocalUserPasswordManager::getInstance()->verifyPassword(
133  $this->user,
134  $value->toString()
135  );
136  }, $this->lng->txt('passwd_wrong'))
137  );
138 
139  $items[self::CURRENT_PASSWORD] = $cpass;
140  }
141 
142  // new password
143  $ipass = $this->ui_factory->input()->field()->password(
144  $this->lng->txt('desired_password'),
145  );
146  if ($pw_info_set === false) {
147  $ipass = $ipass->withByline(ilSecuritySettingsChecker::getPasswordRequirementsInfo());
148  }
149  $ipass = $ipass->withRequired(true);
150  $ipass = $ipass->withRevelation(true);
151  $ipass_error = $errors[self::NEW_PASSWORD] ?? [];
152  if ($ipass_error !== []) {
153  $ipass = $ipass->withError(implode('<br>', $ipass_error));
154  }
155  $ipass = $ipass->withAdditionalTransformation(
156  $this->refinery->custom()->constraint(function (Password $value): bool {
157  return ilSecuritySettingsChecker::isPassword($value->toString(), $custom_error);
158  }, function (Closure $txt, Password $value): string {
159  $custom_error = '';
160  !ilSecuritySettingsChecker::isPassword($value->toString(), $custom_error);
161  if ($custom_error !== '' && $custom_error !== null) {
162  return $custom_error;
163  }
164 
165  return $this->lng->txt('passwd_invalid');
166  })
167  );
168  $ipass = $ipass->withAdditionalTransformation(
169  $this->refinery->custom()->constraint(
170  function (Password $value): bool {
171  return ilSecuritySettingsChecker::isPasswordValidForUserContext(
172  $value->toString(),
173  $this->user,
174  $error_lng_var
175  );
176  },
177  function (Closure $cls, Password $value): string {
178  ilSecuritySettingsChecker::isPasswordValidForUserContext(
179  $value->toString(),
180  $this->user,
181  $error_lng_var
182  );
183 
184  return $this->lng->txt($error_lng_var ?? '');
185  }
186  )
187  );
188  $items[self::NEW_PASSWORD] = $ipass;
189 
190  switch ($this->user->getAuthMode(true)) {
191  case ilAuthUtils::AUTH_LOCAL:
192  $title = $this->lng->txt('chg_password');
193 
194  break;
195  case ilAuthUtils::AUTH_SHIBBOLETH:
196  case ilAuthUtils::AUTH_CAS:
197  if (ilDAVActivationChecker::_isActive()) {
198  $title = $this->lng->txt('chg_ilias_and_webfolder_password');
199  } else {
200  $title = $this->lng->txt('chg_ilias_password');
201  }
202 
203  break;
204  default:
205  $title = $this->lng->txt('chg_ilias_password');
206 
207  break;
208  }
209  $section = $this->ui_factory->input()->field()->section($items, $title);
210  $items = ['password' => $section];
211  }
212 
213  return $this->ui_factory->input()->container()->form()->standard(
214  $this->ctrl->getLinkTarget($this, 'savePassword'),
215  $items
216  )->withSubmitLabel($this->lng->txt('save'));
217  }
218 
219  public function savePassword(): void
220  {
221  if (!$this->password_manager->allowPasswordChange($this->user)) {
222  $this->ctrl->redirect($this, 'showPersonalData');
223 
224  return;
225  }
226 
227  $form = $this->getPasswordForm()->withRequest($this->request);
228  $section = $form->getInputs()['password'];
233  $cp = $section->getInputs()[self::CURRENT_PASSWORD] ?? null;
234  $np = $section->getInputs()[self::NEW_PASSWORD];
235  $errors = [self::CURRENT_PASSWORD => [], self::NEW_PASSWORD => []];
236 
237  if (!$form->getError()) {
238  $data = $form->getData();
239  $error = false;
240  if ($cp && $cp->getError()) {
241  $error = true;
242  $errors[self::CURRENT_PASSWORD][] = $cp->getError();
243  }
244  if ($np->getError()) {
245  $error = true;
246  $errors[self::NEW_PASSWORD][] = $np->getError();
247  }
248 
249  $entered_current_password = $cp ? $cp->getValue() : '';
250  $entered_new_password = $np->getValue();
251 
252  if (
253  $entered_current_password === $entered_new_password &&
254  ($this->user->isPasswordExpired() || $this->user->isPasswordChangeDemanded())
255  ) {
256  $error = true;
257  $errors[self::NEW_PASSWORD][] = $this->lng->txt('new_pass_equals_old_pass');
258  }
259 
260  if (!$error) {
261  $this->user->resetPassword($entered_new_password, $entered_new_password);
262  if ($entered_current_password !== $entered_new_password) {
263  $this->user->setLastPasswordChangeToNow();
264  $this->user->setPasswordPolicyResetStatus(false);
265  $this->user->update();
266  }
267 
268  if (ilSession::get('orig_request_target')) {
269  $this->tpl->setOnScreenMessage(
270  $this->tpl::MESSAGE_TYPE_SUCCESS,
271  $this->lng->txt('saved_successfully'),
272  true
273  );
274  $target = ilSession::get('orig_request_target');
275  ilSession::set('orig_request_target', '');
276  $this->ctrl->redirectToURL($target);
277  } else {
278  $this->showPassword(
279  null,
280  true,
281  $this->ui_factory->messageBox()->success($this->lng->txt('saved_successfully'))
282  );
283 
284  return;
285  }
286  }
287  }
288 
289  $this->showPassword($this->getPasswordForm($this->request, $errors));
290  }
291 }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
ilSecuritySettingsChecker\isPassword
static isPassword(string $a_passwd, ?string &$customError=null)
Definition: class.ilSecuritySettingsChecker.php:26
ILIAS\Data\Password
A password is used as part of credentials for authentication.
Definition: Password.php:30
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilLocalUserPasswordSettingsGUI\$password_manager
readonly LocalUserPasswordManager $password_manager
Definition: class.ilLocalUserPasswordSettingsGUI.php:46
ilLocalUserPasswordSettingsGUI\getPasswordForm
getPasswordForm(?ServerRequestInterface $request=null, array $errors=[])
Definition: class.ilLocalUserPasswordSettingsGUI.php:106
ilSecuritySettingsChecker\isPasswordValidForUserContext
static isPasswordValidForUserContext(string $clear_text_password, $user, ?string &$error_language_variable=null)
Definition: class.ilSecuritySettingsChecker.php:152
$DIC
global $DIC
Definition: shib_login.php:22
$txt
$txt
Definition: error.php:31
ilSecuritySettingsChecker\getPasswordRequirementsInfo
static getPasswordRequirementsInfo()
infotext for ilPasswordInputGUI setInfo()
Definition: class.ilSecuritySettingsChecker.php:190
ILIAS\UI\Component\Input\Field\Password
This describes password inputs.
Definition: Password.php:28
ilLocalUserPasswordSettingsGUI\showPassword
showPassword(?Form $form=null, bool $hide_form=false, ?MessageBox $message_box=null)
Definition: class.ilLocalUserPasswordSettingsGUI.php:79
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:393