PHP Class Piwik\Plugins\Login\PasswordResetter

The process to reset a password is as follows: 1. The user chooses to reset a password. He/she enters a new password and submits it to Piwik. 2. PasswordResetter will store the hash of the password in the Option table. This is done by {@link initiatePasswordResetProcess()}. 3. PasswordResetter will generate a reset token and email the user a link to confirm that they requested a password reset. (This way an attacker cannot reset a user's password if they do not have control of the user's email address.) 4. The user opens the email and clicks on the link. The link leads to a controller action that finishes the password reset process. 5. When the link is clicked, PasswordResetter will update the user's password and remove the Option stored earlier. This is accomplished by {@link confirmNewPassword()}. Note: this class does not contain any controller logic so it won't directly handle certain requests. Controllers should call the appropriate methods. ## Reset Tokens Reset tokens are hashes that are unique for each user and are associated with an expiry timestamp in the future. see the {@link generatePasswordResetToken()} and {@link isTokenValid()} methods for more info. By default, reset tokens will expire after 24 hours. ## Overriding Plugins that want to tweak the password reset process can derive from this class. They can override certain methods (read documentation for individual methods to see why and how you might want to), but for the overriding to have effect, it must be used by the Login controller.

Mostrar archivo Open project: piwik/piwik Class Usage Examples

Protected Properties

Property	Type	Description
$passwordHelper	Piwik\Auth\Password
$usersManagerApi	Piwik\Plugins\UsersManager\API

Public Methods

Method	Description
__construct ( API \| null $usersManagerApi = null, string \| null $confirmPasswordModule = null, string \| null $confirmPasswordAction = null, string \| null $emailFromName = null, string \| null $emailFromAddress = null, Password $passwordHelper = null )	Constructor.
confirmNewPassword ( string $login, string $resetToken )	Confirms a password reset. This should be called after {@link initiatePasswordResetProcess()} is called.
generatePasswordResetToken ( array $user, integer \| null $expiryTimestamp = null ) : string	Generate a password reset token. Expires in 24 hours from the beginning of the current hour.
getPasswordResetInfoOptionName ( string $login ) : string	Gets the option name for the option that will store a user's password change request.
initiatePasswordResetProcess ( string $loginOrEmail, string $newPassword )	Initiates the password reset process. This method will save the password reset information as an {@link Option} and send an email with the reset confirmation link to the user whose password is being reset.
isTokenValid ( string $token, array $user ) : boolean	Returns true if a reset token is valid, false if otherwise. A reset token is valid if it exists and has not expired.
removePasswordResetInfo ( string $login )	Removes stored password reset info if it exists.

Protected Methods

Method	Description
checkNewPassword ( string $newPassword )	Checks the reset password's complexity. Will use UsersManager's requirements for user passwords.
checkPasswordHash ( string $passwordHash )	Checks the password hash that was retrieved from the Option table. Used as a sanity check when finishing the reset password process. If a password is obviously malformed, changing a user's password to it will keep the user from being able to login again.
generateSecureHash ( string $hashIdentifier, string $data ) : string	Generates a hash using a hash "identifier" and some data to hash. The hash identifier is a string that differentiates the hash in some way.
getDefaultExpiryTime ( ) : integer	Returns an expiration time from the current time. By default it will be one day (24 hrs) from now.
getSalt ( ) : string	Returns the string salt to use when generating a secure hash. Defaults to the value of the [General] salt INI config option.
getUserInformation ( $loginOrMail ) : array	Returns user information based on a login or email.
hashData ( string $data ) : string	Hashes a string.

Private Methods

Method	Description
getPasswordToResetTo ( string $login ) : string \| false	Gets password hash stored in password reset info.
savePasswordResetInfo ( string $login, string $newPassword )	Stores password reset info for a specific login.
sendEmailConfirmationLink ( array $user )	Sends email confirmation link for a password reset request.

Method Details

__construct() public method

Constructor.

public __construct ( API \| null $usersManagerApi = null, string \| null $confirmPasswordModule = null, string \| null $confirmPasswordAction = null, string \| null $emailFromName = null, string \| null $emailFromAddress = null, Password $passwordHelper = null )
$usersManagerApi	Piwik\Plugins\UsersManager\API \| null
$confirmPasswordModule	string \| null
$confirmPasswordAction	string \| null
$emailFromName	string \| null
$emailFromAddress	string \| null
$passwordHelper	Piwik\Auth\Password

checkNewPassword() protected method

Derived classes can override this method to provide fewer or additional checks.

protected checkNewPassword ( string $newPassword )
$newPassword	string	The password to check.

checkPasswordHash() protected method

Derived classes can override this method to provide fewer or more checks.

protected checkPasswordHash ( string $passwordHash )
$passwordHash	string	The password hash to check.

confirmNewPassword() public method

This method will get the new password associated with a reset token and set it as the specified user's password.

public confirmNewPassword ( string $login, string $resetToken )
$login	string	The login of the user whose password is being reset.
$resetToken	string	The generated string token contained in the reset password email.

generatePasswordResetToken() public method

The reset token is generated using a user's email, login and the time when the token expires.

public generatePasswordResetToken ( array $user, integer \| null $expiryTimestamp = null ) : string
$user	array	The user information.
$expiryTimestamp	integer \| null	The expiration timestamp to use or null to generate one from the current timestamp.
return	string	The generated token.

generateSecureHash() protected method

We can't get the identifier back from a hash but we can tell if a hash is the hash for a specific identifier by computing a hash for the identifier and comparing with the first hash.

protected generateSecureHash ( string $hashIdentifier, string $data ) : string
$hashIdentifier	string	A unique string that identifies the hash in some way, can, for example, be user information or can contain an expiration date, or whatever.
$data	string	Any data that needs to be hashed securely, ie, a password.
return	string	The hash string.

getDefaultExpiryTime() protected method

Derived classes can override this to provide a different default expiration time generation implementation.

protected getDefaultExpiryTime ( ) : integer
return	integer

getPasswordResetInfoOptionName() public static method

Gets the option name for the option that will store a user's password change request.

public static getPasswordResetInfoOptionName ( string $login ) : string
$login	string	The user login for whom a password change was requested.
return	string

getSalt() protected method

Derived classes can override this to provide a different salt.

protected getSalt ( ) : string
return	string

getUserInformation() protected method

Derived classes can override this method to provide custom user querying logic.

protected getUserInformation ( $loginOrMail ) : array
return	array	`array("login" => '...', "email" => '...', "password" => '...')` or null, if user not found.

hashData() protected method

Derived classes can override this to provide a different hashing implementation.

protected hashData ( string $data ) : string
$data	string	The data to hash.
return	string

initiatePasswordResetProcess() public method

The email confirmation link will contain the generated reset token.

public initiatePasswordResetProcess ( string $loginOrEmail, string $newPassword )
$loginOrEmail	string	The user's login or email address.
$newPassword	string	The un-hashed/unencrypted password.

isTokenValid() public method

Returns true if a reset token is valid, false if otherwise. A reset token is valid if it exists and has not expired.

public isTokenValid ( string $token, array $user ) : boolean
$token	string	The reset token to check.
$user	array	The user information returned by the UsersManager API.
return	boolean	true if valid, false otherwise.

removePasswordResetInfo() public method

Removes stored password reset info if it exists.

public removePasswordResetInfo ( string $login )
$login	string	The user login to check for.

Property Details

$passwordHelper protected_oe property

protected Password,Piwik\Auth $passwordHelper
return	Piwik\Auth\Password

$usersManagerApi protected_oe property

protected API,Piwik\Plugins\UsersManager $usersManagerApi
return	Piwik\Plugins\UsersManager\API