PHP Класс Piwik\Plugins\Login\PasswordResetter

The process to reset a password is as follows: 1. The user chooses to reset a password. He/she enters a new password and submits it to Piwik. 2. PasswordResetter will store the hash of the password in the Option table. This is done by {@link initiatePasswordResetProcess()}. 3. PasswordResetter will generate a reset token and email the user a link to confirm that they requested a password reset. (This way an attacker cannot reset a user's password if they do not have control of the user's email address.) 4. The user opens the email and clicks on the link. The link leads to a controller action that finishes the password reset process. 5. When the link is clicked, PasswordResetter will update the user's password and remove the Option stored earlier. This is accomplished by {@link confirmNewPassword()}. Note: this class does not contain any controller logic so it won't directly handle certain requests. Controllers should call the appropriate methods. ## Reset Tokens Reset tokens are hashes that are unique for each user and are associated with an expiry timestamp in the future. see the {@link generatePasswordResetToken()} and {@link isTokenValid()} methods for more info. By default, reset tokens will expire after 24 hours. ## Overriding Plugins that want to tweak the password reset process can derive from this class. They can override certain methods (read documentation for individual methods to see why and how you might want to), but for the overriding to have effect, it must be used by the Login controller.

Показать файл Открыть проект Примеры использования класса

Защищенные свойства (Protected)

Свойство	Тип	Описание
$passwordHelper	Piwik\Auth\Password
$usersManagerApi	Piwik\Plugins\UsersManager\API

Открытые методы

Метод	Описание
__construct ( API \| null $usersManagerApi = null, string \| null $confirmPasswordModule = null, string \| null $confirmPasswordAction = null, string \| null $emailFromName = null, string \| null $emailFromAddress = null, Password $passwordHelper = null )	Constructor.
confirmNewPassword ( string $login, string $resetToken )	Confirms a password reset. This should be called after {@link initiatePasswordResetProcess()} is called.
generatePasswordResetToken ( array $user, integer \| null $expiryTimestamp = null ) : string	Generate a password reset token. Expires in 24 hours from the beginning of the current hour.
getPasswordResetInfoOptionName ( string $login ) : string	Gets the option name for the option that will store a user's password change request.
initiatePasswordResetProcess ( string $loginOrEmail, string $newPassword )	Initiates the password reset process. This method will save the password reset information as an {@link Option} and send an email with the reset confirmation link to the user whose password is being reset.
isTokenValid ( string $token, array $user ) : boolean	Returns true if a reset token is valid, false if otherwise. A reset token is valid if it exists and has not expired.
removePasswordResetInfo ( string $login )	Removes stored password reset info if it exists.

Защищенные методы

Метод	Описание
checkNewPassword ( string $newPassword )	Checks the reset password's complexity. Will use UsersManager's requirements for user passwords.
checkPasswordHash ( string $passwordHash )	Checks the password hash that was retrieved from the Option table. Used as a sanity check when finishing the reset password process. If a password is obviously malformed, changing a user's password to it will keep the user from being able to login again.
generateSecureHash ( string $hashIdentifier, string $data ) : string	Generates a hash using a hash "identifier" and some data to hash. The hash identifier is a string that differentiates the hash in some way.
getDefaultExpiryTime ( ) : integer	Returns an expiration time from the current time. By default it will be one day (24 hrs) from now.
getSalt ( ) : string	Returns the string salt to use when generating a secure hash. Defaults to the value of the [General] salt INI config option.
getUserInformation ( $loginOrMail ) : array	Returns user information based on a login or email.
hashData ( string $data ) : string	Hashes a string.

Приватные методы

Метод	Описание
getPasswordToResetTo ( string $login ) : string \| false	Gets password hash stored in password reset info.
savePasswordResetInfo ( string $login, string $newPassword )	Stores password reset info for a specific login.
sendEmailConfirmationLink ( array $user )	Sends email confirmation link for a password reset request.

Описание методов

__construct() публичный Метод

Constructor.

public __construct ( API \| null $usersManagerApi = null, string \| null $confirmPasswordModule = null, string \| null $confirmPasswordAction = null, string \| null $emailFromName = null, string \| null $emailFromAddress = null, Password $passwordHelper = null )
$usersManagerApi	Piwik\Plugins\UsersManager\API \| null
$confirmPasswordModule	string \| null
$confirmPasswordAction	string \| null
$emailFromName	string \| null
$emailFromAddress	string \| null
$passwordHelper	Piwik\Auth\Password

checkNewPassword() защищенный Метод

Derived classes can override this method to provide fewer or additional checks.

protected checkNewPassword ( string $newPassword )
$newPassword	string	The password to check.

checkPasswordHash() защищенный Метод

Derived classes can override this method to provide fewer or more checks.

protected checkPasswordHash ( string $passwordHash )
$passwordHash	string	The password hash to check.

confirmNewPassword() публичный Метод

This method will get the new password associated with a reset token and set it as the specified user's password.

public confirmNewPassword ( string $login, string $resetToken )
$login	string	The login of the user whose password is being reset.
$resetToken	string	The generated string token contained in the reset password email.

generatePasswordResetToken() публичный Метод

The reset token is generated using a user's email, login and the time when the token expires.

public generatePasswordResetToken ( array $user, integer \| null $expiryTimestamp = null ) : string
$user	array	The user information.
$expiryTimestamp	integer \| null	The expiration timestamp to use or null to generate one from the current timestamp.
Результат	string	The generated token.

generateSecureHash() защищенный Метод

We can't get the identifier back from a hash but we can tell if a hash is the hash for a specific identifier by computing a hash for the identifier and comparing with the first hash.

protected generateSecureHash ( string $hashIdentifier, string $data ) : string
$hashIdentifier	string	A unique string that identifies the hash in some way, can, for example, be user information or can contain an expiration date, or whatever.
$data	string	Any data that needs to be hashed securely, ie, a password.
Результат	string	The hash string.

getDefaultExpiryTime() защищенный Метод

Derived classes can override this to provide a different default expiration time generation implementation.

protected getDefaultExpiryTime ( ) : integer
Результат	integer

getPasswordResetInfoOptionName() публичный статический Метод

Gets the option name for the option that will store a user's password change request.

public static getPasswordResetInfoOptionName ( string $login ) : string
$login	string	The user login for whom a password change was requested.
Результат	string

getSalt() защищенный Метод

Derived classes can override this to provide a different salt.

protected getSalt ( ) : string
Результат	string

getUserInformation() защищенный Метод

Derived classes can override this method to provide custom user querying logic.

protected getUserInformation ( $loginOrMail ) : array
Результат	array	`array("login" => '...', "email" => '...', "password" => '...')` or null, if user not found.

hashData() защищенный Метод

Derived classes can override this to provide a different hashing implementation.

protected hashData ( string $data ) : string
$data	string	The data to hash.
Результат	string

initiatePasswordResetProcess() публичный Метод

The email confirmation link will contain the generated reset token.

public initiatePasswordResetProcess ( string $loginOrEmail, string $newPassword )
$loginOrEmail	string	The user's login or email address.
$newPassword	string	The un-hashed/unencrypted password.

isTokenValid() публичный Метод

Returns true if a reset token is valid, false if otherwise. A reset token is valid if it exists and has not expired.

public isTokenValid ( string $token, array $user ) : boolean
$token	string	The reset token to check.
$user	array	The user information returned by the UsersManager API.
Результат	boolean	true if valid, false otherwise.

removePasswordResetInfo() публичный Метод

Removes stored password reset info if it exists.

public removePasswordResetInfo ( string $login )
$login	string	The user login to check for.

Описание свойств

$passwordHelper защищенное свойство

protected Password,Piwik\Auth $passwordHelper
Результат	Piwik\Auth\Password

$usersManagerApi защищенное свойство

protected API,Piwik\Plugins\UsersManager $usersManagerApi
Результат	Piwik\Plugins\UsersManager\API