]>
Commit | Line | Data |
---|---|---|
ef00f9d2 A |
1 | <?php |
2 | ||
3 | declare(strict_types=1); | |
4 | ||
5 | namespace Shaarli\Front\Controller\Admin; | |
6 | ||
7 | use Shaarli\Container\ShaarliContainer; | |
8 | use Shaarli\Front\Exception\OpenShaarliPasswordException; | |
9 | use Shaarli\Front\Exception\ShaarliFrontException; | |
1a8ac737 | 10 | use Shaarli\Render\TemplatePage; |
ef00f9d2 A |
11 | use Slim\Http\Request; |
12 | use Slim\Http\Response; | |
13 | use Throwable; | |
14 | ||
15 | /** | |
16 | * Class PasswordController | |
17 | * | |
18 | * Slim controller used to handle passwords update. | |
19 | */ | |
20 | class PasswordController extends ShaarliAdminController | |
21 | { | |
22 | public function __construct(ShaarliContainer $container) | |
23 | { | |
24 | parent::__construct($container); | |
25 | ||
26 | $this->assignView( | |
27 | 'pagetitle', | |
28 | t('Change password') .' - '. $this->container->conf->get('general.title', 'Shaarli') | |
29 | ); | |
30 | } | |
31 | ||
32 | /** | |
9c75f877 | 33 | * GET /admin/password - Displays the change password template |
ef00f9d2 A |
34 | */ |
35 | public function index(Request $request, Response $response): Response | |
36 | { | |
1a8ac737 | 37 | return $response->write($this->render(TemplatePage::CHANGE_PASSWORD)); |
ef00f9d2 A |
38 | } |
39 | ||
40 | /** | |
9c75f877 | 41 | * POST /admin/password - Change admin password - existing and new passwords need to be provided. |
ef00f9d2 A |
42 | */ |
43 | public function change(Request $request, Response $response): Response | |
44 | { | |
45 | $this->checkToken($request); | |
46 | ||
47 | if ($this->container->conf->get('security.open_shaarli', false)) { | |
48 | throw new OpenShaarliPasswordException(); | |
49 | } | |
50 | ||
51 | $oldPassword = $request->getParam('oldpassword'); | |
52 | $newPassword = $request->getParam('setpassword'); | |
53 | ||
54 | if (empty($newPassword) || empty($oldPassword)) { | |
55 | $this->saveErrorMessage(t('You must provide the current and new password to change it.')); | |
56 | ||
57 | return $response | |
58 | ->withStatus(400) | |
1a8ac737 | 59 | ->write($this->render(TemplatePage::CHANGE_PASSWORD)) |
ef00f9d2 A |
60 | ; |
61 | } | |
62 | ||
63 | // Make sure old password is correct. | |
64 | $oldHash = sha1( | |
65 | $oldPassword . | |
66 | $this->container->conf->get('credentials.login') . | |
67 | $this->container->conf->get('credentials.salt') | |
68 | ); | |
69 | ||
70 | if ($oldHash !== $this->container->conf->get('credentials.hash')) { | |
71 | $this->saveErrorMessage(t('The old password is not correct.')); | |
72 | ||
73 | return $response | |
74 | ->withStatus(400) | |
1a8ac737 | 75 | ->write($this->render(TemplatePage::CHANGE_PASSWORD)) |
ef00f9d2 A |
76 | ; |
77 | } | |
78 | ||
79 | // Save new password | |
80 | // Salt renders rainbow-tables attacks useless. | |
81 | $this->container->conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); | |
82 | $this->container->conf->set( | |
83 | 'credentials.hash', | |
84 | sha1( | |
85 | $newPassword | |
86 | . $this->container->conf->get('credentials.login') | |
87 | . $this->container->conf->get('credentials.salt') | |
88 | ) | |
89 | ); | |
90 | ||
91 | try { | |
92 | $this->container->conf->write($this->container->loginManager->isLoggedIn()); | |
93 | } catch (Throwable $e) { | |
94 | throw new ShaarliFrontException($e->getMessage(), 500, $e); | |
95 | } | |
96 | ||
97 | $this->saveSuccessMessage(t('Your password has been changed')); | |
98 | ||
1a8ac737 | 99 | return $response->write($this->render(TemplatePage::CHANGE_PASSWORD)); |
ef00f9d2 A |
100 | } |
101 | } |