3 declare(strict_types
=1);
5 namespace Shaarli\Front\Controller\Admin
;
7 use Shaarli\Container\ShaarliContainer
;
8 use Shaarli\Front\Exception\OpenShaarliPasswordException
;
9 use Shaarli\Front\Exception\ShaarliFrontException
;
10 use Shaarli\Render\TemplatePage
;
11 use Slim\Http\Request
;
12 use Slim\Http\Response
;
16 * Class PasswordController
18 * Slim controller used to handle passwords update.
20 class PasswordController
extends ShaarliAdminController
22 public function __construct(ShaarliContainer
$container)
24 parent
::__construct($container);
28 t('Change password') .' - '. $this->container
->conf
->get('general.title', 'Shaarli')
33 * GET /admin/password - Displays the change password template
35 public function index(Request
$request, Response
$response): Response
37 return $response->write($this->render(TemplatePage
::CHANGE_PASSWORD
));
41 * POST /admin/password - Change admin password - existing and new passwords need to be provided.
43 public function change(Request
$request, Response
$response): Response
45 $this->checkToken($request);
47 if ($this->container
->conf
->get('security.open_shaarli', false)) {
48 throw new OpenShaarliPasswordException();
51 $oldPassword = $request->getParam('oldpassword');
52 $newPassword = $request->getParam('setpassword');
54 if (empty($newPassword) || empty($oldPassword)) {
55 $this->saveErrorMessage(t('You must provide the current and new password to change it.'));
59 ->write($this->render(TemplatePage
::CHANGE_PASSWORD
))
63 // Make sure old password is correct.
66 $this->container
->conf
->get('credentials.login') .
67 $this->container
->conf
->get('credentials.salt')
70 if ($oldHash !== $this->container
->conf
->get('credentials.hash')) {
71 $this->saveErrorMessage(t('The old password is not correct.'));
75 ->write($this->render(TemplatePage
::CHANGE_PASSWORD
))
80 // Salt renders rainbow-tables attacks useless.
81 $this->container
->conf
->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
82 $this->container
->conf
->set(
86 . $this->container
->conf
->get('credentials.login')
87 . $this->container
->conf
->get('credentials.salt')
92 $this->container
->conf
->write($this->container
->loginManager
->isLoggedIn());
93 } catch (Throwable
$e) {
94 throw new ShaarliFrontException($e->getMessage(), 500, $e);
97 $this->saveSuccessMessage(t('Your password has been changed'));
99 return $response->write($this->render(TemplatePage
::CHANGE_PASSWORD
));