3 declare(strict_types
=1);
5 namespace Shaarli\Front\Controller\Admin
;
7 use Shaarli\Container\ShaarliContainer
;
8 use Shaarli\Front\Exception\OpenShaarliPasswordException
;
9 use Shaarli\Front\Exception\ShaarliFrontException
;
10 use Slim\Http\Request
;
11 use Slim\Http\Response
;
15 * Class PasswordController
17 * Slim controller used to handle passwords update.
19 class PasswordController
extends ShaarliAdminController
21 public function __construct(ShaarliContainer
$container)
23 parent
::__construct($container);
27 t('Change password') .' - '. $this->container
->conf
->get('general.title', 'Shaarli')
32 * GET /password - Displays the change password template
34 public function index(Request
$request, Response
$response): Response
36 return $response->write($this->render('changepassword'));
40 * POST /password - Change admin password - existing and new passwords need to be provided.
42 public function change(Request
$request, Response
$response): Response
44 $this->checkToken($request);
46 if ($this->container
->conf
->get('security.open_shaarli', false)) {
47 throw new OpenShaarliPasswordException();
50 $oldPassword = $request->getParam('oldpassword');
51 $newPassword = $request->getParam('setpassword');
53 if (empty($newPassword) || empty($oldPassword)) {
54 $this->saveErrorMessage(t('You must provide the current and new password to change it.'));
58 ->write($this->render('changepassword'))
62 // Make sure old password is correct.
65 $this->container
->conf
->get('credentials.login') .
66 $this->container
->conf
->get('credentials.salt')
69 if ($oldHash !== $this->container
->conf
->get('credentials.hash')) {
70 $this->saveErrorMessage(t('The old password is not correct.'));
74 ->write($this->render('changepassword'))
79 // Salt renders rainbow-tables attacks useless.
80 $this->container
->conf
->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
81 $this->container
->conf
->set(
85 . $this->container
->conf
->get('credentials.login')
86 . $this->container
->conf
->get('credentials.salt')
91 $this->container
->conf
->write($this->container
->loginManager
->isLoggedIn());
92 } catch (Throwable
$e) {
93 throw new ShaarliFrontException($e->getMessage(), 500, $e);
96 $this->saveSuccessMessage(t('Your password has been changed'));
98 return $response->write($this->render('changepassword'));