projects / github / shaarli / Shaarli.git / blame
| Commit | Line | Data |
|---|---|---|
| ef00f9d2 A |
1 | <?php |
| 2 | ||
| 3 | declare(strict_types=1); | |
| 4 | ||
| 5 | namespace Shaarli\Front\Controller\Admin; | |
| 6 | ||
| 7 | use Shaarli\Container\ShaarliContainer; | |
| 8 | use Shaarli\Front\Exception\OpenShaarliPasswordException; | |
| 9 | use Shaarli\Front\Exception\ShaarliFrontException; | |
| 1a8ac737 | 10 | use Shaarli\Render\TemplatePage; |
| ef00f9d2 A |
11 | use Slim\Http\Request; |
| 12 | use Slim\Http\Response; | |
| 13 | use Throwable; | |
| 14 | ||
| 15 | /** | |
| 16 | * Class PasswordController | |
| 17 | * | |
| 18 | * Slim controller used to handle passwords update. | |
| 19 | */ | |
| 20 | class PasswordController extends ShaarliAdminController | |
| 21 | { | |
| 22 | public function __construct(ShaarliContainer $container) | |
| 23 | { | |
| 24 | parent::__construct($container); | |
| 25 | ||
| 26 | $this->assignView( | |
| 27 | 'pagetitle', | |
| 53054b2b | 28 | t('Change password') . ' - ' . $this->container->conf->get('general.title', 'Shaarli') |
| ef00f9d2 A |
29 | ); |
| 30 | } | |
| 31 | ||
| 32 | /** | |
| 9c75f877 | 33 | * GET /admin/password - Displays the change password template |
| ef00f9d2 A |
34 | */ |
| 35 | public function index(Request $request, Response $response): Response | |
| 36 | { | |
| 1a8ac737 | 37 | return $response->write($this->render(TemplatePage::CHANGE_PASSWORD)); |
| ef00f9d2 A |
38 | } |
| 39 | ||
| 40 | /** | |
| 9c75f877 | 41 | * POST /admin/password - Change admin password - existing and new passwords need to be provided. |
| ef00f9d2 A |
42 | */ |
| 43 | public function change(Request $request, Response $response): Response | |
| 44 | { | |
| 45 | $this->checkToken($request); | |
| 46 | ||
| 47 | if ($this->container->conf->get('security.open_shaarli', false)) { | |
| 48 | throw new OpenShaarliPasswordException(); | |
| 49 | } | |
| 50 | ||
| 51 | $oldPassword = $request->getParam('oldpassword'); | |
| 52 | $newPassword = $request->getParam('setpassword'); | |
| 53 | ||
| 54 | if (empty($newPassword) || empty($oldPassword)) { | |
| 55 | $this->saveErrorMessage(t('You must provide the current and new password to change it.')); | |
| 56 | ||
| 57 | return $response | |
| 58 | ->withStatus(400) | |
| 1a8ac737 | 59 | ->write($this->render(TemplatePage::CHANGE_PASSWORD)) |
| ef00f9d2 A |
60 | ; |
| 61 | } | |
| 62 | ||
| 63 | // Make sure old password is correct. | |
| 64 | $oldHash = sha1( | |
| 65 | $oldPassword . | |
| 66 | $this->container->conf->get('credentials.login') . | |
| 67 | $this->container->conf->get('credentials.salt') | |
| 68 | ); | |
| 69 | ||
| 70 | if ($oldHash !== $this->container->conf->get('credentials.hash')) { | |
| 71 | $this->saveErrorMessage(t('The old password is not correct.')); | |
| 72 | ||
| 73 | return $response | |
| 74 | ->withStatus(400) | |
| 1a8ac737 | 75 | ->write($this->render(TemplatePage::CHANGE_PASSWORD)) |
| ef00f9d2 A |
76 | ; |
| 77 | } | |
| 78 | ||
| 79 | // Save new password | |
| 80 | // Salt renders rainbow-tables attacks useless. | |
| 53054b2b | 81 | $this->container->conf->set('credentials.salt', sha1(uniqid('', true) . '_' . mt_rand())); |
| ef00f9d2 A |
82 | $this->container->conf->set( |
| 83 | 'credentials.hash', | |
| 84 | sha1( | |
| 85 | $newPassword | |
| 86 | . $this->container->conf->get('credentials.login') | |
| 87 | . $this->container->conf->get('credentials.salt') | |
| 88 | ) | |
| 89 | ); | |
| 90 | ||
| 91 | try { | |
| 92 | $this->container->conf->write($this->container->loginManager->isLoggedIn()); | |
| 93 | } catch (Throwable $e) { | |
| 94 | throw new ShaarliFrontException($e->getMessage(), 500, $e); | |
| 95 | } | |
| 96 | ||
| 97 | $this->saveSuccessMessage(t('Your password has been changed')); | |
| 98 | ||
| 1a8ac737 | 99 | return $response->write($this->render(TemplatePage::CHANGE_PASSWORD)); |
| ef00f9d2 A |
100 | } |
| 101 | } |