Passed
Push — master ( 0160c4...938e79 )
by Torben
03:05 queued 01:15
created

FrontendUserService::getMustChangePasswordReason()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 3
Code Lines 1

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
eloc 1
dl 0
loc 3
rs 10
c 0
b 0
f 0
cc 1
nc 1
nop 0
1
<?php
2
namespace Derhansen\FeChangePwd\Service;
3
4
/*
5
 * This file is part of the Extension "fe_change_pwd" for TYPO3 CMS.
6
 *
7
 * For the full copyright and license information, please read the
8
 * LICENSE.txt file that was distributed with this source code.
9
 */
10
11
use TYPO3\CMS\Core\Database\ConnectionPool;
12
use TYPO3\CMS\Core\Utility\GeneralUtility;
13
use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
14
use TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility;
15
16
/**
17
 * Class FrontendUserService
18
 */
19
class FrontendUserService
20
{
21
    /**
22
     * The session key
23
     */
24
    const SESSION_KEY = 'mustChangePasswordReason';
25
26
    /**
27
     * @var SettingsService
28
     */
29
    protected $settingsService = null;
30
31
    /**
32
     * @param SettingsService $settingsService
33
     */
34
    public function injectSettingsService(\Derhansen\FeChangePwd\Service\SettingsService $settingsService)
35
    {
36
        $this->settingsService = $settingsService;
37
    }
38
39
    /**
40
     * Returns if the frontend user must change the password
41
     *
42
     * @param array $feUserRecord
43
     * @return bool
44
     */
45
    public function mustChangePassword($feUserRecord)
46
    {
47
        $reason = '';
48
        $result = false;
49
        $mustChangePassword = $feUserRecord['must_change_password'] ?? 0;
50
        $passwordExpiryTimestamp = $feUserRecord['password_expiry_date'] ?? 0;
51
        if ((bool)$mustChangePassword) {
52
            $reason = 'forcedChange';
53
            $result = true;
54
        } elseif (((int)$passwordExpiryTimestamp > 0 && (int)$passwordExpiryTimestamp < time())) {
55
            $reason = 'passwordExpired';
56
            $result = true;
57
        }
58
59
        if ($result) {
60
            // Store reason for password change in user session
61
            $this->getFrontendUser()->setKey('ses', self::SESSION_KEY, $reason);
62
            $this->getFrontendUser()->storeSessionData();
63
        }
64
        return $result;
65
    }
66
67
    /**
68
     * Returns the reason for the password change stored in the session
69
     *
70
     * @return mixed
71
     */
72
    public function getMustChangePasswordReason()
73
    {
74
        return $this->getFrontendUser()->getKey('ses', self::SESSION_KEY);
75
    }
76
77
    /**
78
     * Updates the password of the current user
79
     *
80
     * @param string $newPassword
81
     * @return void
82
     */
83
    public function updatePassword($newPassword)
84
    {
85
        // First use md5 as fallback
86
        $password = md5($newPassword);
87
88
        // If salted passwords is enabled, salt the new password
89
        if (SaltedPasswordsUtility::isUsageEnabled('FE')) {
90
            $objSalt = SaltFactory::getSaltingInstance(null);
91
            if (is_object($objSalt)) {
92
                $password = $objSalt->getHashedPassword($newPassword);
93
            }
94
        }
95
96
        $userTable = $this->getFrontendUser()->user_table;
97
        $userUid = $this->getFrontendUser()->user['uid'];
98
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
99
        $queryBuilder->getRestrictions()->removeAll();
100
        $queryBuilder->update($userTable)
101
            ->set('password', $password)
102
            ->set('must_change_password', 0)
103
            ->set('password_expiry_date', $this->settingsService->getPasswordExpiryTimestamp())
104
            ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
105
            ->where(
106
                $queryBuilder->expr()->eq(
107
                    'uid',
108
                    $queryBuilder->createNamedParameter($userUid, \PDO::PARAM_INT)
109
                )
110
            )
111
            ->execute();
112
113
        // Unset reason for password change in user session
114
        $this->getFrontendUser()->setKey('ses', self::SESSION_KEY, null);
115
    }
116
117
    /**
118
     * Returns the frontendUserAuthentication
119
     *
120
     * @return \TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication
121
     */
122
    protected function getFrontendUser()
123
    {
124
        return $GLOBALS['TSFE']->fe_user;
125
    }
126
}
127