diff options
| author | benakamoorthi <benaka.moorthi@gmail.com> | 2012-09-02 15:14:40 +0400 |
|---|---|---|
| committer | benakamoorthi <benaka.moorthi@gmail.com> | 2012-09-02 15:14:40 +0400 |
| commit | 8e7cc3c95530187f39dc9edbe45cf2a26aa435e8 (patch) | |
| tree | 1874dd52df5c7974b36e64fd6a7a22b875f09692 /plugins/UsersManager | |
| parent | aeaf2ab3471d24a5a074dd523ab30a12060991e8 (diff) | |
Fixes #3334, redesigned the reset password functionality.
Notes:
* Resetting password is done through AJAX and the reset token does not need to be entered in a form.
* Moved password related utility functions in UsersManager_API to UsersManager as static functions.
* Added hidden _isPasswordHashed parameter to UsersManager::updateUser.
* Make sure superuser login is set in Access instance when setSuperUser(true) is used.
* Add ability to get rendered form data as array in QuickForm2 (moved existing logic in Piwik_View into new function).
git-svn-id: http://dev.piwik.org/svn/trunk@6900 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/UsersManager')
| -rw-r--r-- | plugins/UsersManager/API.php | 48 | ||||
| -rw-r--r-- | plugins/UsersManager/UsersManager.php | 35 |
2 files changed, 44 insertions, 39 deletions
diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index ee28df7216..5daded88c2 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -315,16 +315,6 @@ class Piwik_UsersManager_API Piwik::checkValidLoginString($userLogin); } - private function checkPassword($password) - { - if(!$this->isValidPasswordString($password)) - { - throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidPassword', array(self::PASSWORD_MIN_LENGTH, self::PASSWORD_MAX_LENGTH))); - } - } - const PASSWORD_MIN_LENGTH = 6; - const PASSWORD_MAX_LENGTH = 26; - private function checkEmail($email) { if($this->userEmailExists($email)) @@ -347,13 +337,6 @@ class Piwik_UsersManager_API return $alias; } - private function getCleanPassword($password) - { - // if change here, should also edit the installation process - // to change how the root pwd is saved in the config file - return md5($password); - } - /** * Add a user in the database. * A user is defined by @@ -378,10 +361,10 @@ class Piwik_UsersManager_API $this->checkEmail($email); $password = Piwik_Common::unsanitizeInputValue($password); - $this->checkPassword($password); + Piwik_UsersManager::checkPassword($password); $alias = $this->getCleanAlias($alias,$userLogin); - $passwordTransformed = $this->getCleanPassword($password); + $passwordTransformed = Piwik_UsersManager::getPasswordHash($password); $token_auth = $this->getTokenAuth($userLogin, $passwordTransformed); @@ -412,7 +395,8 @@ class Piwik_UsersManager_API * * @see addUser() for all the parameters */ - public function updateUser( $userLogin, $password = false, $email = false, $alias = false ) + public function updateUser( $userLogin, $password = false, $email = false, $alias = false, + $_isPasswordHashed = false ) { Piwik::checkUserIsSuperUserOrTheUser($userLogin); $this->checkUserIsNotAnonymous( $userLogin ); @@ -426,8 +410,11 @@ class Piwik_UsersManager_API else { $password = Piwik_Common::unsanitizeInputValue($password); - $this->checkPassword($password); - $password = $this->getCleanPassword($password); + if (!$_isPasswordHashed) + { + Piwik_UsersManager::checkPassword($password); + $password = Piwik_UsersManager::getPasswordHash($password); + } } if(empty($alias)) @@ -704,21 +691,4 @@ class Piwik_UsersManager_API } return md5($userLogin . $md5Password ); } - - /** - * Returns true if the password is complex enough (at least 6 characters and max 26 characters) - * - * @param string email - * @return bool - */ - private function isValidPasswordString( $input ) - { - if(!Piwik::isChecksEnabled() - && !empty($input)) - { - return true; - } - $l = strlen($input); - return $l >= self::PASSWORD_MIN_LENGTH && $l <= self::PASSWORD_MAX_LENGTH; - } } diff --git a/plugins/UsersManager/UsersManager.php b/plugins/UsersManager/UsersManager.php index 0ffb7336ab..05aa24050b 100644 --- a/plugins/UsersManager/UsersManager.php +++ b/plugins/UsersManager/UsersManager.php @@ -17,6 +17,9 @@ */ class Piwik_UsersManager extends Piwik_Plugin { + const PASSWORD_MIN_LENGTH = 6; + const PASSWORD_MAX_LENGTH = 26; + /** * Plugin information * @@ -118,4 +121,36 @@ class Piwik_UsersManager extends Piwik_Plugin Piwik::isUserHasSomeViewAccess(), $order = 1); } + + /** + * Returns true if the password is complex enough (at least 6 characters and max 26 characters) + * + * @param string email + * @return bool + */ + public static function isValidPasswordString( $input ) + { + if(!Piwik::isChecksEnabled() + && !empty($input)) + { + return true; + } + $l = strlen($input); + return $l >= self::PASSWORD_MIN_LENGTH && $l <= self::PASSWORD_MAX_LENGTH; + } + + public static function checkPassword($password) + { + if(!self::isValidPasswordString($password)) + { + throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidPassword', array(self::PASSWORD_MIN_LENGTH, self::PASSWORD_MAX_LENGTH))); + } + } + + public static function getPasswordHash($password) + { + // if change here, should also edit the installation process + // to change how the root pwd is saved in the config file + return md5($password); + } } |