mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-03 14:47:30 +02:00
Code Issues Releases Wiki Activity

Fail with exception in 'resetPassword' if password reset is disabled

Browse Source
This commit is contained in:
Marco
2017-07-30 16:12:57 +02:00
parent a3a28af2aa
commit 4b6afc7c48
1 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/Auth.php
View File

@@ -941,6 +941,7 @@ final class Auth extends UserManager {
* @param string $newPassword the new password to set for the account * @param string $newPassword the new password to set for the account
* @throws InvalidSelectorTokenPairException if either the selector or the token was not correct * @throws InvalidSelectorTokenPairException if either the selector or the token was not correct
* @throws TokenExpiredException if the token has already expired * @throws TokenExpiredException if the token has already expired
* @throws ResetDisabledException if the user has explicitly disabled password resets for their account
* @throws InvalidPasswordException if the new password was invalid * @throws InvalidPasswordException if the new password was invalid
* @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded * @throws TooManyRequestsException if the number of allowed attempts/requests has been exceeded
* @throws AuthError if an internal problem occurred (do *not* catch) * @throws AuthError if an internal problem occurred (do *not* catch)
@@ -951,7 +952,7 @@ final class Auth extends UserManager {
try { try {
$resetData = $this->db->selectRow( $resetData = $this->db->selectRow(
'SELECT id, user, token, expires FROM ' . $this->dbTablePrefix . 'users_resets WHERE selector = ?', 'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->dbTablePrefix . 'users_resets AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user WHERE a.selector = ?',
[ $selector ] [ $selector ]
); );
} }
@@ -960,32 +961,37 @@ final class Auth extends UserManager {
} }
if (!empty($resetData)) { if (!empty($resetData)) {
if (password_verify($token, $resetData['token'])) { if ((int) $resetData['resettable'] === 1) {
if ($resetData['expires'] >= time()) { if (password_verify($token, $resetData['token'])) {
$newPassword = self::validatePassword($newPassword); if ($resetData['expires'] >= time()) {
$newPassword = self::validatePassword($newPassword);
// update the password in the database // update the password in the database
$this->updatePassword($resetData['user'], $newPassword); $this->updatePassword($resetData['user'], $newPassword);
// delete any remaining remember directives // delete any remaining remember directives
$this->deleteRememberDirective($resetData['user']); $this->deleteRememberDirective($resetData['user']);
try { try {
$this->db->delete( $this->db->delete(
$this->dbTablePrefix . 'users_resets', $this->dbTablePrefix . 'users_resets',
[ 'id' => $resetData['id'] ] [ 'id' => $resetData['id'] ]
); );
}
catch (Error $e) {
throw new DatabaseError();
}
} }
catch (Error $e) { else {
throw new DatabaseError(); throw new TokenExpiredException();
} }
} }
else { else {
throw new TokenExpiredException(); throw new InvalidSelectorTokenPairException();
} }
} }
else { else {
throw new InvalidSelectorTokenPairException(); throw new ResetDisabledException();
} }
} }
else { else {