mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-07-31 13:20:11 +02:00
Code Issues Releases Wiki Activity

Refactor validation of passwords

Browse Source
This commit is contained in:
Marco
2016-08-20 20:55:50 +02:00
parent e0b69ee33c
commit aef2672942
1 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/Auth.php
View File

@@ -153,11 +153,7 @@ class Auth {
$this->throttle(self::THROTTLE_ACTION_REGISTER); $this->throttle(self::THROTTLE_ACTION_REGISTER);
$email = self::validateEmailAddress($email); $email = self::validateEmailAddress($email);
$password = self::validatePassword($password);
$password = isset($password) ? trim($password) : null;
if (empty($password)) {
throw new InvalidPasswordException();
}
$username = isset($username) ? trim($username) : null; $username = isset($username) ? trim($username) : null;
$password = password_hash($password, PASSWORD_DEFAULT); $password = password_hash($password, PASSWORD_DEFAULT);
@@ -267,11 +263,7 @@ class Auth {
*/ */
public function login($email, $password, $remember = false) { public function login($email, $password, $remember = false) {
$email = self::validateEmailAddress($email); $email = self::validateEmailAddress($email);
$password = self::validatePassword($password);
$password = isset($password) ? trim($password) : null;
if (empty($password)) {
throw new InvalidPasswordException();
}
$stmt = $this->db->prepare("SELECT id, password, verified, username FROM users WHERE email = :email"); $stmt = $this->db->prepare("SELECT id, password, verified, username FROM users WHERE email = :email");
$stmt->bindValue(':email', $email, \PDO::PARAM_STR); $stmt->bindValue(':email', $email, \PDO::PARAM_STR);
@@ -338,6 +330,27 @@ class Auth {
return $email; return $email;
} }
/**
* Validates a password
*
* @param string $password the password to validate
* @return string the password if it's valid
* @throws InvalidPasswordException if the password was invalid
*/
private static function validatePassword($password) {
if (empty($password)) {
throw new InvalidPasswordException();
}
$password = trim($password);
if (strlen($password) < 1) {
throw new InvalidPasswordException();
}
return $password;
}
/** /**
* Creates a new directive keeping the user logged in ("remember me") * Creates a new directive keeping the user logged in ("remember me")
* *
@@ -569,15 +582,8 @@ class Auth {
*/ */
public function changePassword($oldPassword, $newPassword) { public function changePassword($oldPassword, $newPassword) {
if ($this->isLoggedIn()) { if ($this->isLoggedIn()) {
$oldPassword = isset($oldPassword) ? trim($oldPassword) : null; $oldPassword = self::validatePassword($oldPassword);
if (empty($oldPassword)) { $newPassword = self::validatePassword($newPassword);
throw new InvalidPasswordException();
}
$newPassword = isset($newPassword) ? trim($newPassword) : null;
if (empty($newPassword)) {
throw new InvalidPasswordException();
}
$userId = $this->getUserId(); $userId = $this->getUserId();