Ubuntu

usersManagerApi = $usersManagerApi; $this->confirmPasswordModule = Piwik::getLoginPluginName(); if (!empty($confirmPasswordModule)) { $this->confirmPasswordModule = $confirmPasswordModule; } if (!empty($confirmPasswordAction)) { $this->confirmPasswordAction = $confirmPasswordAction; } $this->emailFromName = $emailFromName; $this->emailFromAddress = $emailFromAddress; if (empty($passwordHelper)) { $passwordHelper = new Password(); } $this->passwordHelper = $passwordHelper; if (!empty($cancelResetPasswordAction)) { $this->cancelResetPasswordAction = $cancelResetPasswordAction; } } /** * Cancel an active password reset process. * * The current password reset information will be deleted. * * @param string $loginOrEmail The user's login or email address. * @param string $resetToken The reset token to invalidate. * @throws Exception if $loginOrEmail does not have a reset process active, * if $token does not match the active reset token, * or if sending an email fails in some way */ public function cancelPasswordResetProcess(string $loginOrEmail, string $resetToken) : void { $this->checkValidConfirmPasswordToken($loginOrEmail, $resetToken); $user = self::getUserInformation($loginOrEmail); $this->removePasswordResetInfo($user['login']); /** * Triggered after a user cancelled a password reset process. * * @param string $userLogin The user's login. */ Piwik::postEvent('Login.resetPassword.cancelled', [$user['login']]); try { $this->sendEmailProcessCancelled($user); } catch (Exception $ex) { throw new Exception($ex->getMessage() . Piwik::translate('Login_ContactAdmin')); } } /** * Initiates the password reset process. This method will save the password reset * information as an {@link Option} and send an email with the reset confirmation * link to the user whose password is being reset. * * The email confirmation link will contain the generated reset token. * * @param string $loginOrEmail The user's login or email address. * @param string $newPassword The un-hashed/unencrypted password. * @throws Exception if $loginOrEmail does not correspond with a non-anonymous user, * if the new password does not pass UserManager's password * complexity requirements * or if sending an email fails in some way */ public function initiatePasswordResetProcess($loginOrEmail, $newPassword) { $this->checkNewPassword($newPassword); // 'anonymous' has no password and cannot be reset if ($loginOrEmail === 'anonymous') { throw new Exception(Piwik::translate('Login_InvalidUsernameEmail')); } // get the user's login $user = $this->getUserInformation($loginOrEmail); if ($user === null) { // throw a custom exception type so it can be handled/suppressed throw new \Piwik\Plugins\Login\PasswordResetUserIsInvalidException(Piwik::translate('Login_InvalidUsernameEmail')); } $login = $user['login']; $keySuffix = time() . Common::getRandomString($length = 32); $this->savePasswordResetInfo($login, $newPassword, $keySuffix); // ... send email with confirmation link try { $this->sendEmailConfirmationLink($user, $keySuffix); } catch (Exception $ex) { // remove password reset info $this->removePasswordResetInfo($login); throw new Exception($ex->getMessage() . Piwik::translate('Login_ContactAdmin')); } /** * Triggered after a user initiated a password reset process. * * @param string $userLogin The user's login. */ Piwik::postEvent('Login.resetPassword.initiated', [$login]); } public function checkValidConfirmPasswordToken($login, $resetToken) { // get password reset info & user info $user = self::getUserInformation($login); if ($user === null) { throw new Exception(Piwik::translate('Login_InvalidUsernameEmail')); } // check that the reset token is valid $resetInfo = $this->getPasswordResetInfo($login); if ($resetInfo === \false || empty($resetInfo['hash']) || empty($resetInfo['keySuffix']) || !$this->isTokenValid($resetToken, $user, $resetInfo['keySuffix'])) { throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken')); } // check that the stored password hash is valid (sanity check) $resetPassword = $resetInfo['hash']; $this->checkPasswordHash($resetPassword); return $resetPassword; } /** * Confirms a password reset. This should be called after {@link initiatePasswordResetProcess()} * is called. * * This method will get the new password associated with a reset token and set it * as the specified user's password. * * @param string $login The login of the user whose password is being reset. * @param string $passwordHash The generated string token contained in the reset password * email. * @throws Exception If there is no user with login '$login', if $resetToken is not a * valid token or if the token has expired. */ public function setHashedPasswordForLogin($login, #[\SensitiveParameter] $passwordHash) { /* * Executed as super user, as we need to update the password, without the current user being authenticated yet. */ Access::doAsSuperUser(function () use($login, $passwordHash) { $userUpdater = new UserUpdater(); $userUpdater->updateUserWithoutCurrentPassword($login, $passwordHash, $email = \false, $isPasswordHashed = \true); }); /** * Triggered after a user confirmed/completed a password reset process. * * @param string $userLogin The user's login. */ Piwik::postEvent('Login.resetPassword.confirmed', [$login]); } /** * Returns true if a reset token is valid, false if otherwise. A reset token is valid if * it exists and has not expired. * * @param string $token The reset token to check. * @param array $user The user information returned by the UsersManager API. * @param string $keySuffix The suffix used in generating a token. * @return bool true if valid, false otherwise. */ public function isTokenValid($token, $user, $keySuffix) { $now = time(); // token valid for 24 hrs (give or take, due to the coarse granularity in our strftime format string) for ($i = 0; $i <= 24; $i++) { $generatedToken = $this->generatePasswordResetToken($user, $keySuffix, $now + $i * 60 * 60); if ($generatedToken === $token) { return \true; } } // fails if token is invalid, expired, password already changed, other user information has changed, ... return \false; } /** * Generate a password reset token. Expires in 24 hours from the beginning of the current hour. * * The reset token is generated using a user's email, login and the time when the token expires. * * @param array $user The user information. * @param string $keySuffix The suffix used in generating a token. * @param int|null $expiryTimestamp The expiration timestamp to use or null to generate one from * the current timestamp. * @return string The generated token. */ public function generatePasswordResetToken($user, $keySuffix, $expiryTimestamp = null) { /* * Piwik does not store the generated password reset token. * This avoids a database schema change and SQL queries to store, retrieve, and purge (expired) tokens. */ if (!$expiryTimestamp) { $expiryTimestamp = $this->getDefaultExpiryTime(); } $expiry = date('YmdH', $expiryTimestamp); $token = $this->generateSecureHash($expiry . $user['login'] . $user['email'] . $user['ts_password_modified'] . $keySuffix, $user['password']); return $token; } public function doesResetPasswordHashMatchesPassword( #[\SensitiveParameter] $passwordPlain, #[\SensitiveParameter] $passwordHash) { $passwordPlain = UsersManager::getPasswordHash($passwordPlain); return $this->passwordHelper->verify($passwordPlain, $passwordHash); } /** * Generates a hash using a hash "identifier" and some data to hash. The hash identifier is * a string that differentiates the hash in some way. * * We can't get the identifier back from a hash but we can tell if a hash is the hash for * a specific identifier by computing a hash for the identifier and comparing with the * first hash. * * @param string $hashIdentifier A unique string that identifies the hash in some way, can, * for example, be user information or can contain an expiration date, * or whatever. * @param string $data Any data that needs to be hashed securely, ie, a password. * @return string The hash string. */ protected function generateSecureHash($hashIdentifier, $data) { // mitigate rainbow table attack $halfDataLen = strlen($data) / 2; $stringToHash = $hashIdentifier . substr($data, 0, $halfDataLen) . $this->getSalt() . substr($data, $halfDataLen); return $this->hashData($stringToHash); } /** * Returns the string salt to use when generating a secure hash. Defaults to the value of * the `[General] salt` INI config option. * * Derived classes can override this to provide a different salt. * * @return string */ protected function getSalt() { return SettingsPiwik::getSalt(); } /** * Hashes a string. * * Derived classes can override this to provide a different hashing implementation. * * @param string $data The data to hash. * @return string */ protected function hashData($data) { return Common::hash($data); } /** * Returns an expiration time from the current time. By default it will be one day (24 hrs) from * now. * * Derived classes can override this to provide a different default expiration time * generation implementation. * * @return int */ protected function getDefaultExpiryTime() { return time() + 24 * 60 * 60; /* +24 hrs */ } /** * Checks the reset password's complexity. Will use UsersManager's requirements for user passwords. * * Derived classes can override this method to provide fewer or additional checks. * * @param string $newPassword The password to check. * @throws Exception if $newPassword is inferior in some way. */ protected function checkNewPassword( #[\SensitiveParameter] $newPassword) { UsersManager::checkPassword($newPassword); } /** * Returns user information based on a login or email. * * If user is pending, return null * * Derived classes can override this method to provide custom user querying logic. * * @param string $loginOrMail user login or email address * @return array `array("login" => '...', "email" => '...', "password" => '...')` or null, if user not found. */ protected function getUserInformation($loginOrMail) { $userModel = new Model(); if ($userModel->isPendingUser($loginOrMail)) { return null; } $user = null; if ($userModel->userExists($loginOrMail)) { $user = $userModel->getUser($loginOrMail); } elseif ($userModel->userEmailExists($loginOrMail)) { $user = $userModel->getUserByEmail($loginOrMail); } return $user; } /** * Checks the password hash that was retrieved from the Option table. Used as a sanity check * when finishing the reset password process. If a password is obviously malformed, changing * a user's password to it will keep the user from being able to login again. * * Derived classes can override this method to provide fewer or more checks. * * @param string $passwordHash The password hash to check. * @throws Exception if the password hash length is incorrect. */ protected function checkPasswordHash( #[\SensitiveParameter] $passwordHash) { $hashInfo = $this->passwordHelper->info($passwordHash); if (!isset($hashInfo['algo']) || 0 >= $hashInfo['algo']) { throw new Exception(Piwik::translate('Login_ExceptionPasswordMD5HashExpected')); } } /** * Sends email notification that a password reset process has been cancelled. * * @param array $user User info for the cancelled password reset. */ private function sendEmailProcessCancelled(array $user) : void { $login = $user['login']; $email = $user['email']; $mail = StaticContainer::getContainer()->make(PasswordResetCancelEmail::class, ['login' => $login]); $mail->addTo($email, $login); if ($this->emailFromAddress || $this->emailFromName) { $mail->setFrom($this->emailFromAddress, $this->emailFromName); } else { $mail->setDefaultFromPiwik(); } $mail->safeSend(); } /** * Sends email confirmation link for a password reset request. * * @param array $user User info for the requested password reset. * @param string $keySuffix The suffix used in generating a token. */ private function sendEmailConfirmationLink($user, $keySuffix) { $login = $user['login']; $email = $user['email']; // construct a password reset token from user information $resetToken = $this->generatePasswordResetToken($user, $keySuffix); $ip = IP::getIpFromHeader(); $urlBase = Url::getCurrentUrlWithoutQueryString() . "?module={$this->confirmPasswordModule}" . "&login=" . urlencode($login) . "&resetToken=" . urlencode($resetToken); $urlCancel = $urlBase . "&action={$this->cancelResetPasswordAction}"; $urlConfirm = $urlBase . "&action={$this->confirmPasswordAction}"; // send email with new password $mail = StaticContainer::getContainer()->make(PasswordResetEmail::class, ['login' => $login, 'ip' => $ip, 'resetUrl' => $urlConfirm, 'cancelUrl' => $urlCancel]); $mail->addTo($email, $login); if ($this->emailFromAddress || $this->emailFromName) { $mail->setFrom($this->emailFromAddress, $this->emailFromName); } else { $mail->setDefaultFromPiwik(); } @$mail->send(); } /** * Stores password reset info for a specific login. * * @param string $login The user login for whom a password change was requested. * @param string $newPassword The new password to set. * @param string $keySuffix The suffix used in generating a token. * * @throws Exception if a password reset was already requested within one hour */ private function savePasswordResetInfo($login, #[\SensitiveParameter] $newPassword, $keySuffix) { $optionName = self::getPasswordResetInfoOptionName($login); $existingResetInfo = Option::get($optionName); $time = time(); $count = 0; if ($existingResetInfo) { $existingResetInfo = json_decode($existingResetInfo, \true); if (isset($existingResetInfo['timestamp']) && $existingResetInfo['timestamp'] > time() - 3600) { $time = $existingResetInfo['timestamp']; $count = !empty($existingResetInfo['requests']) ? $existingResetInfo['requests'] : $count; if (isset($existingResetInfo['requests']) && $existingResetInfo['requests'] > 2) { throw new Exception(Piwik::translate('Login_PasswordResetAlreadySent')); } } } $optionData = ['hash' => $this->passwordHelper->hash(UsersManager::getPasswordHash($newPassword)), 'keySuffix' => $keySuffix, 'timestamp' => $time, 'requests' => $count + 1, 'ip' => IP::getIpFromHeader()]; $optionData = json_encode($optionData); Option::set($optionName, $optionData); } /** * Gets the password reset info. * * @param string $login The user login to check for. * @return array|false The reset info or false if no reset info exists. */ private function getPasswordResetInfo(string $login) { $optionName = self::getPasswordResetInfoOptionName($login); $optionValue = Option::get($optionName); if (!is_string($optionValue)) { return \false; } return json_decode($optionValue, $isAssoc = \true); } /** * Removes stored password reset info if it exists. * * @param string $login The user login to check for. */ public function removePasswordResetInfo($login) { $optionName = self::getPasswordResetInfoOptionName($login); Option::delete($optionName); } /** * Gets the option name for the option that will store a user's password change * request. * * @param string $login The user login for whom a password change was requested. * @return string */ public static function getPasswordResetInfoOptionName($login) { return $login . '_reset_password_info'; } }