Skip to content

Commit 725a8f2

Browse files
committed
[TASK] Add feUserPasswordHash to ChangePassword DTO
In order to make the ChangePasswordValidator independent from a current fe_user session, the password hash for the checkEqualsOldPassword comparison is moved to the ChangePassword DTO Refs #50
1 parent a2f15d2 commit 725a8f2

4 files changed

Lines changed: 43 additions & 6 deletions

File tree

Classes/Controller/PasswordController.php

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
2020
use TYPO3\CMS\Extbase\Security\Exception\InvalidHashException;
2121
use TYPO3\CMS\Extbase\Utility\LocalizationUtility;
22+
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
2223

2324
/**
2425
* Class PasswordController
@@ -69,6 +70,7 @@ public function initializeUpdateAction()
6970
1572672118931
7071
);
7172
}
73+
$this->setFeUserPasswordHashToArguments($changePasswordArray);
7274
}
7375

7476
/**
@@ -96,6 +98,24 @@ public function updateAction(ChangePassword $changePassword): ResponseInterface
9698
return $this->htmlResponse();
9799
}
98100

101+
/**
102+
* Sets the current fe_user password (hashed) to request argument "changePassword"
103+
*
104+
* @param array $changePasswordArray
105+
* @throws \TYPO3\CMS\Extbase\Mvc\Exception\NoSuchArgumentException
106+
*/
107+
protected function setFeUserPasswordHashToArguments(array $changePasswordArray): void
108+
{
109+
$changePasswordArgument = $this->arguments->getArgument('changePassword');
110+
$propertyMapping = $changePasswordArgument->getPropertyMappingConfiguration();
111+
$propertyMapping->allowProperties('feUserPasswordHash');
112+
113+
$changePasswordArray['feUserPasswordHash'] = $this->getFrontendUser()->user['password'];
114+
$arguments = $this->request->getArguments();
115+
$arguments['changePassword'] = $changePasswordArray;
116+
$this->request->setArguments($arguments);
117+
}
118+
99119
/**
100120
* Suppress default flash messages
101121
*
@@ -105,4 +125,9 @@ protected function getErrorFlashMessage(): bool
105125
{
106126
return false;
107127
}
128+
129+
protected function getFrontendUser(): FrontendUserAuthentication
130+
{
131+
return $GLOBALS['TSFE']->fe_user;
132+
}
108133
}

Classes/Domain/Model/Dto/ChangePassword.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ class ChangePassword
1919
protected string $password1 = '';
2020
protected string $password2 = '';
2121
protected string $currentPassword = '';
22+
protected string $feUserPasswordHash = '';
2223
protected string $changeHmac = '';
2324
protected bool $skipCurrentPasswordCheck = false;
2425

@@ -71,4 +72,14 @@ public function setSkipCurrentPasswordCheck(bool $skipCurrentPasswordCheck): voi
7172
{
7273
$this->skipCurrentPasswordCheck = $skipCurrentPasswordCheck;
7374
}
75+
76+
public function getFeUserPasswordHash(): string
77+
{
78+
return $this->feUserPasswordHash;
79+
}
80+
81+
public function setFeUserPasswordHash(string $feUserPasswordHash): void
82+
{
83+
$this->feUserPasswordHash = $feUserPasswordHash;
84+
}
7485
}

Classes/Service/OldPasswordService.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
namespace Derhansen\FeChangePwd\Service;
1313

14+
use Derhansen\FeChangePwd\Domain\Model\Dto\ChangePassword;
1415
use Derhansen\FeChangePwd\Exception\MissingPasswordHashServiceException;
1516
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
1617
use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -22,18 +23,18 @@
2223
class OldPasswordService
2324
{
2425
/**
25-
* Returns if the given password equals the old password
26+
* Returns if the password in $changePassword equals the old password by using the given current password hash
2627
*
27-
* @param string $password
28+
* @param ChangePassword $changePassword
2829
* @return bool
2930
* @throws MissingPasswordHashServiceException
3031
* @throws \TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException
3132
*/
32-
public function checkEqualsOldPassword(string $password): bool
33+
public function checkEqualsOldPassword(ChangePassword $changePassword): bool
3334
{
3435
if (class_exists(PasswordHashFactory::class)) {
3536
$hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
36-
$equals = $hashInstance->checkPassword($password, $this->getFrontendUser()->user['password']);
37+
$equals = $hashInstance->checkPassword($changePassword->getPassword1(), $changePassword->getFeUserPasswordHash());
3738
} else {
3839
throw new MissingPasswordHashServiceException(
3940
'No secure password hashing service could be initialized. Please check your TYPO3 system configuration',

Classes/Validation/Validator/ChangePasswordValidator.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -178,7 +178,7 @@ protected function evaluatePwnedPasswordCheck(ChangePassword $changePassword)
178178
*/
179179
protected function evaluateOldPasswordCheck(ChangePassword $changePassword)
180180
{
181-
if ($this->oldPasswordService->checkEqualsOldPassword($changePassword->getPassword1())) {
181+
if ($this->oldPasswordService->checkEqualsOldPassword($changePassword)) {
182182
$this->addError(
183183
$this->localizationService->translate('oldPasswordFailure'),
184184
1570880406
@@ -205,7 +205,7 @@ protected function evaluateRequireCurrentPassword(ChangePassword $changePassword
205205
}
206206

207207
if ($oldPasswordEmpty === false &&
208-
!$this->oldPasswordService->checkEqualsOldPassword($changePassword->getCurrentPassword())
208+
!$this->oldPasswordService->checkEqualsOldPassword($changePassword)
209209
) {
210210
$result = false;
211211
$this->addError(

0 commit comments

Comments
 (0)