protected function loginCheckPassword($userName, $password, AccessControlEvent $event)
{
if (!($userEntity = $this->getUserEntity($userName))) {
$this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
return false;
}
$userAuth = $this->getRepositoryUsers()->getUserAuthData($userEntity->getId());
if ($userAuth->getPassword() === null || $userAuth->getPassword() === '') {
$this->systemLogger->alert("Attempt to login to an account with empty password field: '{$userName}'", ['event' => 'security']);
$this->flashLogger->error(Trans::__('general.phrase.login-account-disabled'));
$this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
return $this->loginFailed($userEntity);
}
if ((bool) $userEntity->getEnabled() === false) {
$this->systemLogger->alert("Attempt to login to a disabled account: '{$userName}'", ['event' => 'security']);
$this->flashLogger->error(Trans::__('general.phrase.login-account-disabled'));
$this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_DISABLED));
return $this->loginFailed($userEntity);
}
$isValid = $this->passwordFactory->verifyHash($password, $userAuth->getPassword());
if (!$isValid) {
$this->dispatcher->dispatch(AccessControlEvents::LOGIN_FAILURE, $event->setReason(AccessControlEvents::FAILURE_PASSWORD));
return $this->loginFailed($userEntity);
}
// Rehash password if not using Blowfish algorithm
if (!Blowfish::detect($userAuth->getPassword())) {
$userEntity->setPassword($this->passwordFactory->createHash($password, '$2y$'));
try {
$this->getRepositoryUsers()->update($userEntity);
} catch (NotNullConstraintViolationException $e) {
// Database needs updating
}
}
$this->dispatcher->dispatch(AccessControlEvents::LOGIN_SUCCESS, $event->setDispatched());
return $this->loginFinish($userEntity);
}