/**
* @param array $credentials
* @return Identity
* @throws AuthenticationException
*/
public function authenticate(array $credentials)
{
list($email, $password) = $credentials;
$user = $this->orm->users->getByEmail($email);
if (!$user) {
throw new AuthenticationException('auth.flash.wrongUsername', self::IDENTITY_NOT_FOUND);
}
if (!$user->password) {
throw new AuthenticationException('auth.flash.notSet', self::PASSWORD_NOT_SET);
}
$plainHash = $this->aes->decrypt($user->password);
if (strpos($user->password, 'old-password;') === 0) {
$this->authOldPassword($password, $user);
} else {
if (!Passwords::verify($password, $plainHash)) {
throw new AuthenticationException('auth.flash.wrongPassword', self::INVALID_CREDENTIAL);
}
}
if (Passwords::needsRehash($plainHash)) {
$plainHash = Passwords::hash($password);
$user->password = $this->aes->encrypt($plainHash);
$this->orm->flush();
}
return new Identity($user->id);
}