public function loadUserByCredentials($login, $password)
{
if (!is_string($login) || empty($login)) {
throw new InvalidArgumentValue('login', $login);
}
if (!is_string($password)) {
throw new InvalidArgumentValue('password', $password);
}
// Randomize login time to protect against timing attacks
usleep(mt_rand(0, 30000));
$spiUser = $this->userHandler->loadByLogin($login);
$passwordHash = $this->createPasswordHash($login, $password, $this->settings['siteName'], $spiUser->hashAlgorithm);
if ($spiUser->passwordHash !== $passwordHash) {
throw new NotFoundException('user', $login);
}
return $this->buildDomainUserObject($spiUser);
}