Security
in package
Security related functions for Standaloneusers.
This is closely coupled with CRM_Utils_System_Standalone Many functions there started life here when Standalone was being resurrected.
Some of the generic user functions have been moved back to the System class so that they are more permanently available.
Things may yet move around in the codebase - particularly if alternative user extensions to Standaloneusers are developed as these would then need to share an interface with the System class
Table of Contents
Constants
- PASSWORD_RESET_SCOPE = 'pw_reset'
- Scope identifier for password reset JWTs
Methods
- checkPassword() : int|null
- Standaloneusers implementation of AuthxInterface::checkPassword
- checkPasswordResetToken() : null|int
- Check a password reset token matches for a User.
- checkPermission() : bool
- CRM_Core_Permission_Standalone::check() delegates here.
- hashPassword() : string
- High level function to encrypt password using the site-default mechanism.
- preparePasswordResetWorkflow() : CRM_Standaloneusers_WorkflowMessage_PasswordReset|null
- Prepare a password reset workflow email, if configured.
- singleton() : Security
- checkHashedPassword() : bool
- Check whether a password matches a hashed version.
Constants
PASSWORD_RESET_SCOPE
Scope identifier for password reset JWTs
public
mixed
PASSWORD_RESET_SCOPE
= 'pw_reset'
Methods
checkPassword()
Standaloneusers implementation of AuthxInterface::checkPassword
public
checkPassword(string $username, string $plaintextPassword) : int|null
Parameters
- $username : string
- $plaintextPassword : string
Tags
Return values
int|null —The User id, if check was successful, otherwise NULL
checkPasswordResetToken()
Check a password reset token matches for a User.
public
checkPasswordResetToken(string $token[, bool $spend = TRUE ]) : null|int
Parameters
- $token : string
- $spend : bool = TRUE
-
If TRUE, and the token matches, the token is then reset; so it can only be used once. If FALSE no changes are made.
Return values
null|int —If int, it's the UserID
checkPermission()
CRM_Core_Permission_Standalone::check() delegates here.
public
checkPermission(string $permissionName[, int|null $userID = NULL ]) : bool
Parameters
- $permissionName : string
-
The permission to check.
- $userID : int|null = NULL
-
The User ID (not ContactID) to check. If NULL, current logged in user.
Return values
bool —true if yes, else false
hashPassword()
High level function to encrypt password using the site-default mechanism.
public
hashPassword(string $plaintext) : string
Parameters
- $plaintext : string
Return values
stringpreparePasswordResetWorkflow()
Prepare a password reset workflow email, if configured.
public
preparePasswordResetWorkflow(array<string|int, mixed> $user, string $token) : CRM_Standaloneusers_WorkflowMessage_PasswordReset|null
Parameters
- $user : array<string|int, mixed>
- $token : string
Return values
CRM_Standaloneusers_WorkflowMessage_PasswordReset|nullsingleton()
public
static singleton() : Security
Return values
SecuritycheckHashedPassword()
Check whether a password matches a hashed version.
protected
checkHashedPassword(string $plaintextPassword, string $storedHashedPassword) : bool
Parameters
- $plaintextPassword : string
- $storedHashedPassword : string