PasswordPolicyValidator.php in Password Policy 8.3
File
src/PasswordPolicyValidator.php
View source
<?php
namespace Drupal\password_policy;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Password\PasswordInterface;
use Drupal\user\UserInterface;
class PasswordPolicyValidator implements PasswordPolicyValidatorInterface {
protected $passwordConstraintPluginManager;
protected $passwordPolicyStorage;
public function __construct(EntityTypeManagerInterface $entityTypeManager, PasswordConstraintPluginManager $passwordConstraintPluginManager) {
$this->passwordConstraintPluginManager = $passwordConstraintPluginManager;
$this->passwordPolicyStorage = $entityTypeManager
->getStorage('password_policy');
}
public function validatePassword(string $password, UserInterface $user, array $edited_user_roles = []) : bool {
if (strlen($password) > PasswordInterface::PASSWORD_MAX_LENGTH) {
return TRUE;
}
if (empty($edited_user_roles)) {
$edited_user_roles = $user
->getRoles();
$edited_user_roles = array_combine($edited_user_roles, $edited_user_roles);
}
$valid = TRUE;
$applicable_policies = $this
->getApplicablePolicies($edited_user_roles);
$original_roles = $user
->getRoles();
$original_roles = array_combine($original_roles, $original_roles);
$force_failure = FALSE;
if (!empty(array_diff($edited_user_roles, $original_roles)) && $password === '' && !empty($applicable_policies)) {
$force_failure = TRUE;
}
foreach ($applicable_policies as $policy) {
$policy_constraints = $policy
->getConstraints();
foreach ($policy_constraints as $constraint) {
$plugin_object = $this->passwordConstraintPluginManager
->createInstance($constraint['id'], $constraint);
$validation = $plugin_object
->validate($password, $user);
if ($valid && $password !== '' && !$validation
->isValid()) {
$valid = FALSE;
}
elseif ($force_failure) {
$valid = FALSE;
}
}
}
return $valid;
}
public function buildPasswordPolicyConstraintsTableRows(string $password, UserInterface $user, array $edited_user_roles = []) : array {
if (empty($edited_user_roles)) {
$edited_user_roles = $user
->getRoles();
$edited_user_roles = array_combine($edited_user_roles, $edited_user_roles);
}
$applicable_policies = $this
->getApplicablePolicies($edited_user_roles);
$original_roles = $user
->getRoles();
$original_roles = array_combine($original_roles, $original_roles);
$force_failure = FALSE;
if ($edited_user_roles !== $original_roles && $password === '' && !empty($applicable_policies)) {
$force_failure = TRUE;
}
$policies_table_rows = [];
foreach ($applicable_policies as $policy) {
$policy_constraints = $policy
->getConstraints();
foreach ($policy_constraints as $constraint) {
$plugin_object = $this->passwordConstraintPluginManager
->createInstance($constraint['id'], $constraint);
$validation = $plugin_object
->validate($password, $user);
if (!$force_failure && $validation
->isValid()) {
$status = t('Pass');
}
else {
$message = $validation
->getErrorMessage();
if (empty($message)) {
$message = t('New role was added or existing password policy changed. Please update your password.');
}
$status = t('Fail - @message', [
'@message' => $message,
]);
}
$status_class = 'password-policy-constraint-' . ($validation
->isValid() ? 'passed' : 'failed');
$table_row = [
'data' => [
'policy' => $policy
->label(),
'status' => $status,
'constraint' => $plugin_object
->getSummary(),
],
'class' => [
$status_class,
],
];
$policies_table_rows[] = $table_row;
}
}
return $policies_table_rows;
}
protected function getApplicablePolicies($roles) : array {
$applicable_policies = [];
foreach ($roles as $role) {
if ($role) {
$role_map = [
'roles.' . $role => $role,
];
$role_policies = $this->passwordPolicyStorage
->loadByProperties($role_map);
foreach ($role_policies as $policy) {
if (!array_key_exists($policy
->id(), $applicable_policies)) {
$applicable_policies[$policy
->id()] = $policy;
}
}
}
}
return $applicable_policies;
}
}
