systemli · 0x46616c6b · Aug 31, 2024 · Sep 29, 2024 · t2d · Sep 18, 2024
@@ -205,8 +205,6 @@ public function recoveryToken(Request $request): Response
             $form->handleRequest($request);
 
             if ($form->isSubmitted() && $form->isValid()) {
-                $user->setPlainPassword($recoveryTokenModel->password);
-
                 // Check if user has a MailCrypt key
                 if ($user->hasMailCryptSecretBox()) {
                     // Decrypt the MailCrypt key

@@ -3,6 +3,7 @@
 namespace App\Entity;
 
 use App\Repository\UserRepository;
+use App\Traits\PlainPasswordTrait;
 use Stringable;
 use DateTime;
 use App\Enum\Roles;
@@ -19,7 +20,6 @@
 use App\Traits\PasswordTrait;
 use App\Traits\PasswordVersionTrait;
 use App\Traits\PlainMailCryptPrivateKeyTrait;
-use App\Traits\PlainPasswordTrait;
 use App\Traits\PlainRecoveryTokenTrait;
 use App\Traits\QuotaTrait;
 use App\Traits\RecoverySecretBoxTrait;
@@ -53,12 +53,12 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, Passwor
     use SaltTrait;
     use DeleteTrait;
     use InvitationVoucherTrait;
-    use PlainPasswordTrait;
     use DomainAwareTrait;
     use LastLoginTimeTrait;
     use PasswordVersionTrait;
-    use RecoverySecretBoxTrait;
+    use PlainPasswordTrait;
     use PlainRecoveryTokenTrait;
+    use RecoverySecretBoxTrait;
     use RecoveryStartTimeTrait;
     use MailCryptTrait;
     use MailCryptSecretBoxTrait;
@@ -142,4 +142,12 @@ public function getPasswordHasherName(): ?string
         // use default encoder
         return null;
     }
+
+    public function eraseCredentials(): void
+    {
+        // If you store any temporary, sensitive data on the user, clear it here
+        $this->plainPassword = null;
+        $this->erasePlainMailCryptPrivateKey();
+        $this->erasePlainRecoveryToken();
+    }
 }
@@ -4,28 +4,24 @@
 
 use App\Entity\User;
 use App\Event\LoginEvent;
-use App\Helper\PasswordUpdater;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 use Symfony\Component\Security\Http\SecurityEvents;
 
-class LoginListener implements EventSubscriberInterface
+readonly class LoginListener implements EventSubscriberInterface
 {
-    /**
-     * LoginListener constructor.
-     */
-    public function __construct(private readonly EntityManagerInterface $manager, private readonly PasswordUpdater $passwordUpdater)
+    public function __construct(private EntityManagerInterface $manager)
     {
     }
 
     public function onSecurityInteractiveLogin(InteractiveLoginEvent $event): void
     {
-        $request = $event->getRequest();
-        /** @var User $user */
         $user = $event->getAuthenticationToken()->getUser();
-        $user->setPlainPassword($request->get('_password'));
-        $this->handleLogin($user);
+
+        if ($user instanceof User) {
+            $this->handleLogin($user);
+        }
     }
 
     public function onLogin(LoginEvent $event): void
@@ -34,25 +30,12 @@ public function onLogin(LoginEvent $event): void
     }
 
     private function handleLogin(User $user): void
-    {
-        // update password hash if necessary
-        if (($user->getPasswordVersion() < User::CURRENT_PASSWORD_VERSION) && null !== $plainPassword = $user->getPlainPassword()) {
-            $user->setPasswordVersion(User::CURRENT_PASSWORD_VERSION);
-            $this->passwordUpdater->updatePassword($user, $plainPassword);
-        }
-        $this->updateLastLogin($user);
-    }
-
-    private function updateLastLogin(User $user): void
     {
         $user->updateLastLoginTime();
         $this->manager->persist($user);
         $this->manager->flush();
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public static function getSubscribedEvents(): array
     {
         return [

@@ -73,7 +73,6 @@ private function buildUser(Registration $registration): User
     {
         $user = new User();
         $user->setEmail(strtolower((string)$registration->getEmail()));
-        $user->setPlainPassword($registration->getPlainPassword());
         $user->setRoles([Roles::USER]);
 
         if (null !== $domain = $this->domainGuesser->guess($registration->getEmail())) {

@@ -25,8 +25,6 @@ public function authenticate(User $user, string $password): ?User
         if (!$hasher->verify($user->getPassword(), $password)) {
             return null;
         }
-        $user->setPlainPassword($password);
-
         $this->eventDispatcher->dispatch(new LoginEvent($user), LoginEvent::NAME);
 
         return $user;

@@ -23,12 +23,4 @@ public function setPlainPassword(?string $plainPassword): void
     {
         $this->plainPassword = $plainPassword;
     }
-
-    public function eraseCredentials(): void
-    {
-        // If you store any temporary, sensitive data on the user, clear it here
-        $this->plainPassword = null;
-        $this->erasePlainMailCryptPrivateKey();
-        $this->erasePlainRecoveryToken();
-    }
 }
@@ -55,16 +55,6 @@ public function testGetPasswordHasherName(): void
         self::assertEquals('legacy', $user->getPasswordHasherName());
     }
 
-    public function testPlainPassword(): void
-    {
-        $user = new User();
-        self::assertEquals(null, $user->getPlainPassword());
-        $user->setPlainPassword('test');
-        self::assertEquals('test', $user->getPlainPassword());
-        $user->eraseCredentials();
-        self::assertEquals(null, $user->getPlainPassword());
-    }
-
     public function testHasRecoverySecretBox(): void
     {
         $user = new User();

@@ -7,7 +7,6 @@
 use App\EventListener\LoginListener;
 use App\Helper\PasswordUpdater;
 use Doctrine\ORM\EntityManagerInterface;
-use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -17,33 +16,20 @@
 class LoginListenerTest extends TestCase
 {
     private EntityManagerInterface $manager;
-    private PasswordUpdater $passwordUpdater;
     private LoginListener $listener;
 
     public function setUp(): void
     {
         $this->manager = $this->getMockBuilder(EntityManagerInterface::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $this->passwordUpdater = $this->getMockBuilder(PasswordUpdater::class)
-            ->disableOriginalConstructor()
-            ->getMock();
-        $this->listener = new LoginListener($this->manager, $this->passwordUpdater);
+        $this->listener = new LoginListener($this->manager);
     }
 
-    /**
-     * @dataProvider provider
-     */
-    public function testOnSecurityInteractiveLogin(User $user, bool $update): void
+    public function testOnSecurityInteractiveLogin(): void
     {
+        $user = new User();
         $this->manager->expects($this->once())->method('flush');
-
-        if ($update) {
-            $this->passwordUpdater->expects($this->once())->method('updatePassword');
-        } else {
-            $this->passwordUpdater->expects($this->never())->method('updatePassword');
-        }
-
         $event = $this->getEvent($user);
 
         $this->listener->onSecurityInteractiveLogin($event);
@@ -74,25 +60,6 @@ private function getEvent(User $user): InteractiveLoginEvent
         return $event;
     }
 
-    public function provider(): array
-    {
-        return [
-            [$this->getUser(null), true],
-            [$this->getUser(0), true],
-            [$this->getUser(1), true],
-            [$this->getUser(2), false],
-            [$this->getUser(3), false],
-        ];
-    }
-
-    public function getUser(?int $passwordVersion): User
-    {
-        $user = new User();
-        $user->setPasswordVersion($passwordVersion);
-
-        return $user;
-    }
-
     public function testGetSubscribedEvents(): void
     {
         $this->assertEquals([

@@ -26,7 +26,6 @@ public function testCreateExceptionPlainMailCryptPrivateKeyNull(): void
         $handler = $this->createHandler();
         $user = new User();
 
-        $user->setPlainPassword('password');
         $handler->create($user);
     }
 
@@ -35,7 +34,6 @@ public function testCreate(): void
         $handler = $this->createHandler();
         $user = new User();
 
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('dummyKey');
         $handler->create($user);
 
@@ -49,7 +47,6 @@ public function testVerify(): void
 
         self::assertFalse($handler->verify($user, 'recoveryToken'));
 
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('dummyKey');
         $handler->create($user);
 
@@ -78,7 +75,6 @@ public function testDecryptExceptionDecryptionFailed(): void
         $this->expectExceptionMessage('decryption of recoverySecretBox failed');
         $handler = $this->createHandler();
         $user = new User();
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('privateKey');
         $handler->create($user);
 
@@ -89,7 +85,6 @@ public function testDecrypt(): void
     {
         $handler = $this->createHandler();
         $user = new User();
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('privateKey');
         $handler->create($user);
         $recoveryToken = $user->getPlainRecoveryToken();

@@ -28,7 +28,6 @@ public function setUp(): void
     public function testUpdateAdminPassword(): void
     {
         $admin = new User();
-        $admin->setPlainPassword('password');
         $admin->setPassword('impossible_login');
 
         $adminPasswordUpdater = new AdminPasswordUpdater(