Differential D3379 Diff 10093 src/app/Observers/UserObserver.php

Changeset View

Standalone View

src/app/Observers/UserObserver.php

Show First 20 Lines • Show All 290 Lines • ▼ Show 20 Lines	class UserObserver
* Store the old password in user password history. Make sure		* Store the old password in user password history. Make sure
* we do not store more passwords than we need in the history.		* we do not store more passwords than we need in the history.
*		*
* @param \App\User $user The user		* @param \App\User $user The user
* @param string $password The old password		* @param string $password The old password
*/		*/
private static function saveOldPassword(User $user, string $password): void		private static function saveOldPassword(User $user, string $password): void
{		{
		// Remember the timestamp of the last password change and unset the last warning date
		$user->setSettings([
		'password_expiration_warning' => null,
		// Note: We could get this from user_passwords table, but only if the policy
		// enables storing of old passwords there.
		'password_update' => now()->format('Y-m-d H:i:s'),
		]);

// Note: All this is kinda heavy and complicated because we don't want to store		// Note: All this is kinda heavy and complicated because we don't want to store
// more old passwords than we need. However, except the complication/performance,		// more old passwords than we need. However, except the complication/performance,
// there's one issue with it. E.g. the policy changes from 2 to 4, and we already		// there's one issue with it. E.g. the policy changes from 2 to 4, and we already
// removed the old passwords that were excessive before, but not now.		// removed the old passwords that were excessive before, but not now.

// Get the account password policy		// Get the account password policy
$policy = new \App\Rules\Password($user->walletOwner());		$policy = new \App\Rules\Password($user->walletOwner());
$rules = $policy->rules();		$rules = $policy->rules();
Show All 18 Lines