1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-31 21:12:41 +00:00
Arsse/lib/User.php

226 lines
8.8 KiB
PHP
Raw Permalink Normal View History

<?php
/** @license MIT
* Copyright 2017 J. King, Dustin Wilson et al.
* See LICENSE and AUTHORS files for details */
declare(strict_types=1);
2021-04-14 15:17:01 +00:00
2017-03-28 04:12:12 +00:00
namespace JKingWeb\Arsse;
use JKingWeb\Arsse\Misc\ValueInfo as V;
2020-11-16 05:11:19 +00:00
use JKingWeb\Arsse\User\ExceptionConflict as Conflict;
use PasswordGenerator\Generator as PassGen;
class User {
2020-03-01 23:32:01 +00:00
public const DRIVER_NAMES = [
'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,
];
2020-12-05 16:01:44 +00:00
public const PROPERTIES = [
2020-12-11 18:31:35 +00:00
'admin' => V::T_BOOL,
'lang' => V::T_STRING,
'tz' => V::T_STRING,
2021-02-10 16:24:01 +00:00
'root_folder_name' => V::T_STRING,
2020-12-11 18:31:35 +00:00
'sort_asc' => V::T_BOOL,
'theme' => V::T_STRING,
'page_size' => V::T_INT, // greater than zero
'shortcuts' => V::T_BOOL,
'gestures' => V::T_BOOL,
'reading_time' => V::T_BOOL,
2021-02-10 16:24:01 +00:00
'stylesheet' => V::T_STRING,
2020-12-05 16:01:44 +00:00
];
public const PROPERTIES_LARGE = ["stylesheet"];
2017-08-29 14:50:31 +00:00
public $id = null;
2017-02-16 20:29:42 +00:00
2020-03-01 20:16:50 +00:00
/** @var User\Driver */
2017-02-16 20:29:42 +00:00
protected $u;
public function __construct(?\JKingWeb\Arsse\User\Driver $driver = null) {
$this->u = $driver ?? new Arsse::$conf->userDriver;
2017-02-16 20:29:42 +00:00
}
public function __toString() {
return (string) $this->id;
}
public function begin(): Db\Transaction {
/* TODO: A proper implementation of this would return a meta-transaction
2021-01-08 20:47:19 +00:00
object which would contain both a user-manager transaction (when
applicable) and a database transaction, and commit or roll back both
2021-01-08 20:47:19 +00:00
as the situation calls.
In theory, an external user driver would probably have to implement its
2021-01-08 20:47:19 +00:00
own approximation of atomic transactions and rollback. In practice the
only driver is the internal one, which is always backed by an ACID
database; the added complexity is thus being deferred until such time
as it is actually needed for a concrete implementation.
*/
return Arsse::$db->begin();
}
public function auth(string $user, string $password): bool {
$prevUser = $this->id;
$this->id = $user;
if (Arsse::$conf->userPreAuth) {
$out = true;
} else {
$out = $this->u->auth($user, $password);
}
// if authentication was successful and we don't have the user in the internal database, add it
// users must be in the internal database to preserve referential integrity
if ($out && !Arsse::$db->userExists($user)) {
Arsse::$db->userAdd($user, $password);
2017-07-21 02:40:09 +00:00
}
$this->id = $prevUser;
return $out;
2017-02-16 20:29:42 +00:00
}
public function list(): array {
return $this->u->userList();
2017-02-16 20:29:42 +00:00
}
public function lookup(int $num): string {
// the user number is always stored in the internal database, so the user driver is not called here
return Arsse::$db->userLookup($num);
}
public function add(string $user, ?string $password = null): string {
// ensure the user name does not contain any U+003A COLON or control characters, as
2020-11-16 05:11:19 +00:00
// this is incompatible with HTTP Basic authentication
if (preg_match("/[\x{00}-\x{1F}\x{7F}:]/", $user, $m)) {
$c = ord($m[0]);
throw new User\ExceptionInput("invalidUsername", "U+".str_pad((string) $c, 4, "0", \STR_PAD_LEFT)." ".\IntlChar::charName($c, \IntlChar::EXTENDED_CHAR_NAME));
2020-11-16 05:11:19 +00:00
}
try {
$out = $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());
2020-11-16 05:11:19 +00:00
} catch (Conflict $e) {
if (!Arsse::$db->userExists($user)) {
2020-11-16 05:11:19 +00:00
Arsse::$db->userAdd($user, null);
}
2020-11-16 05:11:19 +00:00
throw $e;
}
// synchronize the internal database
if (!Arsse::$db->userExists($user)) {
Arsse::$db->userAdd($user, $out);
}
return $out;
2017-02-16 20:29:42 +00:00
}
public function rename(string $user, string $newName): bool {
2021-01-08 20:47:19 +00:00
// ensure the new user name does not contain any U+003A COLON or
// control characters, as this is incompatible with HTTP Basic authentication
if (preg_match("/[\x{00}-\x{1F}\x{7F}:]/", $newName, $m)) {
$c = ord($m[0]);
throw new User\ExceptionInput("invalidUsername", "U+".str_pad((string) $c, 4, "0", \STR_PAD_LEFT)." ".\IntlChar::charName($c, \IntlChar::EXTENDED_CHAR_NAME));
}
if ($this->u->userRename($user, $newName)) {
$tr = Arsse::$db->begin();
if (!Arsse::$db->userExists($user)) {
Arsse::$db->userAdd($newName, null);
} else {
Arsse::$db->userRename($user, $newName);
// invalidate any sessions and Fever passwords
Arsse::$db->sessionDestroy($newName);
Arsse::$db->tokenRevoke($newName, "fever.login");
}
$tr->commit();
return true;
}
return false;
}
2017-02-16 20:29:42 +00:00
public function remove(string $user): bool {
try {
2020-11-16 05:11:19 +00:00
$out = $this->u->userRemove($user);
} catch (Conflict $e) {
if (Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user);
}
2020-11-16 05:11:19 +00:00
throw $e;
2017-02-16 20:29:42 +00:00
}
2020-11-16 05:11:19 +00:00
if (Arsse::$db->userExists($user)) {
// if the user was removed and we (still) have it in the internal database, remove it there
Arsse::$db->userRemove($user);
}
return $out;
2017-02-16 20:29:42 +00:00
}
public function passwordSet(string $user, ?string $newPassword, $oldPassword = null): string {
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);
if (Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, $out);
// also invalidate any current sessions for the user
Arsse::$db->sessionDestroy($user);
} else {
// if the user does not exist, add it with the new password
Arsse::$db->userAdd($user, $out);
}
return $out;
2017-02-16 20:29:42 +00:00
}
public function passwordUnset(string $user, $oldPassword = null): bool {
$out = $this->u->userPasswordUnset($user, $oldPassword);
if (Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, null);
// also invalidate any current sessions for the user
Arsse::$db->sessionDestroy($user);
}
return $out;
}
public function generatePassword(): string {
return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
}
2020-11-16 15:24:06 +00:00
2020-12-05 16:01:44 +00:00
public function propertiesGet(string $user, bool $includeLarge = true): array {
$extra = $this->u->userPropertiesGet($user, $includeLarge);
// synchronize the internal database
if (!Arsse::$db->userExists($user)) {
2020-11-16 15:24:06 +00:00
Arsse::$db->userAdd($user, null);
Arsse::$db->userPropertiesSet($user, $extra);
}
2020-11-16 15:24:06 +00:00
// retrieve from the database to get at least the user number, and anything else the driver does not provide
2020-12-07 05:07:10 +00:00
$meta = Arsse::$db->userPropertiesGet($user, $includeLarge);
2020-12-05 16:01:44 +00:00
// combine all the data
$out = ['num' => $meta['num']];
foreach (self::PROPERTIES as $k => $t) {
if (array_key_exists($k, $extra)) {
2020-12-05 16:01:44 +00:00
$v = $extra[$k];
} elseif (array_key_exists($k, $meta)) {
$v = $meta[$k];
} else {
$v = null;
}
2020-12-05 16:01:44 +00:00
$out[$k] = V::normalize($v, $t | V::M_NULL);
2020-11-16 15:24:06 +00:00
}
return $out;
}
2020-11-16 15:24:06 +00:00
public function propertiesSet(string $user, array $data): array {
$in = [];
2020-12-05 16:01:44 +00:00
foreach (self::PROPERTIES as $k => $t) {
if (array_key_exists($k, $data)) {
2020-12-07 05:07:10 +00:00
try {
$in[$k] = V::normalize($data[$k], $t | V::M_NULL | V::M_STRICT);
} catch (\JKingWeb\Arsse\ExceptionType $e) {
throw new User\ExceptionInput("invalidValue", ['field' => $k, 'type' => $t], $e);
}
}
}
2020-12-05 16:01:44 +00:00
if (isset($in['tz']) && !@timezone_open($in['tz'])) {
throw new User\ExceptionInput("invalidTimezone", ['field' => "tz", 'value' => $in['tz']]);
} elseif (isset($in['page_size']) && $in['page_size'] < 1) {
throw new User\ExceptionInput("invalidNonZeroInteger", ['field' => "page_size"]);
}
$out = $this->u->userPropertiesSet($user, $in);
// synchronize the internal database
if (!Arsse::$db->userExists($user)) {
Arsse::$db->userAdd($user, null);
}
Arsse::$db->userPropertiesSet($user, $out);
return $out;
}
2017-08-29 14:50:31 +00:00
}