2016-10-28 12:27:35 +00:00
|
|
|
<?php
|
2017-11-17 01:23:18 +00:00
|
|
|
/** @license MIT
|
|
|
|
|
* Copyright 2017 J. King, Dustin Wilson et al.
|
|
|
|
|
* See LICENSE and AUTHORS files for details */
|
|
|
|
|
|
2016-10-28 12:27:35 +00:00
|
|
|
declare(strict_types=1);
|
2017-03-28 04:12:12 +00:00
|
|
|
namespace JKingWeb\Arsse;
|
2016-10-28 12:27:35 +00:00
|
|
|
|
|
|
|
|
class User {
|
2017-05-19 03:03:33 +00:00
|
|
|
|
2017-08-29 14:50:31 +00:00
|
|
|
public $id = null;
|
2017-02-16 20:29:42 +00:00
|
|
|
|
2017-07-14 14:16:16 +00:00
|
|
|
/**
|
|
|
|
|
* @var User\Driver
|
|
|
|
|
*/
|
2017-02-16 20:29:42 +00:00
|
|
|
protected $u;
|
2017-04-07 01:41:21 +00:00
|
|
|
|
2017-08-29 14:50:31 +00:00
|
|
|
public static function driverList(): array {
|
2017-02-16 20:29:42 +00:00
|
|
|
$sep = \DIRECTORY_SEPARATOR;
|
|
|
|
|
$path = __DIR__.$sep."User".$sep;
|
|
|
|
|
$classes = [];
|
2017-08-29 14:50:31 +00:00
|
|
|
foreach (glob($path."*".$sep."Driver.php") as $file) {
|
2017-03-07 23:01:13 +00:00
|
|
|
$name = basename(dirname($file));
|
|
|
|
|
$class = NS_BASE."User\\$name\\Driver";
|
|
|
|
|
$classes[$class] = $class::driverName();
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
return $classes;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-28 22:50:00 +00:00
|
|
|
public function __construct() {
|
2017-07-17 11:47:57 +00:00
|
|
|
$driver = Arsse::$conf->userDriver;
|
2017-03-28 22:50:00 +00:00
|
|
|
$this->u = new $driver();
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function __toString() {
|
|
|
|
|
return (string) $this->id;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-28 14:59:17 +00:00
|
|
|
// at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
|
|
|
|
|
public function authorize(string $affectedUser, string $action): bool {
|
2017-02-23 04:22:45 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
2017-04-07 01:41:21 +00:00
|
|
|
|
2018-10-28 14:59:17 +00:00
|
|
|
public function auth(string $user, string $password): bool {
|
|
|
|
|
$prevUser = $this->id ?? null;
|
|
|
|
|
$this->id = $user;
|
|
|
|
|
switch ($this->u->driverFunctions("auth")) {
|
|
|
|
|
case User\Driver::FUNC_EXTERNAL:
|
|
|
|
|
if (Arsse::$conf->userPreAuth) {
|
|
|
|
|
$out = true;
|
|
|
|
|
} else {
|
|
|
|
|
$out = $this->u->auth($user, $password);
|
|
|
|
|
}
|
|
|
|
|
if ($out && !Arsse::$db->userExists($user)) {
|
|
|
|
|
$this->autoProvision($user, $password);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case User\Driver::FUNC_INTERNAL:
|
|
|
|
|
if (Arsse::$conf->userPreAuth) {
|
|
|
|
|
if (!Arsse::$db->userExists($user)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
$this->autoProvision($user, $password);
|
|
|
|
|
}
|
2018-10-28 14:59:17 +00:00
|
|
|
$out = true;
|
|
|
|
|
} else {
|
|
|
|
|
$out = $this->u->auth($user, $password);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
|
|
|
$out = false;
|
|
|
|
|
break;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
2018-10-28 14:59:17 +00:00
|
|
|
if (!$out) {
|
|
|
|
|
$this->id = $prevUser;
|
2017-07-21 02:40:09 +00:00
|
|
|
}
|
2018-10-28 14:59:17 +00:00
|
|
|
return $out;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function driverFunctions(string $function = null) {
|
|
|
|
|
return $this->u->driverFunctions($function);
|
|
|
|
|
}
|
2017-04-07 01:41:21 +00:00
|
|
|
|
2018-10-28 14:59:17 +00:00
|
|
|
public function list(): array {
|
2017-02-20 22:04:13 +00:00
|
|
|
$func = "userList";
|
2017-08-29 14:50:31 +00:00
|
|
|
switch ($this->u->driverFunctions($func)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
case User\Driver::FUNC_EXTERNAL:
|
|
|
|
|
// we handle authorization checks for external drivers
|
2018-10-28 14:59:17 +00:00
|
|
|
if (!$this->authorize("", $func)) {
|
|
|
|
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
|
2017-02-20 22:04:13 +00:00
|
|
|
}
|
2017-12-07 20:18:25 +00:00
|
|
|
// no break
|
2017-02-20 22:04:13 +00:00
|
|
|
case User\Driver::FUNC_INTERNAL:
|
|
|
|
|
// internal functions handle their own authorization
|
|
|
|
|
return $this->u->userList($domain);
|
|
|
|
|
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
|
|
|
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $domain]);
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function exists(string $user): bool {
|
2017-02-20 22:04:13 +00:00
|
|
|
$func = "userExists";
|
2017-08-29 14:50:31 +00:00
|
|
|
switch ($this->u->driverFunctions($func)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
case User\Driver::FUNC_EXTERNAL:
|
|
|
|
|
// we handle authorization checks for external drivers
|
2017-08-29 14:50:31 +00:00
|
|
|
if (!$this->authorize($user, $func)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
$out = $this->u->userExists($user);
|
2017-08-29 14:50:31 +00:00
|
|
|
if ($out && !Arsse::$db->userExists($user)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
$this->autoProvision($user, "");
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
return $out;
|
|
|
|
|
case User\Driver::FUNC_INTERNAL:
|
|
|
|
|
// internal functions handle their own authorization
|
|
|
|
|
return $this->u->userExists($user);
|
|
|
|
|
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
|
|
|
// throwing an exception here would break all kinds of stuff; we just report that the user exists
|
|
|
|
|
return true;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-20 22:04:13 +00:00
|
|
|
public function add($user, $password = null): string {
|
|
|
|
|
$func = "userAdd";
|
2017-08-29 14:50:31 +00:00
|
|
|
switch ($this->u->driverFunctions($func)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
case User\Driver::FUNC_EXTERNAL:
|
|
|
|
|
// we handle authorization checks for external drivers
|
2017-08-29 14:50:31 +00:00
|
|
|
if (!$this->authorize($user, $func)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
$newPassword = $this->u->userAdd($user, $password);
|
|
|
|
|
// if there was no exception and we don't have the user in the internal database, add it
|
2017-08-29 14:50:31 +00:00
|
|
|
if (!Arsse::$db->userExists($user)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
$this->autoProvision($user, $newPassword);
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
return $newPassword;
|
|
|
|
|
case User\Driver::FUNC_INTERNAL:
|
|
|
|
|
// internal functions handle their own authorization
|
|
|
|
|
return $this->u->userAdd($user, $password);
|
|
|
|
|
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
|
|
|
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function remove(string $user): bool {
|
2017-02-20 22:04:13 +00:00
|
|
|
$func = "userRemove";
|
2017-08-29 14:50:31 +00:00
|
|
|
switch ($this->u->driverFunctions($func)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
case User\Driver::FUNC_EXTERNAL:
|
|
|
|
|
// we handle authorization checks for external drivers
|
2017-08-29 14:50:31 +00:00
|
|
|
if (!$this->authorize($user, $func)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
$out = $this->u->userRemove($user);
|
2017-08-29 14:50:31 +00:00
|
|
|
if ($out && Arsse::$db->userExists($user)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
// if the user was removed and we have it in our data, remove it there
|
2017-08-29 14:50:31 +00:00
|
|
|
if (!Arsse::$db->userExists($user)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
Arsse::$db->userRemove($user);
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
}
|
|
|
|
|
return $out;
|
|
|
|
|
case User\Driver::FUNC_INTERNAL:
|
|
|
|
|
// internal functions handle their own authorization
|
|
|
|
|
return $this->u->userRemove($user);
|
|
|
|
|
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
|
|
|
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-21 00:04:08 +00:00
|
|
|
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
|
2017-02-20 22:04:13 +00:00
|
|
|
$func = "userPasswordSet";
|
2017-08-29 14:50:31 +00:00
|
|
|
switch ($this->u->driverFunctions($func)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
case User\Driver::FUNC_EXTERNAL:
|
|
|
|
|
// we handle authorization checks for external drivers
|
2017-08-29 14:50:31 +00:00
|
|
|
if (!$this->authorize($user, $func)) {
|
2017-07-21 02:40:09 +00:00
|
|
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
|
|
|
|
}
|
2017-02-20 22:04:13 +00:00
|
|
|
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
|
2017-08-29 14:50:31 +00:00
|
|
|
if (Arsse::$db->userExists($user)) {
|
2017-02-20 22:04:13 +00:00
|
|
|
// if the password change was successful and the user exists, set the internal password to the same value
|
2017-07-17 11:47:57 +00:00
|
|
|
Arsse::$db->userPasswordSet($user, $out);
|
2017-02-20 22:04:13 +00:00
|
|
|
} else {
|
|
|
|
|
// if the user does not exists in the internal database, create it
|
|
|
|
|
$this->autoProvision($user, $out);
|
|
|
|
|
}
|
|
|
|
|
return $out;
|
|
|
|
|
case User\Driver::FUNC_INTERNAL:
|
|
|
|
|
// internal functions handle their own authorization
|
|
|
|
|
return $this->u->userPasswordSet($user, $newPassword);
|
|
|
|
|
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
|
|
|
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-28 14:59:17 +00:00
|
|
|
protected function autoProvision(string $user, string $password = null): string {
|
2017-07-17 11:47:57 +00:00
|
|
|
$out = Arsse::$db->userAdd($user, $password);
|
2017-02-20 22:04:13 +00:00
|
|
|
return $out;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
2017-08-29 14:50:31 +00:00
|
|
|
}
|
