Arsse/lib/User.php

<?php
/** @license MIT
 * Copyright 2017 J. King, Dustin Wilson et al.
 * See LICENSE and AUTHORS files for details */

declare(strict_types=1);
namespace JKingWeb\Arsse;

use JKingWeb\Arsse\Misc\ValueInfo as V;
use JKingWeb\Arsse\User\ExceptionConflict as Conflict;
use PasswordGenerator\Generator as PassGen;

class User {
    public const DRIVER_NAMES = [
        'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,
    ];
    public const PROPERTIES = [
        'admin'        => V::T_BOOL,
        'lang'         => V::T_STRING,
        'tz'           => V::T_STRING,
        'sort_asc'     => V::T_BOOL,
        'theme'        => V::T_STRING,
        'page_size'    => V::T_INT, // greater than zero
        'shortcuts'    => V::T_BOOL,
        'gestures'     => V::T_BOOL,
        'stylesheet'   => V::T_STRING,
        'reading_time' => V::T_BOOL,
    ];
    public const PROPERTIES_LARGE = ["stylesheet"];

    public $id = null;

    /** @var User\Driver */
    protected $u;

    public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {
        $this->u = $driver ?? new Arsse::$conf->userDriver;
    }

    public function __toString() {
        return (string) $this->id;
    }

    public function auth(string $user, string $password): bool {
        $prevUser = $this->id;
        $this->id = $user;
        if (Arsse::$conf->userPreAuth) {
            $out = true;
        } else {
            $out = $this->u->auth($user, $password);
        }
        // if authentication was successful and we don't have the user in the internal database, add it
        // users must be in the internal database to preserve referential integrity
        if ($out && !Arsse::$db->userExists($user)) {
            Arsse::$db->userAdd($user, $password);
        }
        $this->id = $prevUser;
        return $out;
    }

    public function list(): array {
        return $this->u->userList();
    }

    public function add(string $user, ?string $password = null): string {
        // ensure the user name does not contain any U+003A COLON characters, as
        // this is incompatible with HTTP Basic authentication
        if (strpos($user, ":") !== false) {
            throw new User\ExceptionInput("invalidUsername", "U+003A COLON");
        }
        try {
            $out = $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());
        } catch (Conflict $e) {
            if (!Arsse::$db->userExists($user)) {
                Arsse::$db->userAdd($user, null);
            }
            throw $e;
        }
        // synchronize the internal database
        if (!Arsse::$db->userExists($user)) {
            Arsse::$db->userAdd($user, $out);
        }
        return $out;
    }

    public function remove(string $user): bool {
        try {
            $out = $this->u->userRemove($user);
        } catch (Conflict $e) {
            if (Arsse::$db->userExists($user)) {
                Arsse::$db->userRemove($user);
            }
            throw $e;
        }
        if (Arsse::$db->userExists($user)) {
            // if the user was removed and we (still) have it in the internal database, remove it there
            Arsse::$db->userRemove($user);
        }
        return $out;
    }

    public function passwordSet(string $user, ?string $newPassword, $oldPassword = null): string {
        $out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);
        if (Arsse::$db->userExists($user)) {
            // if the password change was successful and the user exists, set the internal password to the same value
            Arsse::$db->userPasswordSet($user, $out);
            // also invalidate any current sessions for the user
            Arsse::$db->sessionDestroy($user);
        } else {
            // if the user does not exist, add it with the new password
            Arsse::$db->userAdd($user, $out);
        }
        return $out;
    }

    public function passwordUnset(string $user, $oldPassword = null): bool {
        $out = $this->u->userPasswordUnset($user, $oldPassword);
        if (Arsse::$db->userExists($user)) {
            // if the password change was successful and the user exists, set the internal password to the same value
            Arsse::$db->userPasswordSet($user, null);
            // also invalidate any current sessions for the user
            Arsse::$db->sessionDestroy($user);
        }
        return $out;
    }

    public function generatePassword(): string {
        return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
    }

    public function propertiesGet(string $user, bool $includeLarge = true): array {
        $extra = $this->u->userPropertiesGet($user, $includeLarge);
        // synchronize the internal database
        if (!Arsse::$db->userExists($user)) {
            Arsse::$db->userAdd($user, null);
            Arsse::$db->userPropertiesSet($user, $extra);
        }
        // retrieve from the database to get at least the user number, and anything else the driver does not provide
        $meta = Arsse::$db->userPropertiesGet($user, $includeLarge);
        // combine all the data
        $out = ['num' => $meta['num']];
        foreach (self::PROPERTIES as $k => $t) {
            if (array_key_exists($k, $extra)) {
                $v = $extra[$k];
            } elseif (array_key_exists($k, $meta)) {
                $v = $meta[$k];
            } else {
                $v = null;
            }
            $out[$k] = V::normalize($v, $t | V::M_NULL);
        }
        return $out;
    }

    public function propertiesSet(string $user, array $data): array {
        $in = [];
        foreach (self::PROPERTIES as $k => $t) {
            if (array_key_exists($k, $data)) {
                try {
                    $in[$k] = V::normalize($data[$k], $t | V::M_NULL | V::M_STRICT);
                } catch (\JKingWeb\Arsse\ExceptionType $e) {
                    throw new User\ExceptionInput("invalidValue", ['field' => $k, 'type' => $t], $e);
                }
            }
        }
        if (isset($in['tz']) && !@timezone_open($in['tz'])) {
            throw new User\ExceptionInput("invalidTimezone", ['field' => "tz", 'value' => $in['tz']]);
        } elseif (isset($in['page_size']) && $in['page_size'] < 1) {
            throw new User\ExceptionInput("invalidNonZeroInteger", ['field' => "page_size"]);
        }
        $out = $this->u->userPropertiesSet($user, $in);
        // synchronize the internal database
        if (!Arsse::$db->userExists($user)) {
            Arsse::$db->userAdd($user, null);
        }
        Arsse::$db->userPropertiesSet($user, $out);
        return $out;
    }
}
Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00			`<?php`
Added per-file legal boilerplate Includes PHPDoc license tag in the file-level block with accompanying copyright notice. Also added an AUTHORS file on the off chance of outside contributions 2017-11-16 20:23:18 -05:00			`/** @license MIT`
			`* Copyright 2017 J. King, Dustin Wilson et al.`
			`* See LICENSE and AUTHORS files for details */`

Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00			`declare(strict_types=1);`
Changed "NewsSync" to "Arsse" 2017-03-27 23:12:12 -05:00			`namespace JKingWeb\Arsse;`
Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`use JKingWeb\Arsse\Misc\ValueInfo as V;`
More work on user management 2020-11-16 00:11:19 -05:00			`use JKingWeb\Arsse\User\ExceptionConflict as Conflict;`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`use PasswordGenerator\Generator as PassGen;`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00
Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00			`class User {`
Add class constant visibility 2020-03-01 18:32:01 -05:00			`public const DRIVER_NAMES = [`
Validate configuration parameters on import, and other changes - Each parameter is checked for type and normalized - Interval strings are converted to DateInterval objects - Timeouts can be specified as interval strings - Most intervals can be null to signify infinity - Driver classes are checked that they implement the correct interface - Short driver names may be used, and are used by default - Helpful errors messages are printed in case of erroneous configuration Exporting is currently broken; this will be fixed in an upcoming commit 2019-01-20 22:40:49 -05:00			`'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,`
			`];`
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`public const PROPERTIES = [`
			`'admin' => V::T_BOOL,`
			`'lang' => V::T_STRING,`
			`'tz' => V::T_STRING,`
			`'sort_asc' => V::T_BOOL,`
			`'theme' => V::T_STRING,`
			`'page_size' => V::T_INT, // greater than zero`
			`'shortcuts' => V::T_BOOL,`
			`'gestures' => V::T_BOOL,`
			`'stylesheet' => V::T_STRING,`
			`'reading_time' => V::T_BOOL,`
			`];`
Adjust database portion of user property manager 2020-12-05 22:13:48 -05:00			`public const PROPERTIES_LARGE = ["stylesheet"];`
Validate configuration parameters on import, and other changes - Each parameter is checked for type and normalized - Interval strings are converted to DateInterval objects - Timeouts can be specified as interval strings - Most intervals can be null to signify infinity - Driver classes are checked that they implement the correct interface - Short driver names may be used, and are used by default - Helpful errors messages are printed in case of erroneous configuration Exporting is currently broken; this will be fixed in an upcoming commit 2019-01-20 22:40:49 -05:00
Passed code through linter 2017-08-29 10:50:31 -04:00			`public $id = null;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00
Style fixes 2020-03-01 15:16:50 -05:00			`/** @var User\Driver */`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`protected $u;`
Fix whitespace Also fixed my editor so tabs won't happen again! 2017-04-06 21:41:21 -04:00
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {`
			`$this->u = $driver ?? new Arsse::$conf->userDriver;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`

			`public function __toString() {`
			`return (string) $this->id;`
			`}`

Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`public function auth(string $user, string $password): bool {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`$prevUser = $this->id;`
Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`$this->id = $user;`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (Arsse::$conf->userPreAuth) {`
			`$out = true;`
			`} else {`
			`$out = $this->u->auth($user, $password);`
			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`// if authentication was successful and we don't have the user in the internal database, add it`
			`// users must be in the internal database to preserve referential integrity`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if ($out && !Arsse::$db->userExists($user)) {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`Arsse::$db->userAdd($user, $password);`
More code coverage accommodation 2017-07-20 22:40:09 -04:00			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`$this->id = $prevUser;`
Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`return $out;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`

Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`public function list(): array {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`return $this->u->userList();`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`

Differentiate between duplicate/missing users and other failure modes 2020-11-15 16:24:26 -05:00			`public function add(string $user, ?string $password = null): string {`
More work on user management 2020-11-16 00:11:19 -05:00			`// ensure the user name does not contain any U+003A COLON characters, as`
			`// this is incompatible with HTTP Basic authentication`
			`if (strpos($user, ":") !== false) {`
			`throw new User\ExceptionInput("invalidUsername", "U+003A COLON");`
			`}`
Differentiate between duplicate/missing users and other failure modes 2020-11-15 16:24:26 -05:00			`try {`
			`$out = $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());`
More work on user management 2020-11-16 00:11:19 -05:00			`} catch (Conflict $e) {`
Differentiate between duplicate/missing users and other failure modes 2020-11-15 16:24:26 -05:00			`if (!Arsse::$db->userExists($user)) {`
More work on user management 2020-11-16 00:11:19 -05:00			`Arsse::$db->userAdd($user, null);`
Differentiate between duplicate/missing users and other failure modes 2020-11-15 16:24:26 -05:00			`}`
More work on user management 2020-11-16 00:11:19 -05:00			`throw $e;`
			`}`
			`// synchronize the internal database`
			`if (!Arsse::$db->userExists($user)) {`
			`Arsse::$db->userAdd($user, $out);`
Refinements to user manager A greater effort is made to keep the internal database synchronized 2020-11-11 18:50:27 -05:00			`}`
			`return $out;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`

			`public function remove(string $user): bool {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`try {`
More work on user management 2020-11-16 00:11:19 -05:00			`$out = $this->u->userRemove($user);`
			`} catch (Conflict $e) {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`if (Arsse::$db->userExists($user)) {`
			`Arsse::$db->userRemove($user);`
			`}`
More work on user management 2020-11-16 00:11:19 -05:00			`throw $e;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`
More work on user management 2020-11-16 00:11:19 -05:00			`if (Arsse::$db->userExists($user)) {`
			`// if the user was removed and we (still) have it in the internal database, remove it there`
			`Arsse::$db->userRemove($user);`
			`}`
			`return $out;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`

Differentiate between duplicate/missing users and other failure modes 2020-11-15 16:24:26 -05:00			`public function passwordSet(string $user, ?string $newPassword, $oldPassword = null): string {`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);`
			`if (Arsse::$db->userExists($user)) {`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`// if the password change was successful and the user exists, set the internal password to the same value`
			`Arsse::$db->userPasswordSet($user, $out);`
Invalidate sessions on password change; closes #170 2019-07-25 22:34:58 -04:00			`// also invalidate any current sessions for the user`
			`Arsse::$db->sessionDestroy($user);`
Refinements to user manager A greater effort is made to keep the internal database synchronized 2020-11-11 18:50:27 -05:00			`} else {`
			`// if the user does not exist, add it with the new password`
			`Arsse::$db->userAdd($user, $out);`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`}`
			`return $out;`
Converted all hard tabs to soft tabs 2017-02-16 14:29:42 -06:00			`}`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00
Add means of unsetting a password in the backend 2019-03-24 14:42:23 -04:00			`public function passwordUnset(string $user, $oldPassword = null): bool {`
			`$out = $this->u->userPasswordUnset($user, $oldPassword);`
			`if (Arsse::$db->userExists($user)) {`
			`// if the password change was successful and the user exists, set the internal password to the same value`
			`Arsse::$db->userPasswordSet($user, null);`
Invalidate sessions on password change; closes #170 2019-07-25 22:34:58 -04:00			`// also invalidate any current sessions for the user`
			`Arsse::$db->sessionDestroy($user);`
Add means of unsetting a password in the backend 2019-03-24 14:42:23 -04:00			`}`
			`return $out;`
			`}`

Basic Fever skeleton Authentication should work, but not tests have been written yet 2019-03-09 22:44:59 -05:00			`public function generatePassword(): string {`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();`
			`}`
More user tests 2020-11-16 10:24:06 -05:00
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`public function propertiesGet(string $user, bool $includeLarge = true): array {`
			`$extra = $this->u->userPropertiesGet($user, $includeLarge);`
Refinements to user manager A greater effort is made to keep the internal database synchronized 2020-11-11 18:50:27 -05:00			`// synchronize the internal database`
			`if (!Arsse::$db->userExists($user)) {`
More user tests 2020-11-16 10:24:06 -05:00			`Arsse::$db->userAdd($user, null);`
			`Arsse::$db->userPropertiesSet($user, $extra);`
Refinements to user manager A greater effort is made to keep the internal database synchronized 2020-11-11 18:50:27 -05:00			`}`
More user tests 2020-11-16 10:24:06 -05:00			`// retrieve from the database to get at least the user number, and anything else the driver does not provide`
Fix user manager and tests 2020-12-07 00:07:10 -05:00			`$meta = Arsse::$db->userPropertiesGet($user, $includeLarge);`
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`// combine all the data`
			`$out = ['num' => $meta['num']];`
			`foreach (self::PROPERTIES as $k => $t) {`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`if (array_key_exists($k, $extra)) {`
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`$v = $extra[$k];`
			`} elseif (array_key_exists($k, $meta)) {`
			`$v = $meta[$k];`
			`} else {`
			`$v = null;`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`}`
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`$out[$k] = V::normalize($v, $t \| V::M_NULL);`
More user tests 2020-11-16 10:24:06 -05:00			`}`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`return $out;`
			`}`
More user tests 2020-11-16 10:24:06 -05:00
Last bits of the new user metadata handling 2020-11-10 17:09:59 -05:00			`public function propertiesSet(string $user, array $data): array {`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`$in = [];`
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`foreach (self::PROPERTIES as $k => $t) {`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`if (array_key_exists($k, $data)) {`
Fix user manager and tests 2020-12-07 00:07:10 -05:00			`try {`
			`$in[$k] = V::normalize($data[$k], $t \| V::M_NULL \| V::M_STRICT);`
			`} catch (\JKingWeb\Arsse\ExceptionType $e) {`
			`throw new User\ExceptionInput("invalidValue", ['field' => $k, 'type' => $t], $e);`
			`}`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`}`
			`}`
WIP redesign of user properties 2020-12-05 11:01:44 -05:00			`if (isset($in['tz']) && !@timezone_open($in['tz'])) {`
			`throw new User\ExceptionInput("invalidTimezone", ['field' => "tz", 'value' => $in['tz']]);`
			`} elseif (isset($in['page_size']) && $in['page_size'] < 1) {`
			`throw new User\ExceptionInput("invalidNonZeroInteger", ['field' => "page_size"]);`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`}`
			`$out = $this->u->userPropertiesSet($user, $in);`
			`// synchronize the internal database`
Refinements to user manager A greater effort is made to keep the internal database synchronized 2020-11-11 18:50:27 -05:00			`if (!Arsse::$db->userExists($user)) {`
Last set of tests for user management. Fixes #180 2020-11-17 16:23:36 -05:00			`Arsse::$db->userAdd($user, null);`
Refinements to user manager A greater effort is made to keep the internal database synchronized 2020-11-11 18:50:27 -05:00			`}`
Last bits of the new user metadata handling 2020-11-10 17:09:59 -05:00			`Arsse::$db->userPropertiesSet($user, $out);`
Prototype changes to user management The driver itself has not been expnaded; more is probably required to ensure metadata is kept in sync and users created when the internal database does not list a user an external database claims to have 2020-11-09 13:43:07 -05:00			`return $out;`
			`}`
Passed code through linter 2017-08-29 10:50:31 -04:00			`}`