1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-24 12:00:33 +00:00
Arsse/lib/User.php

138 lines
5 KiB
PHP
Raw Normal View History

<?php
/** @license MIT
* Copyright 2017 J. King, Dustin Wilson et al.
* See LICENSE and AUTHORS files for details */
declare(strict_types=1);
2017-03-27 23:12:12 -05:00
namespace JKingWeb\Arsse;
use PasswordGenerator\Generator as PassGen;
class User {
const DRIVER_NAMES = [
'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,
];
2017-08-29 10:50:31 -04:00
public $id = null;
2017-02-16 14:29:42 -06:00
/**
* @var User\Driver
*/
2017-02-16 14:29:42 -06:00
protected $u;
2017-08-29 10:50:31 -04:00
public static function driverList(): array {
2017-02-16 14:29:42 -06:00
$sep = \DIRECTORY_SEPARATOR;
$path = __DIR__.$sep."User".$sep;
$classes = [];
2017-08-29 10:50:31 -04:00
foreach (glob($path."*".$sep."Driver.php") as $file) {
$name = basename(dirname($file));
$class = NS_BASE."User\\$name\\Driver";
$classes[$class] = $class::driverName();
2017-02-16 14:29:42 -06:00
}
return $classes;
}
public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {
$this->u = $driver ?? new Arsse::$conf->userDriver;
2017-02-16 14:29:42 -06:00
}
public function __toString() {
return (string) $this->id;
}
public function authorize(string $affectedUser, string $action): bool {
// at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
return $this->u->authorize($affectedUser, $action);
}
public function auth(string $user, string $password): bool {
$prevUser = $this->id;
$this->id = $user;
if (Arsse::$conf->userPreAuth) {
$out = true;
} else {
$out = $this->u->auth($user, $password);
}
// if authentication was successful and we don't have the user in the internal database, add it
// users must be in the internal database to preserve referential integrity
if ($out && !Arsse::$db->userExists($user)) {
Arsse::$db->userAdd($user, $password);
2017-07-20 22:40:09 -04:00
}
$this->id = $prevUser;
return $out;
2017-02-16 14:29:42 -06:00
}
public function list(): array {
$func = "userList";
if (!$this->authorize("", $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
2017-02-16 14:29:42 -06:00
}
return $this->u->userList();
2017-02-16 14:29:42 -06:00
}
public function exists(string $user): bool {
$func = "userExists";
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
return $this->u->userExists($user);
2017-02-16 14:29:42 -06:00
}
public function add($user, $password = null): string {
$func = "userAdd";
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
2017-02-16 14:29:42 -06:00
}
return $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());
2017-02-16 14:29:42 -06:00
}
public function remove(string $user): bool {
$func = "userRemove";
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
try {
return $this->u->userRemove($user);
2018-11-03 13:49:02 -04:00
} finally { // @codeCoverageIgnore
if (Arsse::$db->userExists($user)) {
// if the user was removed and we (still) have it in the internal database, remove it there
Arsse::$db->userRemove($user);
}
2017-02-16 14:29:42 -06:00
}
}
2017-02-20 19:04:08 -05:00
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
$func = "userPasswordSet";
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
2017-02-16 14:29:42 -06:00
}
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);
if (Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, $out);
// also invalidate any current sessions for the user
Arsse::$db->sessionDestroy($user);
}
return $out;
2017-02-16 14:29:42 -06:00
}
public function passwordUnset(string $user, $oldPassword = null): bool {
$func = "userPasswordUnset";
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userPasswordUnset($user, $oldPassword);
if (Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, null);
// also invalidate any current sessions for the user
Arsse::$db->sessionDestroy($user);
}
return $out;
}
public function generatePassword(): string {
return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
}
2017-08-29 10:50:31 -04:00
}