2016-10-28 12:27:35 +00:00
|
|
|
<?php
|
2017-11-17 01:23:18 +00:00
|
|
|
/** @license MIT
|
|
|
|
* Copyright 2017 J. King, Dustin Wilson et al.
|
|
|
|
* See LICENSE and AUTHORS files for details */
|
|
|
|
|
2016-10-28 12:27:35 +00:00
|
|
|
declare(strict_types=1);
|
2017-03-28 04:12:12 +00:00
|
|
|
namespace JKingWeb\Arsse;
|
2016-10-28 12:27:35 +00:00
|
|
|
|
2020-11-09 18:43:07 +00:00
|
|
|
use JKingWeb\Arsse\Misc\ValueInfo as V;
|
2018-11-02 15:52:55 +00:00
|
|
|
use PasswordGenerator\Generator as PassGen;
|
2018-10-28 17:50:57 +00:00
|
|
|
|
2016-10-28 12:27:35 +00:00
|
|
|
class User {
|
2020-03-01 23:32:01 +00:00
|
|
|
public const DRIVER_NAMES = [
|
2019-01-21 03:40:49 +00:00
|
|
|
'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,
|
|
|
|
];
|
|
|
|
|
2017-08-29 14:50:31 +00:00
|
|
|
public $id = null;
|
2017-02-16 20:29:42 +00:00
|
|
|
|
2020-03-01 20:16:50 +00:00
|
|
|
/** @var User\Driver */
|
2017-02-16 20:29:42 +00:00
|
|
|
protected $u;
|
2017-04-07 01:41:21 +00:00
|
|
|
|
2018-11-02 14:01:49 +00:00
|
|
|
public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {
|
|
|
|
$this->u = $driver ?? new Arsse::$conf->userDriver;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
public function __toString() {
|
|
|
|
return (string) $this->id;
|
|
|
|
}
|
|
|
|
|
2018-10-28 14:59:17 +00:00
|
|
|
public function auth(string $user, string $password): bool {
|
2018-11-02 14:01:49 +00:00
|
|
|
$prevUser = $this->id;
|
2018-10-28 14:59:17 +00:00
|
|
|
$this->id = $user;
|
2018-10-28 17:50:57 +00:00
|
|
|
if (Arsse::$conf->userPreAuth) {
|
|
|
|
$out = true;
|
|
|
|
} else {
|
|
|
|
$out = $this->u->auth($user, $password);
|
|
|
|
}
|
2018-11-02 14:01:49 +00:00
|
|
|
// if authentication was successful and we don't have the user in the internal database, add it
|
|
|
|
// users must be in the internal database to preserve referential integrity
|
2018-10-28 17:50:57 +00:00
|
|
|
if ($out && !Arsse::$db->userExists($user)) {
|
2018-11-02 14:01:49 +00:00
|
|
|
Arsse::$db->userAdd($user, $password);
|
2017-07-21 02:40:09 +00:00
|
|
|
}
|
2018-11-02 14:01:49 +00:00
|
|
|
$this->id = $prevUser;
|
2018-10-28 14:59:17 +00:00
|
|
|
return $out;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
2018-10-28 14:59:17 +00:00
|
|
|
public function list(): array {
|
2018-11-02 14:01:49 +00:00
|
|
|
return $this->u->userList();
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
public function exists(string $user): bool {
|
2018-11-02 14:01:49 +00:00
|
|
|
return $this->u->userExists($user);
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
2017-02-20 22:04:13 +00:00
|
|
|
public function add($user, $password = null): string {
|
2018-11-02 15:52:55 +00:00
|
|
|
return $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
public function remove(string $user): bool {
|
2018-11-02 14:01:49 +00:00
|
|
|
try {
|
|
|
|
return $this->u->userRemove($user);
|
2018-11-03 17:49:02 +00:00
|
|
|
} finally { // @codeCoverageIgnore
|
2018-11-02 14:01:49 +00:00
|
|
|
if (Arsse::$db->userExists($user)) {
|
|
|
|
// if the user was removed and we (still) have it in the internal database, remove it there
|
|
|
|
Arsse::$db->userRemove($user);
|
|
|
|
}
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-02-21 00:04:08 +00:00
|
|
|
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
|
2018-11-02 15:52:55 +00:00
|
|
|
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);
|
|
|
|
if (Arsse::$db->userExists($user)) {
|
2018-10-28 17:50:57 +00:00
|
|
|
// if the password change was successful and the user exists, set the internal password to the same value
|
|
|
|
Arsse::$db->userPasswordSet($user, $out);
|
2019-07-26 02:34:58 +00:00
|
|
|
// also invalidate any current sessions for the user
|
|
|
|
Arsse::$db->sessionDestroy($user);
|
2018-10-28 17:50:57 +00:00
|
|
|
}
|
|
|
|
return $out;
|
2017-02-16 20:29:42 +00:00
|
|
|
}
|
2018-11-02 15:52:55 +00:00
|
|
|
|
2019-03-24 18:42:23 +00:00
|
|
|
public function passwordUnset(string $user, $oldPassword = null): bool {
|
|
|
|
$out = $this->u->userPasswordUnset($user, $oldPassword);
|
|
|
|
if (Arsse::$db->userExists($user)) {
|
|
|
|
// if the password change was successful and the user exists, set the internal password to the same value
|
|
|
|
Arsse::$db->userPasswordSet($user, null);
|
2019-07-26 02:34:58 +00:00
|
|
|
// also invalidate any current sessions for the user
|
|
|
|
Arsse::$db->sessionDestroy($user);
|
2019-03-24 18:42:23 +00:00
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2019-03-10 03:44:59 +00:00
|
|
|
public function generatePassword(): string {
|
2018-11-02 15:52:55 +00:00
|
|
|
return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
|
|
|
|
}
|
2020-11-09 18:43:07 +00:00
|
|
|
|
|
|
|
public function propertiesGet(string $user): array {
|
|
|
|
// unconditionally retrieve from the database to get at least the user number, and anything else the driver does not provide
|
|
|
|
$out = Arsse::$db->userPropertiesGet($user);
|
|
|
|
// layer on the driver's data
|
|
|
|
$extra = $this->u->userPropertiesGet($user);
|
|
|
|
foreach (["lang", "tz", "admin", "sort_asc"] as $k) {
|
|
|
|
if (array_key_exists($k, $extra)) {
|
|
|
|
$out[$k] = $extra[$k] ?? $out[$k];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function propertiesSet(string $user, array $data): bool {
|
|
|
|
$in = [];
|
|
|
|
if (array_key_exists("tz", $data)) {
|
|
|
|
if (!is_string($data['tz'])) {
|
|
|
|
throw new User\ExceptionInput("invalidTimezone");
|
|
|
|
} elseif (!in_array($data['tz'], \DateTimeZone::listIdentifiers())) {
|
|
|
|
throw new User\ExceptionInput("invalidTimezone", $data['tz']);
|
|
|
|
}
|
|
|
|
$in['tz'] = $data['tz'];
|
|
|
|
}
|
|
|
|
foreach (["admin", "sort_asc"] as $k) {
|
|
|
|
if (array_key_exists($k, $data)) {
|
|
|
|
if (($v = V::normalize($data[$k], V::T_BOOL)) === null) {
|
|
|
|
throw new User\ExceptionInput("invalidBoolean", $k);
|
|
|
|
}
|
|
|
|
$in[$k] = $v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (array_key_exists("lang", $data)) {
|
2020-11-09 21:51:30 +00:00
|
|
|
$in['lang'] = V::normalize($data['lang'], V::T_STRING | V::M_NULL);
|
2020-11-09 18:43:07 +00:00
|
|
|
}
|
|
|
|
$out = $this->u->userPropertiesSet($user, $in);
|
|
|
|
// synchronize the internal database
|
|
|
|
Arsse::$db->userPropertiesSet($user, $in);
|
|
|
|
return $out;
|
|
|
|
}
|
2017-08-29 14:50:31 +00:00
|
|
|
}
|