mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 21:22:40 +00:00
Remove the distinction between internal and external user functionality
This commit is contained in:
parent
11747c93fd
commit
057d72c816
4 changed files with 80 additions and 183 deletions
86
lib/User.php
86
lib/User.php
|
@ -6,6 +6,8 @@
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
namespace JKingWeb\Arsse;
|
namespace JKingWeb\Arsse;
|
||||||
|
|
||||||
|
use JKingWeb\Arsse\User\Internal\Driver as InternalDriver;
|
||||||
|
|
||||||
class User {
|
class User {
|
||||||
|
|
||||||
public $id = null;
|
public $id = null;
|
||||||
|
@ -44,8 +46,6 @@ class User {
|
||||||
public function auth(string $user, string $password): bool {
|
public function auth(string $user, string $password): bool {
|
||||||
$prevUser = $this->id ?? null;
|
$prevUser = $this->id ?? null;
|
||||||
$this->id = $user;
|
$this->id = $user;
|
||||||
switch ($this->u->driverFunctions("auth")) {
|
|
||||||
case User\Driver::FUNC_EXTERNAL:
|
|
||||||
if (Arsse::$conf->userPreAuth) {
|
if (Arsse::$conf->userPreAuth) {
|
||||||
$out = true;
|
$out = true;
|
||||||
} else {
|
} else {
|
||||||
|
@ -54,139 +54,77 @@ class User {
|
||||||
if ($out && !Arsse::$db->userExists($user)) {
|
if ($out && !Arsse::$db->userExists($user)) {
|
||||||
$this->autoProvision($user, $password);
|
$this->autoProvision($user, $password);
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
case User\Driver::FUNC_INTERNAL:
|
|
||||||
if (Arsse::$conf->userPreAuth) {
|
|
||||||
if (!Arsse::$db->userExists($user)) {
|
|
||||||
$this->autoProvision($user, $password);
|
|
||||||
}
|
|
||||||
$out = true;
|
|
||||||
} else {
|
|
||||||
$out = $this->u->auth($user, $password);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
||||||
$out = false;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!$out) {
|
if (!$out) {
|
||||||
$this->id = $prevUser;
|
$this->id = $prevUser;
|
||||||
}
|
}
|
||||||
return $out;
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function driverFunctions(string $function = null) {
|
|
||||||
return $this->u->driverFunctions($function);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function list(): array {
|
public function list(): array {
|
||||||
$func = "userList";
|
$func = "userList";
|
||||||
switch ($this->u->driverFunctions($func)) {
|
|
||||||
case User\Driver::FUNC_EXTERNAL:
|
|
||||||
// we handle authorization checks for external drivers
|
|
||||||
if (!$this->authorize("", $func)) {
|
if (!$this->authorize("", $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
|
||||||
}
|
}
|
||||||
// no break
|
|
||||||
case User\Driver::FUNC_INTERNAL:
|
|
||||||
// internal functions handle their own authorization
|
|
||||||
return $this->u->userList($domain);
|
return $this->u->userList($domain);
|
||||||
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
||||||
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $domain]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function exists(string $user): bool {
|
public function exists(string $user): bool {
|
||||||
$func = "userExists";
|
$func = "userExists";
|
||||||
switch ($this->u->driverFunctions($func)) {
|
|
||||||
case User\Driver::FUNC_EXTERNAL:
|
|
||||||
// we handle authorization checks for external drivers
|
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$out = $this->u->userExists($user);
|
$out = $this->u->userExists($user);
|
||||||
if ($out && !Arsse::$db->userExists($user)) {
|
if (!$this->u instanceof InternalDriver) {
|
||||||
|
// if an alternative driver doesn't match the internal database, add or remove the user as appropriate
|
||||||
|
if (!$out && Arsse::$db->userExists($user)) {
|
||||||
|
Arsse::$db->userRemove($user);
|
||||||
|
} elseif ($out && !Arsse::$db->userExists($user)) {
|
||||||
$this->autoProvision($user, "");
|
$this->autoProvision($user, "");
|
||||||
}
|
}
|
||||||
return $out;
|
|
||||||
case User\Driver::FUNC_INTERNAL:
|
|
||||||
// internal functions handle their own authorization
|
|
||||||
return $this->u->userExists($user);
|
|
||||||
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
||||||
// throwing an exception here would break all kinds of stuff; we just report that the user exists
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function add($user, $password = null): string {
|
public function add($user, $password = null): string {
|
||||||
$func = "userAdd";
|
$func = "userAdd";
|
||||||
switch ($this->u->driverFunctions($func)) {
|
|
||||||
case User\Driver::FUNC_EXTERNAL:
|
|
||||||
// we handle authorization checks for external drivers
|
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$newPassword = $this->u->userAdd($user, $password);
|
$newPassword = $this->u->userAdd($user, $password);
|
||||||
// if there was no exception and we don't have the user in the internal database, add it
|
// if there was no exception and we don't have the user in the internal database, add it
|
||||||
if (!Arsse::$db->userExists($user)) {
|
if (!$this->u instanceof InternalDriver && !Arsse::$db->userExists($user)) {
|
||||||
$this->autoProvision($user, $newPassword);
|
$this->autoProvision($user, $newPassword);
|
||||||
}
|
}
|
||||||
return $newPassword;
|
return $newPassword;
|
||||||
case User\Driver::FUNC_INTERNAL:
|
|
||||||
// internal functions handle their own authorization
|
|
||||||
return $this->u->userAdd($user, $password);
|
|
||||||
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
||||||
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function remove(string $user): bool {
|
public function remove(string $user): bool {
|
||||||
$func = "userRemove";
|
$func = "userRemove";
|
||||||
switch ($this->u->driverFunctions($func)) {
|
|
||||||
case User\Driver::FUNC_EXTERNAL:
|
|
||||||
// we handle authorization checks for external drivers
|
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$out = $this->u->userRemove($user);
|
$out = $this->u->userRemove($user);
|
||||||
if ($out && Arsse::$db->userExists($user)) {
|
if ($out && !$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
|
||||||
// if the user was removed and we have it in our data, remove it there
|
// if the user was removed and we have it in our data, remove it there
|
||||||
if (!Arsse::$db->userExists($user)) {
|
|
||||||
Arsse::$db->userRemove($user);
|
Arsse::$db->userRemove($user);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return $out;
|
return $out;
|
||||||
case User\Driver::FUNC_INTERNAL:
|
|
||||||
// internal functions handle their own authorization
|
|
||||||
return $this->u->userRemove($user);
|
|
||||||
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
||||||
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
|
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
|
||||||
$func = "userPasswordSet";
|
$func = "userPasswordSet";
|
||||||
switch ($this->u->driverFunctions($func)) {
|
|
||||||
case User\Driver::FUNC_EXTERNAL:
|
|
||||||
// we handle authorization checks for external drivers
|
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
|
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
|
||||||
if (Arsse::$db->userExists($user)) {
|
if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
|
||||||
// if the password change was successful and the user exists, set the internal password to the same value
|
// if the password change was successful and the user exists, set the internal password to the same value
|
||||||
Arsse::$db->userPasswordSet($user, $out);
|
Arsse::$db->userPasswordSet($user, $out);
|
||||||
} else {
|
} elseif (!$this->u instanceof InternalDriver){
|
||||||
// if the user does not exists in the internal database, create it
|
// if the user does not exists in the internal database, create it
|
||||||
$this->autoProvision($user, $out);
|
$this->autoProvision($user, $out);
|
||||||
}
|
}
|
||||||
return $out;
|
return $out;
|
||||||
case User\Driver::FUNC_INTERNAL:
|
|
||||||
// internal functions handle their own authorization
|
|
||||||
return $this->u->userPasswordSet($user, $newPassword);
|
|
||||||
case User\Driver::FUNCT_NOT_IMPLEMENTED:
|
|
||||||
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function autoProvision(string $user, string $password = null): string {
|
protected function autoProvision(string $user, string $password = null): string {
|
||||||
|
|
|
@ -15,8 +15,6 @@ interface Driver {
|
||||||
public function __construct();
|
public function __construct();
|
||||||
// returns a human-friendly name for the driver (for display in installer, for example)
|
// returns a human-friendly name for the driver (for display in installer, for example)
|
||||||
public static function driverName(): string;
|
public static function driverName(): string;
|
||||||
// returns an array (or single queried member of same) of methods defined by this interface and whether the class implements the internal function or a custom version
|
|
||||||
public function driverFunctions(string $function = null);
|
|
||||||
// authenticates a user against their name and password
|
// authenticates a user against their name and password
|
||||||
public function auth(string $user, string $password): bool;
|
public function auth(string $user, string $password): bool;
|
||||||
// checks whether a user exists
|
// checks whether a user exists
|
||||||
|
|
|
@ -7,32 +7,42 @@ declare(strict_types=1);
|
||||||
namespace JKingWeb\Arsse\User\Internal;
|
namespace JKingWeb\Arsse\User\Internal;
|
||||||
|
|
||||||
final class Driver implements \JKingWeb\Arsse\User\Driver {
|
final class Driver implements \JKingWeb\Arsse\User\Driver {
|
||||||
use InternalFunctions;
|
public function __construct() {
|
||||||
|
}
|
||||||
protected $db;
|
|
||||||
protected $functions = [
|
|
||||||
"auth" => self::FUNC_INTERNAL,
|
|
||||||
"userList" => self::FUNC_INTERNAL,
|
|
||||||
"userExists" => self::FUNC_INTERNAL,
|
|
||||||
"userAdd" => self::FUNC_INTERNAL,
|
|
||||||
"userRemove" => self::FUNC_INTERNAL,
|
|
||||||
"userPasswordSet" => self::FUNC_INTERNAL,
|
|
||||||
];
|
|
||||||
|
|
||||||
public static function driverName(): string {
|
public static function driverName(): string {
|
||||||
return Arsse::$lang->msg("Driver.User.Internal.Name");
|
return Arsse::$lang->msg("Driver.User.Internal.Name");
|
||||||
}
|
}
|
||||||
|
|
||||||
public function driverFunctions(string $function = null) {
|
public function auth(string $user, string $password): bool {
|
||||||
if ($function===null) {
|
try {
|
||||||
return $this->functions;
|
$hash = Arsse::$db->userPasswordGet($user);
|
||||||
|
} catch (Exception $e) {
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
if (array_key_exists($function, $this->functions)) {
|
if ($password==="" && $hash==="") {
|
||||||
return $this->functions[$function];
|
return true;
|
||||||
} else {
|
|
||||||
return self::FUNC_NOT_IMPLEMENTED;
|
|
||||||
}
|
}
|
||||||
|
return password_verify($password, $hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
// see InternalFunctions.php for bulk of methods
|
public function userExists(string $user): bool {
|
||||||
|
return Arsse::$db->userExists($user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function userAdd(string $user, string $password = null): string {
|
||||||
|
return Arsse::$db->userAdd($user, $password);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function userRemove(string $user): bool {
|
||||||
|
return Arsse::$db->userRemove($user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function userList(): array {
|
||||||
|
return Arsse::$db->userList();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
|
||||||
|
return Arsse::$db->userPasswordSet($user, $newPassword);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,49 +0,0 @@
|
||||||
<?php
|
|
||||||
/** @license MIT
|
|
||||||
* Copyright 2017 J. King, Dustin Wilson et al.
|
|
||||||
* See LICENSE and AUTHORS files for details */
|
|
||||||
|
|
||||||
declare(strict_types=1);
|
|
||||||
namespace JKingWeb\Arsse\User\Internal;
|
|
||||||
|
|
||||||
use JKingWeb\Arsse\Arsse;
|
|
||||||
use JKingWeb\Arsse\User\Exception;
|
|
||||||
|
|
||||||
trait InternalFunctions {
|
|
||||||
protected $actor = [];
|
|
||||||
|
|
||||||
public function __construct() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public function auth(string $user, string $password): bool {
|
|
||||||
try {
|
|
||||||
$hash = Arsse::$db->userPasswordGet($user);
|
|
||||||
} catch (Exception $e) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if ($password==="" && $hash==="") {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return password_verify($password, $hash);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function userExists(string $user): bool {
|
|
||||||
return Arsse::$db->userExists($user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function userAdd(string $user, string $password = null): string {
|
|
||||||
return Arsse::$db->userAdd($user, $password);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function userRemove(string $user): bool {
|
|
||||||
return Arsse::$db->userRemove($user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function userList(): array {
|
|
||||||
return Arsse::$db->userList();
|
|
||||||
}
|
|
||||||
|
|
||||||
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
|
|
||||||
return Arsse::$db->userPasswordSet($user, $newPassword);
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in a new issue