1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 21:22:40 +00:00

Remove the distinction between internal and external user functionality

This commit is contained in:
J. King 2018-10-28 13:50:57 -04:00
parent 11747c93fd
commit 057d72c816
4 changed files with 80 additions and 183 deletions

View file

@ -6,6 +6,8 @@
declare(strict_types=1); declare(strict_types=1);
namespace JKingWeb\Arsse; namespace JKingWeb\Arsse;
use JKingWeb\Arsse\User\Internal\Driver as InternalDriver;
class User { class User {
public $id = null; public $id = null;
@ -44,8 +46,6 @@ class User {
public function auth(string $user, string $password): bool { public function auth(string $user, string $password): bool {
$prevUser = $this->id ?? null; $prevUser = $this->id ?? null;
$this->id = $user; $this->id = $user;
switch ($this->u->driverFunctions("auth")) {
case User\Driver::FUNC_EXTERNAL:
if (Arsse::$conf->userPreAuth) { if (Arsse::$conf->userPreAuth) {
$out = true; $out = true;
} else { } else {
@ -54,139 +54,77 @@ class User {
if ($out && !Arsse::$db->userExists($user)) { if ($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password); $this->autoProvision($user, $password);
} }
break;
case User\Driver::FUNC_INTERNAL:
if (Arsse::$conf->userPreAuth) {
if (!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
$out = true;
} else {
$out = $this->u->auth($user, $password);
}
break;
case User\Driver::FUNCT_NOT_IMPLEMENTED:
$out = false;
break;
}
if (!$out) { if (!$out) {
$this->id = $prevUser; $this->id = $prevUser;
} }
return $out; return $out;
} }
public function driverFunctions(string $function = null) {
return $this->u->driverFunctions($function);
}
public function list(): array { public function list(): array {
$func = "userList"; $func = "userList";
switch ($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers
if (!$this->authorize("", $func)) { if (!$this->authorize("", $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
} }
// no break
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userList($domain); return $this->u->userList($domain);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $domain]);
}
} }
public function exists(string $user): bool { public function exists(string $user): bool {
$func = "userExists"; $func = "userExists";
switch ($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$out = $this->u->userExists($user); $out = $this->u->userExists($user);
if ($out && !Arsse::$db->userExists($user)) { if (!$this->u instanceof InternalDriver) {
// if an alternative driver doesn't match the internal database, add or remove the user as appropriate
if (!$out && Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user);
} elseif ($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, ""); $this->autoProvision($user, "");
} }
return $out;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userExists($user);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
// throwing an exception here would break all kinds of stuff; we just report that the user exists
return true;
} }
return $out;
} }
public function add($user, $password = null): string { public function add($user, $password = null): string {
$func = "userAdd"; $func = "userAdd";
switch ($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$newPassword = $this->u->userAdd($user, $password); $newPassword = $this->u->userAdd($user, $password);
// if there was no exception and we don't have the user in the internal database, add it // if there was no exception and we don't have the user in the internal database, add it
if (!Arsse::$db->userExists($user)) { if (!$this->u instanceof InternalDriver && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $newPassword); $this->autoProvision($user, $newPassword);
} }
return $newPassword; return $newPassword;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userAdd($user, $password);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
}
} }
public function remove(string $user): bool { public function remove(string $user): bool {
$func = "userRemove"; $func = "userRemove";
switch ($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$out = $this->u->userRemove($user); $out = $this->u->userRemove($user);
if ($out && Arsse::$db->userExists($user)) { if ($out && !$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
// if the user was removed and we have it in our data, remove it there // if the user was removed and we have it in our data, remove it there
if (!Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user); Arsse::$db->userRemove($user);
} }
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userRemove($user);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
}
} }
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string { public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
$func = "userPasswordSet"; $func = "userPasswordSet";
switch ($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword); $out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
if (Arsse::$db->userExists($user)) { if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value // if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, $out); Arsse::$db->userPasswordSet($user, $out);
} else { } elseif (!$this->u instanceof InternalDriver){
// if the user does not exists in the internal database, create it // if the user does not exists in the internal database, create it
$this->autoProvision($user, $out); $this->autoProvision($user, $out);
} }
return $out; return $out;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userPasswordSet($user, $newPassword);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
}
} }
protected function autoProvision(string $user, string $password = null): string { protected function autoProvision(string $user, string $password = null): string {

View file

@ -15,8 +15,6 @@ interface Driver {
public function __construct(); public function __construct();
// returns a human-friendly name for the driver (for display in installer, for example) // returns a human-friendly name for the driver (for display in installer, for example)
public static function driverName(): string; public static function driverName(): string;
// returns an array (or single queried member of same) of methods defined by this interface and whether the class implements the internal function or a custom version
public function driverFunctions(string $function = null);
// authenticates a user against their name and password // authenticates a user against their name and password
public function auth(string $user, string $password): bool; public function auth(string $user, string $password): bool;
// checks whether a user exists // checks whether a user exists

View file

@ -7,32 +7,42 @@ declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal; namespace JKingWeb\Arsse\User\Internal;
final class Driver implements \JKingWeb\Arsse\User\Driver { final class Driver implements \JKingWeb\Arsse\User\Driver {
use InternalFunctions; public function __construct() {
}
protected $db;
protected $functions = [
"auth" => self::FUNC_INTERNAL,
"userList" => self::FUNC_INTERNAL,
"userExists" => self::FUNC_INTERNAL,
"userAdd" => self::FUNC_INTERNAL,
"userRemove" => self::FUNC_INTERNAL,
"userPasswordSet" => self::FUNC_INTERNAL,
];
public static function driverName(): string { public static function driverName(): string {
return Arsse::$lang->msg("Driver.User.Internal.Name"); return Arsse::$lang->msg("Driver.User.Internal.Name");
} }
public function driverFunctions(string $function = null) { public function auth(string $user, string $password): bool {
if ($function===null) { try {
return $this->functions; $hash = Arsse::$db->userPasswordGet($user);
} catch (Exception $e) {
return false;
} }
if (array_key_exists($function, $this->functions)) { if ($password==="" && $hash==="") {
return $this->functions[$function]; return true;
} else {
return self::FUNC_NOT_IMPLEMENTED;
} }
return password_verify($password, $hash);
} }
// see InternalFunctions.php for bulk of methods public function userExists(string $user): bool {
return Arsse::$db->userExists($user);
}
public function userAdd(string $user, string $password = null): string {
return Arsse::$db->userAdd($user, $password);
}
public function userRemove(string $user): bool {
return Arsse::$db->userRemove($user);
}
public function userList(): array {
return Arsse::$db->userList();
}
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
return Arsse::$db->userPasswordSet($user, $newPassword);
}
} }

View file

@ -1,49 +0,0 @@
<?php
/** @license MIT
* Copyright 2017 J. King, Dustin Wilson et al.
* See LICENSE and AUTHORS files for details */
declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal;
use JKingWeb\Arsse\Arsse;
use JKingWeb\Arsse\User\Exception;
trait InternalFunctions {
protected $actor = [];
public function __construct() {
}
public function auth(string $user, string $password): bool {
try {
$hash = Arsse::$db->userPasswordGet($user);
} catch (Exception $e) {
return false;
}
if ($password==="" && $hash==="") {
return true;
}
return password_verify($password, $hash);
}
public function userExists(string $user): bool {
return Arsse::$db->userExists($user);
}
public function userAdd(string $user, string $password = null): string {
return Arsse::$db->userAdd($user, $password);
}
public function userRemove(string $user): bool {
return Arsse::$db->userRemove($user);
}
public function userList(): array {
return Arsse::$db->userList();
}
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
return Arsse::$db->userPasswordSet($user, $newPassword);
}
}