mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2025-01-18 17:10:33 +00:00
More simplification
Authentication is now used as the primary point of synchronization between the internal database and any external database
This commit is contained in:
parent
40d679844b
commit
898533bde5
3 changed files with 26 additions and 41 deletions
59
lib/User.php
59
lib/User.php
|
@ -29,34 +29,33 @@ class User {
|
||||||
return $classes;
|
return $classes;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {
|
||||||
$driver = Arsse::$conf->userDriver;
|
$this->u = $driver ?? new Arsse::$conf->userDriver;
|
||||||
$this->u = new $driver();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function __toString() {
|
public function __toString() {
|
||||||
return (string) $this->id;
|
return (string) $this->id;
|
||||||
}
|
}
|
||||||
|
|
||||||
// at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
|
|
||||||
public function authorize(string $affectedUser, string $action): bool {
|
public function authorize(string $affectedUser, string $action): bool {
|
||||||
return true;
|
// at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
|
||||||
|
return $this->u->authorize($affectedUser, $action);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function auth(string $user, string $password): bool {
|
public function auth(string $user, string $password): bool {
|
||||||
$prevUser = $this->id ?? null;
|
$prevUser = $this->id;
|
||||||
$this->id = $user;
|
$this->id = $user;
|
||||||
if (Arsse::$conf->userPreAuth) {
|
if (Arsse::$conf->userPreAuth) {
|
||||||
$out = true;
|
$out = true;
|
||||||
} else {
|
} else {
|
||||||
$out = $this->u->auth($user, $password);
|
$out = $this->u->auth($user, $password);
|
||||||
}
|
}
|
||||||
|
// if authentication was successful and we don't have the user in the internal database, add it
|
||||||
|
// users must be in the internal database to preserve referential integrity
|
||||||
if ($out && !Arsse::$db->userExists($user)) {
|
if ($out && !Arsse::$db->userExists($user)) {
|
||||||
$this->autoProvision($user, $password);
|
Arsse::$db->userAdd($user, $password);
|
||||||
}
|
|
||||||
if (!$out) {
|
|
||||||
$this->id = $prevUser;
|
|
||||||
}
|
}
|
||||||
|
$this->id = $prevUser;
|
||||||
return $out;
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -65,7 +64,7 @@ class User {
|
||||||
if (!$this->authorize("", $func)) {
|
if (!$this->authorize("", $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
|
||||||
}
|
}
|
||||||
return $this->u->userList($domain);
|
return $this->u->userList();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function exists(string $user): bool {
|
public function exists(string $user): bool {
|
||||||
|
@ -73,16 +72,7 @@ class User {
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$out = $this->u->userExists($user);
|
return $this->u->userExists($user);
|
||||||
if (!$this->u instanceof InternalDriver) {
|
|
||||||
// if an alternative driver doesn't match the internal database, add or remove the user as appropriate
|
|
||||||
if (!$out && Arsse::$db->userExists($user)) {
|
|
||||||
Arsse::$db->userRemove($user);
|
|
||||||
} elseif ($out && !Arsse::$db->userExists($user)) {
|
|
||||||
$this->autoProvision($user, "");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $out;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function add($user, $password = null): string {
|
public function add($user, $password = null): string {
|
||||||
|
@ -90,12 +80,7 @@ class User {
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$newPassword = $this->u->userAdd($user, $password);
|
return $this->u->userAdd($user, $password);
|
||||||
// if there was no exception and we don't have the user in the internal database, add it
|
|
||||||
if (!$this->u instanceof InternalDriver && !Arsse::$db->userExists($user)) {
|
|
||||||
$this->autoProvision($user, $newPassword);
|
|
||||||
}
|
|
||||||
return $newPassword;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function remove(string $user): bool {
|
public function remove(string $user): bool {
|
||||||
|
@ -103,12 +88,14 @@ class User {
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$out = $this->u->userRemove($user);
|
try {
|
||||||
if ($out && !$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
|
return $this->u->userRemove($user);
|
||||||
// if the user was removed and we have it in our data, remove it there
|
} finally {
|
||||||
Arsse::$db->userRemove($user);
|
if (Arsse::$db->userExists($user)) {
|
||||||
|
// if the user was removed and we (still) have it in the internal database, remove it there
|
||||||
|
Arsse::$db->userRemove($user);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $out;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
|
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
|
||||||
|
@ -120,15 +107,7 @@ class User {
|
||||||
if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
|
if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
|
||||||
// if the password change was successful and the user exists, set the internal password to the same value
|
// if the password change was successful and the user exists, set the internal password to the same value
|
||||||
Arsse::$db->userPasswordSet($user, $out);
|
Arsse::$db->userPasswordSet($user, $out);
|
||||||
} elseif (!$this->u instanceof InternalDriver){
|
|
||||||
// if the user does not exists in the internal database, create it
|
|
||||||
$this->autoProvision($user, $out);
|
|
||||||
}
|
}
|
||||||
return $out;
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function autoProvision(string $user, string $password = null): string {
|
|
||||||
$out = Arsse::$db->userAdd($user, $password);
|
|
||||||
return $out;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,8 @@ interface Driver {
|
||||||
public static function driverName(): string;
|
public static function driverName(): string;
|
||||||
// authenticates a user against their name and password
|
// authenticates a user against their name and password
|
||||||
public function auth(string $user, string $password): bool;
|
public function auth(string $user, string $password): bool;
|
||||||
|
// check whether a user is authorized to perform a certain action; not currently used and subject to change
|
||||||
|
public function authorize(string $affectedUser, string $action): bool;
|
||||||
// checks whether a user exists
|
// checks whether a user exists
|
||||||
public function userExists(string $user): bool;
|
public function userExists(string $user): bool;
|
||||||
// adds a user
|
// adds a user
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
namespace JKingWeb\Arsse\User\Internal;
|
namespace JKingWeb\Arsse\User\Internal;
|
||||||
|
|
||||||
final class Driver implements \JKingWeb\Arsse\User\Driver {
|
class Driver implements \JKingWeb\Arsse\User\Driver {
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -26,6 +26,10 @@ final class Driver implements \JKingWeb\Arsse\User\Driver {
|
||||||
return password_verify($password, $hash);
|
return password_verify($password, $hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function authorize(string $affectedUser, string $action): bool {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
public function userExists(string $user): bool {
|
public function userExists(string $user): bool {
|
||||||
return Arsse::$db->userExists($user);
|
return Arsse::$db->userExists($user);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Reference in a new issue