mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2025-01-18 17:10:33 +00:00
Move password generation to the User class
This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator
This commit is contained in:
parent
31cdf313a4
commit
931fe3b585
5 changed files with 29 additions and 60 deletions
|
@ -6,7 +6,6 @@
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
namespace JKingWeb\Arsse;
|
namespace JKingWeb\Arsse;
|
||||||
|
|
||||||
use PasswordGenerator\Generator as PassGen;
|
|
||||||
use JKingWeb\DrUUID\UUID;
|
use JKingWeb\DrUUID\UUID;
|
||||||
use JKingWeb\Arsse\Misc\Query;
|
use JKingWeb\Arsse\Misc\Query;
|
||||||
use JKingWeb\Arsse\Misc\Context;
|
use JKingWeb\Arsse\Misc\Context;
|
||||||
|
@ -83,7 +82,7 @@ class Database {
|
||||||
return $out;
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function generateIn(array $values, string $type) {
|
protected function generateIn(array $values, string $type): array {
|
||||||
$out = [
|
$out = [
|
||||||
[], // query clause
|
[], // query clause
|
||||||
[], // binding types
|
[], // binding types
|
||||||
|
@ -122,21 +121,15 @@ class Database {
|
||||||
return (bool) $this->db->prepare("SELECT count(*) from arsse_users where id = ?", "str")->run($user)->getValue();
|
return (bool) $this->db->prepare("SELECT count(*) from arsse_users where id = ?", "str")->run($user)->getValue();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userAdd(string $user, string $password = null): string {
|
public function userAdd(string $user, string $password): bool {
|
||||||
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
} elseif ($this->userExists($user)) {
|
} elseif ($this->userExists($user)) {
|
||||||
throw new User\Exception("alreadyExists", ["action" => __FUNCTION__, "user" => $user]);
|
throw new User\Exception("alreadyExists", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
}
|
}
|
||||||
if ($password===null) {
|
$hash = (strlen($password) > 0) ? password_hash($password, \PASSWORD_DEFAULT) : "";
|
||||||
$password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
|
|
||||||
}
|
|
||||||
$hash = "";
|
|
||||||
if (strlen($password) > 0) {
|
|
||||||
$hash = password_hash($password, \PASSWORD_DEFAULT);
|
|
||||||
}
|
|
||||||
$this->db->prepare("INSERT INTO arsse_users(id,password) values(?,?)", "str", "str")->runArray([$user,$hash]);
|
$this->db->prepare("INSERT INTO arsse_users(id,password) values(?,?)", "str", "str")->runArray([$user,$hash]);
|
||||||
return $password;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userRemove(string $user): bool {
|
public function userRemove(string $user): bool {
|
||||||
|
@ -169,21 +162,15 @@ class Database {
|
||||||
return (string) $this->db->prepare("SELECT password from arsse_users where id = ?", "str")->run($user)->getValue();
|
return (string) $this->db->prepare("SELECT password from arsse_users where id = ?", "str")->run($user)->getValue();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userPasswordSet(string $user, string $password = null): string {
|
public function userPasswordSet(string $user, string $password): bool {
|
||||||
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
} elseif (!$this->userExists($user)) {
|
} elseif (!$this->userExists($user)) {
|
||||||
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
|
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
}
|
}
|
||||||
if ($password===null) {
|
$hash = (strlen($password) > 0) ? password_hash($password, \PASSWORD_DEFAULT) : "";
|
||||||
$password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
|
|
||||||
}
|
|
||||||
$hash = "";
|
|
||||||
if (strlen($password) > 0) {
|
|
||||||
$hash = password_hash($password, \PASSWORD_DEFAULT);
|
|
||||||
}
|
|
||||||
$this->db->prepare("UPDATE arsse_users set password = ? where id = ?", "str", "str")->run($hash, $user);
|
$this->db->prepare("UPDATE arsse_users set password = ? where id = ?", "str", "str")->run($hash, $user);
|
||||||
return $password;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function sessionCreate(string $user): string {
|
public function sessionCreate(string $user): string {
|
||||||
|
|
12
lib/User.php
12
lib/User.php
|
@ -6,7 +6,7 @@
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
namespace JKingWeb\Arsse;
|
namespace JKingWeb\Arsse;
|
||||||
|
|
||||||
use JKingWeb\Arsse\User\Internal\Driver as InternalDriver;
|
use PasswordGenerator\Generator as PassGen;
|
||||||
|
|
||||||
class User {
|
class User {
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ class User {
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
return $this->u->userAdd($user, $password);
|
return $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function remove(string $user): bool {
|
public function remove(string $user): bool {
|
||||||
|
@ -103,11 +103,15 @@ class User {
|
||||||
if (!$this->authorize($user, $func)) {
|
if (!$this->authorize($user, $func)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
|
||||||
}
|
}
|
||||||
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
|
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);
|
||||||
if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
|
if (Arsse::$db->userExists($user)) {
|
||||||
// if the password change was successful and the user exists, set the internal password to the same value
|
// if the password change was successful and the user exists, set the internal password to the same value
|
||||||
Arsse::$db->userPasswordSet($user, $out);
|
Arsse::$db->userPasswordSet($user, $out);
|
||||||
}
|
}
|
||||||
return $out;
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function generatePassword(): string {
|
||||||
|
return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,11 +22,11 @@ interface Driver {
|
||||||
// checks whether a user exists
|
// checks whether a user exists
|
||||||
public function userExists(string $user): bool;
|
public function userExists(string $user): bool;
|
||||||
// adds a user
|
// adds a user
|
||||||
public function userAdd(string $user, string $password = null): string;
|
public function userAdd(string $user, string $password = null);
|
||||||
// removes a user
|
// removes a user
|
||||||
public function userRemove(string $user): bool;
|
public function userRemove(string $user): bool;
|
||||||
// lists all users
|
// lists all users
|
||||||
public function userList(): array;
|
public function userList(): array;
|
||||||
// sets a user's password; if the driver does not require the old password, it may be ignored
|
// sets a user's password; if the driver does not require the old password, it may be ignored
|
||||||
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string;
|
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null);
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,8 +34,12 @@ class Driver implements \JKingWeb\Arsse\User\Driver {
|
||||||
return Arsse::$db->userExists($user);
|
return Arsse::$db->userExists($user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userAdd(string $user, string $password = null): string {
|
public function userAdd(string $user, string $password = null) {
|
||||||
return Arsse::$db->userAdd($user, $password);
|
if (isset($password)) {
|
||||||
|
// only add the user if the password is not null; the user manager will retry with a generated password if null is returned
|
||||||
|
Arsse::$db->userAdd($user, $password);
|
||||||
|
}
|
||||||
|
return $password;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userRemove(string $user): bool {
|
public function userRemove(string $user): bool {
|
||||||
|
@ -46,7 +50,8 @@ class Driver implements \JKingWeb\Arsse\User\Driver {
|
||||||
return Arsse::$db->userList();
|
return Arsse::$db->userList();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
|
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null) {
|
||||||
return Arsse::$db->userPasswordSet($user, $newPassword);
|
// do nothing: the internal database is updated regardless of what the driver does (assuming it does not throw an exception)
|
||||||
|
return $newPassword;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,35 +60,13 @@ trait SeriesUser {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testAddANewUser() {
|
public function testAddANewUser() {
|
||||||
$this->assertSame("", Arsse::$db->userAdd("john.doe@example.org", ""));
|
$this->assertTrue(Arsse::$db->userAdd("john.doe@example.org", ""));
|
||||||
Phake::verify(Arsse::$user)->authorize("john.doe@example.org", "userAdd");
|
Phake::verify(Arsse::$user)->authorize("john.doe@example.org", "userAdd");
|
||||||
$state = $this->primeExpectations($this->data, ['arsse_users' => ['id','name','rights']]);
|
$state = $this->primeExpectations($this->data, ['arsse_users' => ['id','name','rights']]);
|
||||||
$state['arsse_users']['rows'][] = ["john.doe@example.org", null, 0];
|
$state['arsse_users']['rows'][] = ["john.doe@example.org", null, 0];
|
||||||
$this->compareExpectations($state);
|
$this->compareExpectations($state);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @depends testGetAPassword
|
|
||||||
* @depends testAddANewUser
|
|
||||||
*/
|
|
||||||
public function testAddANewUserWithARandomPassword() {
|
|
||||||
$user1 = "john.doe@example.org";
|
|
||||||
$user2 = "john.doe@example.net";
|
|
||||||
$pass1 = Arsse::$db->userAdd($user1);
|
|
||||||
$pass2 = Arsse::$db->userAdd($user2);
|
|
||||||
$this->assertSame(Arsse::$conf->userTempPasswordLength, strlen($pass1));
|
|
||||||
$this->assertSame(Arsse::$conf->userTempPasswordLength, strlen($pass2));
|
|
||||||
$this->assertNotEquals($pass1, $pass2);
|
|
||||||
$hash1 = Arsse::$db->userPasswordGet($user1);
|
|
||||||
$hash2 = Arsse::$db->userPasswordGet($user2);
|
|
||||||
Phake::verify(Arsse::$user)->authorize($user1, "userAdd");
|
|
||||||
Phake::verify(Arsse::$user)->authorize($user2, "userAdd");
|
|
||||||
Phake::verify(Arsse::$user)->authorize($user1, "userPasswordGet");
|
|
||||||
Phake::verify(Arsse::$user)->authorize($user2, "userPasswordGet");
|
|
||||||
$this->assertTrue(password_verify($pass1, $hash1), "Failed verifying password of $user1 '$pass1' against hash '$hash1'.");
|
|
||||||
$this->assertTrue(password_verify($pass2, $hash2), "Failed verifying password of $user2 '$pass2' against hash '$hash2'.");
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testAddAnExistingUser() {
|
public function testAddAnExistingUser() {
|
||||||
$this->assertException("alreadyExists", "User");
|
$this->assertException("alreadyExists", "User");
|
||||||
Arsse::$db->userAdd("john.doe@example.com", "");
|
Arsse::$db->userAdd("john.doe@example.com", "");
|
||||||
|
@ -136,19 +114,14 @@ trait SeriesUser {
|
||||||
*/
|
*/
|
||||||
public function testSetAPassword() {
|
public function testSetAPassword() {
|
||||||
$user = "john.doe@example.com";
|
$user = "john.doe@example.com";
|
||||||
|
$pass = "secret";
|
||||||
$this->assertEquals("", Arsse::$db->userPasswordGet($user));
|
$this->assertEquals("", Arsse::$db->userPasswordGet($user));
|
||||||
$pass = Arsse::$db->userPasswordSet($user, "secret");
|
$this->assertTrue(Arsse::$db->userPasswordSet($user, $pass));
|
||||||
$hash = Arsse::$db->userPasswordGet($user);
|
$hash = Arsse::$db->userPasswordGet($user);
|
||||||
$this->assertNotEquals("", $hash);
|
$this->assertNotEquals("", $hash);
|
||||||
Phake::verify(Arsse::$user)->authorize($user, "userPasswordSet");
|
Phake::verify(Arsse::$user)->authorize($user, "userPasswordSet");
|
||||||
$this->assertTrue(password_verify($pass, $hash), "Failed verifying password of $user '$pass' against hash '$hash'.");
|
$this->assertTrue(password_verify($pass, $hash), "Failed verifying password of $user '$pass' against hash '$hash'.");
|
||||||
}
|
}
|
||||||
public function testSetARandomPassword() {
|
|
||||||
$user = "john.doe@example.com";
|
|
||||||
$this->assertEquals("", Arsse::$db->userPasswordGet($user));
|
|
||||||
$pass = Arsse::$db->userPasswordSet($user);
|
|
||||||
$hash = Arsse::$db->userPasswordGet($user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testSetThePasswordOfAMissingUser() {
|
public function testSetThePasswordOfAMissingUser() {
|
||||||
$this->assertException("doesNotExist", "User");
|
$this->assertException("doesNotExist", "User");
|
||||||
|
|
Loading…
Add table
Reference in a new issue