From a485913535aceeb73660b8149e06c81ff60d40ca Mon Sep 17 00:00:00 2001 From: "J. King" Date: Fri, 18 Aug 2017 10:20:43 -0400 Subject: [PATCH] Update readme; remove username composition; default pre-auth to false --- README.md | 44 ++++++++++++++++++-------------- lib/Conf.php | 5 +--- lib/User.php | 15 ++--------- tests/User/TestAuthorization.php | 1 - 4 files changed, 28 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index eea9a054..525aa513 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,37 @@ -Arsse: Advanced RSS Environment +The Advanced RSS Environment =============================== -TODO: Fill in stuff +The Arsse is a news aggregator server which implements [version 1.2](https://github.com/nextcloud/news/blob/master/docs/externalapi/Legacy.md) of [NextCloud News](https://github.com/nextcloud/news)'s client-server synchronization protocol. Unlike most other aggregator servers, the Arsse does not include a Web front-end (though one is planned as a separate project), and it relies on existing protocols to maximize compatibility with existing clients. + +At present the software should be considered in an "alpha" state: though its core subsystems are covered by unit tests and should be free of major bugs, not everything has been rigorously tested. Additionally, though the NextCloud News protocol is fully supported, many features one would expect from other similar software have yet to be implemented. Areas of future work include: + +- Support for more database engines (PostgreSQL, MySQL, MariaDB) +- Providing more sync protocols (Tiny Tiny RSS, Fever, others) +- Tools for managing users (manual insertion into the database is currently required) +- Better packaging and configuration samples Requirements ------------ Arsse has the following requirements: -- A Web server; example configuration currently exists for: - - nginx - - Apache 2 +- A Web server - PHP 7.0.7 or newer with the following extensions: - - [intl](http://php.net/manual/en/book.intl.php) - - [json](http://php.net/manual/en/book.json.php) - - [hash](http://php.net/manual/en/book.hash.php) -- One of the following supported databases, and the PHP extension to use it: - - SQLite 3.8.3 or newer - - PostgreSQL 8.4 or newer - - MySQL 8.0.1 or newer - - MariaDB 10.2.2 or newer -- The ability to run background services on the server; service files currently exist for: - - systemd - - launchd - - sysvinit + - [intl](http://php.net/manual/en/book.intl.php), [json](http://php.net/manual/en/book.json.php), and [hash](http://php.net/manual/en/book.hash.php) + - [dom](http://php.net/manual/en/book.dom.php), [simplexml](http://php.net/manual/en/book.simplexml.php), and [iconv](http://php.net/manual/en/book.iconv.php) (for picoFeed) + - [sqlite3](http://php.net/manual/en/book.sqlite3.php) +- The ability to run daemon processes on the server -**FIXME:** The requirements listed are prospective and not representative of the actual requirements as of this writing. Currently only SQLite is supported, no Web server configuration has yet been written, and no background process yet exists, never mind service files to run it. +Installation +------------ + +TODO: Work out how the system should be installed + +If installing from the Git repository rather than a download package, you will need [Composer](https://getcomposer.org/) to fetch required PHP libraries. Once Composer is installed, dependencies may be downloaded with the following command: + +``` sh +php composer.phar install -o --no-dev +``` License ------- @@ -39,7 +45,7 @@ To run the test suite, you must have [Composer](https://getcomposer.org/) instal ``` sh # first install dependencies -composer install +php composer.phar install # run the tests ./tests/test ``` diff --git a/lib/Conf.php b/lib/Conf.php index bd63dc91..67fb30f6 100644 --- a/lib/Conf.php +++ b/lib/Conf.php @@ -49,10 +49,7 @@ class Conf { /** @var string Class of the user management driver in use (Internal by default) */ public $userDriver = User\Internal\Driver::class; /** @var boolean Whether users are already authenticated by the Web server before the application is executed */ - public $userPreAuth = true; - /** @var boolean Whether to automatically append the hostname to form a user@host combination before performing authentication - * @deprecated */ - public $userComposeNames = true; + public $userPreAuth = false; /** @var integer Desired length of temporary user passwords */ public $userTempPasswordLength = 20; diff --git a/lib/User.php b/lib/User.php index 64968153..40128839 100644 --- a/lib/User.php +++ b/lib/User.php @@ -81,7 +81,7 @@ class User { return false; } // if actor is a domain admin/manager and domains don't match, deny the request - if(Arsse::$conf->userComposeNames && $this->actor["domain"] && $rights != User\Driver::RIGHTS_GLOBAL_MANAGER) { + if($this->actor["domain"] && $rights != User\Driver::RIGHTS_GLOBAL_MANAGER) { $test = "@".$this->actor["domain"]; if(substr($affectedUser,-1*strlen($test)) != $test) { return false; @@ -128,9 +128,6 @@ class User { } else { $out = ["user" => "", "password" => ""]; } - if(Arsse::$conf->userComposeNames && $out["user"] != "") { - $out["user"] = $this->composeName($out["user"]); - } $this->id = $out["user"]; return $out; } @@ -308,7 +305,7 @@ class User { public function propertiesGet(string $user, bool $withAvatar = false): array { // prepare default values $domain = null; - if(Arsse::$conf->userComposeNames) { + if(strrpos($user,"@")!==false) { $domain = substr($user,strrpos($user,"@")+1); } $init = [ @@ -424,14 +421,6 @@ class User { } } - protected function composeName(string $user): string { - if(preg_match("/.+?@[^@]+$/",$user)) { - return $user; - } else { - return $user."@".$_SERVER['HTTP_HOST']; - } - } - protected function autoProvision(string $user, string $password = null, array $properties = null, int $rights = 0): string { // temporarily disable authorization checks, to avoid potential problems $this->authorizationEnabled(false); diff --git a/tests/User/TestAuthorization.php b/tests/User/TestAuthorization.php index a442515c..69a67031 100644 --- a/tests/User/TestAuthorization.php +++ b/tests/User/TestAuthorization.php @@ -49,7 +49,6 @@ class TestAuthorization extends Test\AbstractTest { $conf = new Conf(); $conf->userDriver = $drv; $conf->userPreAuth = false; - $conf->userComposeNames = true; Arsse::$conf = $conf; if($db !== null) { Arsse::$db = new $db();