Arsse/lib/User.php

<?php
/** @license MIT
 * Copyright 2017 J. King, Dustin Wilson et al.
 * See LICENSE and AUTHORS files for details */

declare(strict_types=1);
namespace JKingWeb\Arsse;

use PasswordGenerator\Generator as PassGen;

class User {
    const DRIVER_NAMES = [
        'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,
    ];

    public $id = null;

    /**
    * @var User\Driver
    */
    protected $u;

    public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {
        $this->u = $driver ?? new Arsse::$conf->userDriver;
    }

    public function __toString() {
        return (string) $this->id;
    }

    public function authorize(string $affectedUser, string $action): bool {
        // at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
        return $this->u->authorize($affectedUser, $action);
    }

    public function auth(string $user, string $password): bool {
        $prevUser = $this->id;
        $this->id = $user;
        if (Arsse::$conf->userPreAuth) {
            $out = true;
        } else {
            $out = $this->u->auth($user, $password);
        }
        // if authentication was successful and we don't have the user in the internal database, add it
        // users must be in the internal database to preserve referential integrity
        if ($out && !Arsse::$db->userExists($user)) {
            Arsse::$db->userAdd($user, $password);
        }
        $this->id = $prevUser;
        return $out;
    }

    public function list(): array {
        $func = "userList";
        if (!$this->authorize("", $func)) {
            throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
        }
        return $this->u->userList();
    }

    public function exists(string $user): bool {
        $func = "userExists";
        if (!$this->authorize($user, $func)) {
            throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
        }
        return $this->u->userExists($user);
    }

    public function add($user, $password = null): string {
        $func = "userAdd";
        if (!$this->authorize($user, $func)) {
            throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
        }
        return $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());
    }

    public function remove(string $user): bool {
        $func = "userRemove";
        if (!$this->authorize($user, $func)) {
            throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
        }
        try {
            return $this->u->userRemove($user);
        } finally { // @codeCoverageIgnore
            if (Arsse::$db->userExists($user)) {
                // if the user was removed and we (still) have it in the internal database, remove it there
                Arsse::$db->userRemove($user);
            }
        }
    }

    public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
        $func = "userPasswordSet";
        if (!$this->authorize($user, $func)) {
            throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
        }
        $out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);
        if (Arsse::$db->userExists($user)) {
            // if the password change was successful and the user exists, set the internal password to the same value
            Arsse::$db->userPasswordSet($user, $out);
            // also invalidate any current sessions for the user
            Arsse::$db->sessionDestroy($user);
        }
        return $out;
    }

    public function passwordUnset(string $user, $oldPassword = null): bool {
        $func = "userPasswordUnset";
        if (!$this->authorize($user, $func)) {
            throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
        }
        $out = $this->u->userPasswordUnset($user, $oldPassword);
        if (Arsse::$db->userExists($user)) {
            // if the password change was successful and the user exists, set the internal password to the same value
            Arsse::$db->userPasswordSet($user, null);
            // also invalidate any current sessions for the user
            Arsse::$db->sessionDestroy($user);
        }
        return $out;
    }

    public function generatePassword(): string {
        return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
    }
}
Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00			`<?php`
Added per-file legal boilerplate Includes PHPDoc license tag in the file-level block with accompanying copyright notice. Also added an AUTHORS file on the off chance of outside contributions 2017-11-16 20:23:18 -05:00			`/** @license MIT`
			`* Copyright 2017 J. King, Dustin Wilson et al.`
			`* See LICENSE and AUTHORS files for details */`

Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00			`declare(strict_types=1);`
Changed "NewsSync" to "Arsse" 2017-03-28 00:12:12 -04:00			`namespace JKingWeb\Arsse;`
Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`use PasswordGenerator\Generator as PassGen;`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00
Functioning (but still incomplete) user management 2016-10-28 08:27:35 -04:00			`class User {`
Validate configuration parameters on import, and other changes - Each parameter is checked for type and normalized - Interval strings are converted to DateInterval objects - Timeouts can be specified as interval strings - Most intervals can be null to signify infinity - Driver classes are checked that they implement the correct interface - Short driver names may be used, and are used by default - Helpful errors messages are printed in case of erroneous configuration Exporting is currently broken; this will be fixed in an upcoming commit 2019-01-20 22:40:49 -05:00			`const DRIVER_NAMES = [`
			`'internal' => \JKingWeb\Arsse\User\Internal\Driver::class,`
			`];`

Passed code through linter 2017-08-29 10:50:31 -04:00			`public $id = null;`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00
Add PHPHDoc type hints for certain class properties This should aid autocompletion in IDEs 2017-07-14 10:16:16 -04:00			`/**`
			`* @var User\Driver`
			`*/`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`protected $u;`
Fix whitespace Also fixed my editor so tabs won't happen again! 2017-04-06 21:41:21 -04:00
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {`
			`$this->u = $driver ?? new Arsse::$conf->userDriver;`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`

			`public function __toString() {`
			`return (string) $this->id;`
			`}`

Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`public function authorize(string $affectedUser, string $action): bool {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`// at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired`
			`return $this->u->authorize($affectedUser, $action);`
Remove authz from User driver; moved to main class 2017-02-22 23:22:45 -05:00			`}`
Fix whitespace Also fixed my editor so tabs won't happen again! 2017-04-06 21:41:21 -04:00
Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`public function auth(string $user, string $password): bool {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`$prevUser = $this->id;`
Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`$this->id = $user;`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (Arsse::$conf->userPreAuth) {`
			`$out = true;`
			`} else {`
			`$out = $this->u->auth($user, $password);`
			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`// if authentication was successful and we don't have the user in the internal database, add it`
			`// users must be in the internal database to preserve referential integrity`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if ($out && !Arsse::$db->userExists($user)) {`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`Arsse::$db->userAdd($user, $password);`
More code coverage accommodation 2017-07-20 22:40:09 -04:00			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`$this->id = $prevUser;`
Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`return $out;`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`

Strip out unused user management functionality Tests have been removed as well; new tests are forthcoming 2018-10-28 10:59:17 -04:00			`public function list(): array {`
Complete rewrite of User class and other changes - User-related database methods will now throw User\Exception upon errors - Internal userAdd method can now generate random passwords - Pursuant to above, dependency on password genrator has been added, and password-related methods now return strings instead of booleans - User class methods now all explicitly follow different branches for internal/external/missing implementations - various User class methods now perform auto-provisioning of the internal database when external implementations report success on users not in the database - Tests have been adjusted to account for the above changes - Lots is probably still broken 2017-02-20 17:04:13 -05:00			`$func = "userList";`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (!$this->authorize("", $func)) {`
			`throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`return $this->u->userList();`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`

			`public function exists(string $user): bool {`
Complete rewrite of User class and other changes - User-related database methods will now throw User\Exception upon errors - Internal userAdd method can now generate random passwords - Pursuant to above, dependency on password genrator has been added, and password-related methods now return strings instead of booleans - User class methods now all explicitly follow different branches for internal/external/missing implementations - various User class methods now perform auto-provisioning of the internal database when external implementations report success on users not in the database - Tests have been adjusted to account for the above changes - Lots is probably still broken 2017-02-20 17:04:13 -05:00			`$func = "userExists";`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (!$this->authorize($user, $func)) {`
			`throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);`
			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`return $this->u->userExists($user);`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`

Complete rewrite of User class and other changes - User-related database methods will now throw User\Exception upon errors - Internal userAdd method can now generate random passwords - Pursuant to above, dependency on password genrator has been added, and password-related methods now return strings instead of booleans - User class methods now all explicitly follow different branches for internal/external/missing implementations - various User class methods now perform auto-provisioning of the internal database when external implementations report success on users not in the database - Tests have been adjusted to account for the above changes - Lots is probably still broken 2017-02-20 17:04:13 -05:00			`public function add($user, $password = null): string {`
			`$func = "userAdd";`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (!$this->authorize($user, $func)) {`
			`throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`return $this->u->userAdd($user, $password) ?? $this->u->userAdd($user, $this->generatePassword());`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`

			`public function remove(string $user): bool {`
Complete rewrite of User class and other changes - User-related database methods will now throw User\Exception upon errors - Internal userAdd method can now generate random passwords - Pursuant to above, dependency on password genrator has been added, and password-related methods now return strings instead of booleans - User class methods now all explicitly follow different branches for internal/external/missing implementations - various User class methods now perform auto-provisioning of the internal database when external implementations report success on users not in the database - Tests have been adjusted to account for the above changes - Lots is probably still broken 2017-02-20 17:04:13 -05:00			`$func = "userRemove";`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (!$this->authorize($user, $func)) {`
			`throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);`
			`}`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`try {`
			`return $this->u->userRemove($user);`
Appease phpdbg coverage bug 2018-11-03 13:49:02 -04:00			`} finally { // @codeCoverageIgnore`
More simplification Authentication is now used as the primary point of synchronization between the internal database and any external database 2018-11-02 10:01:49 -04:00			`if (Arsse::$db->userExists($user)) {`
			`// if the user was removed and we (still) have it in the internal database, remove it there`
			`Arsse::$db->userRemove($user);`
			`}`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`
			`}`

More User tests and resultant fixes 2017-02-20 19:04:08 -05:00			`public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {`
Complete rewrite of User class and other changes - User-related database methods will now throw User\Exception upon errors - Internal userAdd method can now generate random passwords - Pursuant to above, dependency on password genrator has been added, and password-related methods now return strings instead of booleans - User class methods now all explicitly follow different branches for internal/external/missing implementations - various User class methods now perform auto-provisioning of the internal database when external implementations report success on users not in the database - Tests have been adjusted to account for the above changes - Lots is probably still broken 2017-02-20 17:04:13 -05:00			`$func = "userPasswordSet";`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`if (!$this->authorize($user, $func)) {`
			`throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword) ?? $this->u->userPasswordSet($user, $this->generatePassword(), $oldPassword);`
			`if (Arsse::$db->userExists($user)) {`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`// if the password change was successful and the user exists, set the internal password to the same value`
			`Arsse::$db->userPasswordSet($user, $out);`
Invalidate sessions on password change; closes #170 2019-07-25 22:34:58 -04:00			`// also invalidate any current sessions for the user`
			`Arsse::$db->sessionDestroy($user);`
Remove the distinction between internal and external user functionality 2018-10-28 13:50:57 -04:00			`}`
			`return $out;`
Converted all hard tabs to soft tabs 2017-02-16 15:29:42 -05:00			`}`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00
Add means of unsetting a password in the backend 2019-03-24 14:42:23 -04:00			`public function passwordUnset(string $user, $oldPassword = null): bool {`
			`$func = "userPasswordUnset";`
			`if (!$this->authorize($user, $func)) {`
			`throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);`
			`}`
			`$out = $this->u->userPasswordUnset($user, $oldPassword);`
			`if (Arsse::$db->userExists($user)) {`
			`// if the password change was successful and the user exists, set the internal password to the same value`
			`Arsse::$db->userPasswordSet($user, null);`
Invalidate sessions on password change; closes #170 2019-07-25 22:34:58 -04:00			`// also invalidate any current sessions for the user`
			`Arsse::$db->sessionDestroy($user);`
Add means of unsetting a password in the backend 2019-03-24 14:42:23 -04:00			`}`
			`return $out;`
			`}`

Basic Fever skeleton Authentication should work, but not tests have been written yet 2019-03-09 22:44:59 -05:00			`public function generatePassword(): string {`
Move password generation to the User class This allows user drivers which wish to generate their own passwords to do so, and those which do not to defer to the built-in generator 2018-11-02 11:52:55 -04:00			`return (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();`
			`}`
Passed code through linter 2017-08-29 10:50:31 -04:00			`}`