MensBeam
/
Arsse
3
1
Fork 0
Code Issues 24 Pull Requests Releases 28 Activity
Browse Source

More code coverage accommodation

microsub
J. King 7 years ago
parent
cbdcacd1c3
commit
d3bca6eb47
22 changed files with 640 additions and 229 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .gitignore
  2. 268
      lib/Database.php
  3. 16
      lib/Db/AbstractDriver.php
  4. 24
      lib/Db/AbstractStatement.php
  5. 8
      lib/Db/SQLite3/Statement.php
  6. 80
      lib/Feed.php
  7. 55
      lib/Lang.php
  8. 20
      lib/Misc/Context.php
  9. 8
      lib/Misc/Date.php
  10. 8
      lib/Misc/Query.php
  11. 8
      lib/REST.php
  12. 24
      lib/REST/AbstractHandler.php
  13. 90
      lib/REST/NextCloudNews/V1_2.php
  14. 20
      lib/REST/Request.php
  15. 4
      lib/Service.php
  16. 2
      lib/Service/Curl/Driver.php
  17. 160
      lib/User.php
  18. 4
      lib/User/Internal/Driver.php
  19. 31
      lib/User/Internal/InternalFunctions.php
  20. 8
      tests/Misc/TestContext.php
  21. 2
      tests/REST/NextCloudNews/TestNCNV1_2.php
  22. 28
      tests/User/TestAuthorization.php

1
.gitignore
View File

@ -3,6 +3,7 @@ vendor/
#temp files #temp files
documentation/ documentation/
tests/coverage
arsse.db* arsse.db*
# Windows image file caches # Windows image file caches

268
lib/Database.php
View File

@ -42,7 +42,9 @@ class Database {
} }
public function driverSchemaUpdate(): bool { public function driverSchemaUpdate(): bool {
if($this->db->schemaVersion() < self::SCHEMA_VERSION) return $this->db->schemaUpdate(self::SCHEMA_VERSION); if($this->db->schemaVersion() < self::SCHEMA_VERSION) {
return $this->db->schemaUpdate(self::SCHEMA_VERSION);
}
return false; return false;
} }
@ -53,7 +55,9 @@ class Database {
[], // binding values [], // binding values
]; ];
foreach($valid as $prop => $type) { foreach($valid as $prop => $type) {
if(!array_key_exists($prop, $props)) continue; if(!array_key_exists($prop, $props)) {
continue;
}
$out[0][] = "$prop = ?"; $out[0][] = "$prop = ?";
$out[1][] = $type; $out[1][] = $type;
$out[2][] = $props[$prop]; $out[2][] = $props[$prop];
@ -95,37 +99,54 @@ class Database {
} }
public function userExists(string $user): bool { public function userExists(string $user): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
return (bool) $this->db->prepare("SELECT count(*) from arsse_users where id is ?", "str")->run($user)->getValue(); return (bool) $this->db->prepare("SELECT count(*) from arsse_users where id is ?", "str")->run($user)->getValue();
} }
public function userAdd(string $user, string $password = null): string { public function userAdd(string $user, string $password = null): string {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if($this->userExists($user)) throw new User\Exception("alreadyExists", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
if($password===null) $password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get(); } else if($this->userExists($user)) {
throw new User\Exception("alreadyExists", ["action" => __FUNCTION__, "user" => $user]);
}
if($password===null) {
$password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
}
$hash = ""; $hash = "";
if(strlen($password) > 0) $hash = password_hash($password, \PASSWORD_DEFAULT); if(strlen($password) > 0) {
$hash = password_hash($password, \PASSWORD_DEFAULT);
}
$this->db->prepare("INSERT INTO arsse_users(id,password) values(?,?)", "str", "str")->runArray([$user,$hash]); $this->db->prepare("INSERT INTO arsse_users(id,password) values(?,?)", "str", "str")->runArray([$user,$hash]);
return $password; return $password;
} }
public function userRemove(string $user): bool { public function userRemove(string $user): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if($this->db->prepare("DELETE from arsse_users where id is ?", "str")->run($user)->changes() < 1) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if($this->db->prepare("DELETE from arsse_users where id is ?", "str")->run($user)->changes() < 1) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
return true; return true;
} }
public function userList(string $domain = null): array { public function userList(string $domain = null): array {
$out = []; $out = [];
if($domain !== null) { if($domain !== null) {
if(!Arsse::$user->authorize("@".$domain, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $domain]); if(!Arsse::$user->authorize("@".$domain, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $domain]);
}
$domain = str_replace(["\\","%","_"],["\\\\", "\\%", "\\_"], $domain); $domain = str_replace(["\\","%","_"],["\\\\", "\\%", "\\_"], $domain);
$domain = "%@".$domain; $domain = "%@".$domain;
foreach($this->db->prepare("SELECT id from arsse_users where id like ?", "str")->run($domain) as $user) { foreach($this->db->prepare("SELECT id from arsse_users where id like ?", "str")->run($domain) as $user) {
$out[] = $user['id']; $out[] = $user['id'];
} }
} else { } else {
if(!Arsse::$user->authorize("", __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => "global"]); if(!Arsse::$user->authorize("", __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => "global"]);
}
foreach($this->db->prepare("SELECT id from arsse_users")->run() as $user) { foreach($this->db->prepare("SELECT id from arsse_users")->run() as $user) {
$out[] = $user['id']; $out[] = $user['id'];
} }
@ -134,31 +155,48 @@ class Database {
} }
public function userPasswordGet(string $user): string { public function userPasswordGet(string $user): string {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
return (string) $this->db->prepare("SELECT password from arsse_users where id is ?", "str")->run($user)->getValue(); return (string) $this->db->prepare("SELECT password from arsse_users where id is ?", "str")->run($user)->getValue();
} }
public function userPasswordSet(string $user, string $password = null): string { public function userPasswordSet(string $user, string $password = null): string {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
if($password===null) $password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get(); } else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
if($password===null) {
$password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
}
$hash = ""; $hash = "";
if(strlen($password) > 0) $hash = password_hash($password, \PASSWORD_DEFAULT); if(strlen($password) > 0) {
$hash = password_hash($password, \PASSWORD_DEFAULT);
}
$this->db->prepare("UPDATE arsse_users set password = ? where id is ?", "str", "str")->run($hash, $user); $this->db->prepare("UPDATE arsse_users set password = ? where id is ?", "str", "str")->run($hash, $user);
return $password; return $password;
} }
public function userPropertiesGet(string $user): array { public function userPropertiesGet(string $user): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$prop = $this->db->prepare("SELECT name,rights from arsse_users where id is ?", "str")->run($user)->getRow(); $prop = $this->db->prepare("SELECT name,rights from arsse_users where id is ?", "str")->run($user)->getRow();
if(!$prop) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); if(!$prop) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
return $prop; return $prop;
} }
public function userPropertiesSet(string $user, array $properties): array { public function userPropertiesSet(string $user, array $properties): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
$valid = [ // FIXME: add future properties $valid = [ // FIXME: add future properties
"name" => "str", "name" => "str",
]; ];
@ -168,13 +206,18 @@ class Database {
} }
public function userRightsGet(string $user): int { public function userRightsGet(string $user): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
return (int) $this->db->prepare("SELECT rights from arsse_users where id is ?", "str")->run($user)->getValue(); return (int) $this->db->prepare("SELECT rights from arsse_users where id is ?", "str")->run($user)->getValue();
} }
public function userRightsSet(string $user, int $rights): bool { public function userRightsSet(string $user, int $rights): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__, $rights)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__, $rights)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
$this->db->prepare("UPDATE arsse_users set rights = ? where id is ?", "int", "str")->run($rights, $user); $this->db->prepare("UPDATE arsse_users set rights = ? where id is ?", "int", "str")->run($rights, $user);
return true; return true;
} }
@ -198,7 +241,9 @@ class Database {
} else { } else {
// if a parent is specified, make sure it exists and belongs to the user; get its root (first-level) folder if it's a nested folder // if a parent is specified, make sure it exists and belongs to the user; get its root (first-level) folder if it's a nested folder
$p = $this->db->prepare("SELECT id from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $parent)->getValue(); $p = $this->db->prepare("SELECT id from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $parent)->getValue();
if(!$p) throw new Db\ExceptionInput("idMissing", ["action" => __FUNCTION__, "field" => "parent", 'id' => $parent]); if(!$p) {
throw new Db\ExceptionInput("idMissing", ["action" => __FUNCTION__, "field" => "parent", 'id' => $parent]);
}
} }
// check if a folder by the same name already exists, because nulls are wonky in SQL // check if a folder by the same name already exists, because nulls are wonky in SQL
// FIXME: How should folder name be compared? Should a Unicode normalization be applied before comparison and insertion? // FIXME: How should folder name be compared? Should a Unicode normalization be applied before comparison and insertion?
@ -232,24 +277,36 @@ class Database {
} }
public function folderRemove(string $user, int $id): bool { public function folderRemove(string $user, int $id): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$changes = $this->db->prepare("DELETE FROM arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->changes(); $changes = $this->db->prepare("DELETE FROM arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->changes();
if(!$changes) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]); if(!$changes) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]);
}
return true; return true;
} }
public function folderPropertiesGet(string $user, int $id): array { public function folderPropertiesGet(string $user, int $id): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$props = $this->db->prepare("SELECT id,name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow(); $props = $this->db->prepare("SELECT id,name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow();
if(!$props) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]); if(!$props) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]);
}
return $props; return $props;
} }
public function folderPropertiesSet(string $user, int $id, array $data): bool { public function folderPropertiesSet(string $user, int $id, array $data): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// validate the folder ID and, if specified, the parent to move it to // validate the folder ID and, if specified, the parent to move it to
$parent = null; $parent = null;
if(array_key_exists("parent", $data)) $parent = $data['parent']; if(array_key_exists("parent", $data)) {
$parent = $data['parent'];
}
$f = $this->folderValidateId($user, $id, $parent, true); $f = $this->folderValidateId($user, $id, $parent, true);
// if a new name is specified, validate it // if a new name is specified, validate it
if(array_key_exists("name", $data)) { if(array_key_exists("name", $data)) {
@ -279,7 +336,9 @@ class Database {
} }
// check whether the folder exists and is owned by the user // check whether the folder exists and is owned by the user
$f = $this->db->prepare("SELECT name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow(); $f = $this->db->prepare("SELECT name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow();
if(!$f) throw new Db\ExceptionInput($subject ? "subjectMissing" : "idMissing", ["action" => $this->caller(), "field" => "folder", 'id' => $parent]); if(!$f) {
throw new Db\ExceptionInput($subject ? "subjectMissing" : "idMissing", ["action" => $this->caller(), "field" => "folder", 'id' => $parent]);
}
// if we're moving a folder to a new parent, check that the parent is valid // if we're moving a folder to a new parent, check that the parent is valid
if(!is_null($parent)) { if(!is_null($parent)) {
// make sure both that the parent exists, and that the parent is not either the folder itself or one of its children (a circular dependence) // make sure both that the parent exists, and that the parent is not either the folder itself or one of its children (a circular dependence)
@ -293,7 +352,9 @@ class Database {
throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]); throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]);
} else { } else {
// if using the desired parent would create a circular dependence, throw a different exception // if using the desired parent would create a circular dependence, throw a different exception
if(!$p['valid']) throw new Db\ExceptionInput("circularDependence", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]); if(!$p['valid']) {
throw new Db\ExceptionInput("circularDependence", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]);
}
} }
} }
return $f; return $f;
@ -311,7 +372,9 @@ class Database {
} }
public function subscriptionAdd(string $user, string $url, string $fetchUser = "", string $fetchPassword = ""): int { public function subscriptionAdd(string $user, string $url, string $fetchUser = "", string $fetchPassword = ""): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// check to see if the feed exists // check to see if the feed exists
$feedID = $this->db->prepare("SELECT id from arsse_feeds where url is ? and username is ? and password is ?", "str", "str", "str")->run($url, $fetchUser, $fetchPassword)->getValue(); $feedID = $this->db->prepare("SELECT id from arsse_feeds where url is ? and username is ? and password is ?", "str", "str", "str")->run($url, $fetchUser, $fetchPassword)->getValue();
if(is_null($feedID)) { if(is_null($feedID)) {
@ -331,7 +394,9 @@ class Database {
} }
public function subscriptionList(string $user, int $folder = null, int $id = null): Db\Result { public function subscriptionList(string $user, int $folder = null, int $id = null): Db\Result {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// create a complex query // create a complex query
$q = new Query( $q = new Query(
"SELECT "SELECT
@ -366,24 +431,34 @@ class Database {
} }
public function subscriptionRemove(string $user, int $id): bool { public function subscriptionRemove(string $user, int $id): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$changes = $this->db->prepare("DELETE from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->changes(); $changes = $this->db->prepare("DELETE from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->changes();
if(!$changes) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]); if(!$changes) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]);
}
return true; return true;
} }
public function subscriptionPropertiesGet(string $user, int $id): array { public function subscriptionPropertiesGet(string $user, int $id): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// disable authorization checks for the list call // disable authorization checks for the list call
Arsse::$user->authorizationEnabled(false); Arsse::$user->authorizationEnabled(false);
$sub = $this->subscriptionList($user, null, $id)->getRow(); $sub = $this->subscriptionList($user, null, $id)->getRow();
Arsse::$user->authorizationEnabled(true); Arsse::$user->authorizationEnabled(true);
if(!$sub) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $id]); if(!$sub) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $id]);
}
return $sub; return $sub;
} }
public function subscriptionPropertiesSet(string $user, int $id, array $data): bool { public function subscriptionPropertiesSet(string $user, int $id, array $data): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$tr = $this->db->begin(); $tr = $this->db->begin();
if(!$this->db->prepare("SELECT count(*) from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->getValue()) { if(!$this->db->prepare("SELECT count(*) from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->getValue()) {
// if the ID doesn't exist or doesn't belong to the user, throw an exception // if the ID doesn't exist or doesn't belong to the user, throw an exception
@ -397,8 +472,11 @@ class Database {
// if the title is null, this signals intended use of the default title; otherwise make sure it's not effectively an empty string // if the title is null, this signals intended use of the default title; otherwise make sure it's not effectively an empty string
if(!is_null($data['title'])) { if(!is_null($data['title'])) {
$title = (string) $data['title']; $title = (string) $data['title'];
if(!strlen($title)) throw new Db\ExceptionInput("missing", ["action" => __FUNCTION__, "field" => "title"]); if(!strlen($title)) {
if(!strlen(trim($title))) throw new Db\ExceptionInput("whitespace", ["action" => __FUNCTION__, "field" => "title"]); throw new Db\ExceptionInput("missing", ["action" => __FUNCTION__, "field" => "title"]);
} else if(!strlen(trim($title))) {
throw new Db\ExceptionInput("whitespace", ["action" => __FUNCTION__, "field" => "title"]);
}
$data['title'] = $title; $data['title'] = $title;
} }
} }
@ -416,7 +494,9 @@ class Database {
protected function subscriptionValidateId(string $user, int $id): array { protected function subscriptionValidateId(string $user, int $id): array {
$out = $this->db->prepare("SELECT feed from arsse_subscriptions where id is ? and owner is ?", "int", "str")->run($id, $user)->getRow(); $out = $this->db->prepare("SELECT feed from arsse_subscriptions where id is ? and owner is ?", "int", "str")->run($id, $user)->getRow();
if(!$out) throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "subscription", 'id' => $id]); if(!$out) {
throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "subscription", 'id' => $id]);
}
return $out; return $out;
} }
@ -429,7 +509,9 @@ class Database {
$tr = $this->db->begin(); $tr = $this->db->begin();
// check to make sure the feed exists // check to make sure the feed exists
$f = $this->db->prepare("SELECT url, username, password, modified, etag, err_count, scrape FROM arsse_feeds where id is ?", "int")->run($feedID)->getRow(); $f = $this->db->prepare("SELECT url, username, password, modified, etag, err_count, scrape FROM arsse_feeds where id is ?", "int")->run($feedID)->getRow();
if(!$f) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $feedID]); if(!$f) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $feedID]);
}
// determine whether the feed's items should be scraped for full content from the source Web site // determine whether the feed's items should be scraped for full content from the source Web site
$scrape = (Arsse::$conf->fetchEnableScraping && $f['scrape']); $scrape = (Arsse::$conf->fetchEnableScraping && $f['scrape']);
// the Feed object throws an exception when there are problems, but that isn't ideal // the Feed object throws an exception when there are problems, but that isn't ideal
@ -450,7 +532,9 @@ class Database {
'datetime', 'str', 'int' 'datetime', 'str', 'int'
)->run(Feed::nextFetchOnError($f['err_count']), $e->getMessage(),$feedID); )->run(Feed::nextFetchOnError($f['err_count']), $e->getMessage(),$feedID);
$tr->commit(); $tr->commit();
if($throwError) throw $e; if($throwError) {
throw $e;
}
return false; return false;
} }
//prepare the necessary statements to perform the update //prepare the necessary statements to perform the update
@ -561,7 +645,9 @@ class Database {
} }
public function articleStarredCount(string $user, array $context = []): int { public function articleStarredCount(string $user, array $context = []): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
return $this->db->prepare( return $this->db->prepare(
"WITH RECURSIVE "WITH RECURSIVE
user(user) as (SELECT ?), user(user) as (SELECT ?),
@ -576,8 +662,12 @@ class Database {
} }
public function editionLatest(string $user, Context $context = null): int { public function editionLatest(string $user, Context $context = null): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$context) $context = new Context; throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if(!$context) {
$context = new Context;
}
$q = new Query("SELECT max(arsse_editions.id) from arsse_editions left join arsse_articles on article is arsse_articles.id left join arsse_feeds on arsse_articles.feed is arsse_feeds.id"); $q = new Query("SELECT max(arsse_editions.id) from arsse_editions left join arsse_articles on article is arsse_articles.id left join arsse_feeds on arsse_articles.feed is arsse_feeds.id");
if($context->subscription()) { if($context->subscription()) {
// if a subscription is specified, make sure it exists // if a subscription is specified, make sure it exists
@ -592,8 +682,12 @@ class Database {
} }
public function articleList(string $user, Context $context = null): Db\Result { public function articleList(string $user, Context $context = null): Db\Result {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$context) $context = new Context; throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if(!$context) {
$context = new Context;
}
$q = new Query( $q = new Query(
"SELECT "SELECT
arsse_articles.id as id, arsse_articles.id as id,
@ -637,21 +731,37 @@ class Database {
$q->setCTE("subscribed_feeds(id,sub)", "SELECT feed,id from arsse_subscriptions join user on user is owner"); $q->setCTE("subscribed_feeds(id,sub)", "SELECT feed,id from arsse_subscriptions join user on user is owner");
} }
// filter based on edition offset // filter based on edition offset
if($context->oldestEdition()) $q->setWhere("edition >= ?", "int", $context->oldestEdition); if($context->oldestEdition()) {
if($context->latestEdition()) $q->setWhere("edition <= ?", "int", $context->latestEdition); $q->setWhere("edition >= ?", "int", $context->oldestEdition);
}
if($context->latestEdition()) {
$q->setWhere("edition <= ?", "int", $context->latestEdition);
}
// filter based on lastmod time // filter based on lastmod time
if($context->modifiedSince()) $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince); if($context->modifiedSince()) {
if($context->notModifiedSince()) $q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince); $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince);
}
if($context->notModifiedSince()) {
$q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince);
}
// filter for un/read and un/starred status if specified // filter for un/read and un/starred status if specified
if($context->unread()) $q->setWhere("unread is ?", "bool", $context->unread); if($context->unread()) {
if($context->starred()) $q->setWhere("starred is ?", "bool", $context->starred); $q->setWhere("unread is ?", "bool", $context->unread);
}
if($context->starred()) {
$q->setWhere("starred is ?", "bool", $context->starred);
}
// perform the query and return results // perform the query and return results
return $this->db->prepare($q->getQuery(), $q->getTypes())->run($q->getValues()); return $this->db->prepare($q->getQuery(), $q->getTypes())->run($q->getValues());
} }
public function articleMark(string $user, array $data, Context $context = null): bool { public function articleMark(string $user, array $data, Context $context = null): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$context) $context = new Context; throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if(!$context) {
$context = new Context;
}
// sanitize input // sanitize input
$values = [ $values = [
isset($data['read']) ? $data['read'] : null, isset($data['read']) ? $data['read'] : null,
@ -683,7 +793,9 @@ class Database {
// make sure the edition exists // make sure the edition exists
$edition = $this->articleValidateEdition($user, $context->edition); $edition = $this->articleValidateEdition($user, $context->edition);
// if the edition is not the latest, do not mark the read flag // if the edition is not the latest, do not mark the read flag
if(!$edition['current']) $values[0] = null; if(!$edition['current']) {
$values[0] = null;
}
} else if($context->article()) { } else if($context->article()) {
// otherwise if an article context is specified, make sure it's valid // otherwise if an article context is specified, make sure it's valid
$this->articleValidateId($user, $context->article); $this->articleValidateId($user, $context->article);
@ -731,8 +843,11 @@ class Database {
} }
if($context->editions()) { if($context->editions()) {
// if multiple specific editions have been requested, prepare a CTE to list them and their articles // if multiple specific editions have been requested, prepare a CTE to list them and their articles
if(!$context->editions) throw new Db\ExceptionInput("tooShort", ['field' => "editions", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element if(!$context->editions) {
if(sizeof($context->editions) > 50) throw new Db\ExceptionInput("tooLong", ['field' => "editions", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements throw new Db\ExceptionInput("tooShort", ['field' => "editions", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element
} else if(sizeof($context->editions) > 50) {
throw new Db\ExceptionInput("tooLong", ['field' => "editions", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements
}
list($inParams, $inTypes) = $this->generateIn($context->editions, "int"); list($inParams, $inTypes) = $this->generateIn($context->editions, "int");
$q->setCTE("requested_articles(id,edition)", $q->setCTE("requested_articles(id,edition)",
"SELECT article,id as edition from arsse_editions where edition in ($inParams)", "SELECT article,id as edition from arsse_editions where edition in ($inParams)",
@ -742,8 +857,11 @@ class Database {
$q->setWhere("arsse_articles.id in (select id from requested_articles)"); $q->setWhere("arsse_articles.id in (select id from requested_articles)");
} else if($context->articles()) { } else if($context->articles()) {
// if multiple specific articles have been requested, prepare a CTE to list them and their articles // if multiple specific articles have been requested, prepare a CTE to list them and their articles
if(!$context->articles) throw new Db\ExceptionInput("tooShort", ['field' => "articles", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element if(!$context->articles) {
if(sizeof($context->articles) > 50) throw new Db\ExceptionInput("tooLong", ['field' => "articles", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements throw new Db\ExceptionInput("tooShort", ['field' => "articles", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element
} else if(sizeof($context->articles) > 50) {
throw new Db\ExceptionInput("tooLong", ['field' => "articles", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements
}
list($inParams, $inTypes) = $this->generateIn($context->articles, "int"); list($inParams, $inTypes) = $this->generateIn($context->articles, "int");
$q->setCTE("requested_articles(id,edition)", $q->setCTE("requested_articles(id,edition)",
"SELECT id,(select max(id) from arsse_editions where article is arsse_articles.id) as edition from arsse_articles where arsse_articles.id in ($inParams)", "SELECT id,(select max(id) from arsse_editions where article is arsse_articles.id) as edition from arsse_articles where arsse_articles.id in ($inParams)",
@ -756,11 +874,19 @@ class Database {
$q->setCTE("requested_articles(id,edition)", "SELECT 'empty','table' where 1 is 0"); $q->setCTE("requested_articles(id,edition)", "SELECT 'empty','table' where 1 is 0");
} }
// filter based on edition offset // filter based on edition offset
if($context->oldestEdition()) $q->setWhere("edition >= ?", "int", $context->oldestEdition); if($context->oldestEdition()) {
if($context->latestEdition()) $q->setWhere("edition <= ?", "int", $context->latestEdition); $q->setWhere("edition >= ?", "int", $context->oldestEdition);
}
if($context->latestEdition()) {
$q->setWhere("edition <= ?", "int", $context->latestEdition);
}
// filter based on lastmod time // filter based on lastmod time
if($context->modifiedSince()) $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince); if($context->modifiedSince()) {
if($context->notModifiedSince()) $q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince); $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince);
}
if($context->notModifiedSince()) {
$q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince);
}
// push the current query onto the CTE stack and execute the query we're actually interested in // push the current query onto the CTE stack and execute the query we're actually interested in
$q->pushCTE("target_articles(id,edition,modified_date,to_insert,honour_read,honour_star)"); $q->pushCTE("target_articles(id,edition,modified_date,to_insert,honour_read,honour_star)");
$q->setBody($query); $q->setBody($query);
@ -783,7 +909,9 @@ class Database {
arsse_articles.id is ? and arsse_subscriptions.owner is ?", arsse_articles.id is ? and arsse_subscriptions.owner is ?",
"int", "str" "int", "str"
)->run($id, $user)->getRow(); )->run($id, $user)->getRow();
if(!$out) throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "article", 'id' => $id]); if(!$out) {
throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "article", 'id' => $id]);
}
return $out; return $out;
} }
@ -801,7 +929,9 @@ class Database {
edition is ? and arsse_subscriptions.owner is ?", edition is ? and arsse_subscriptions.owner is ?",
"int", "str" "int", "str"
)->run($id, $user)->getRow(); )->run($id, $user)->getRow();
if(!$out) throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "edition", 'id' => $id]); if(!$out) {
throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "edition", 'id' => $id]);
}
return $out; return $out;
} }
} }

16
lib/Db/AbstractDriver.php
View File

@ -35,7 +35,9 @@ abstract class AbstractDriver implements Driver {
} }
public function savepointRelease(int $index = null): bool { public function savepointRelease(int $index = null): bool {
if(is_null($index)) $index = $this->transDepth; if(is_null($index)) {
$index = $this->transDepth;
}
if(array_key_exists($index, $this->transStatus)) { if(array_key_exists($index, $this->transStatus)) {
switch($this->transStatus[$index]) { switch($this->transStatus[$index]) {
case self::TR_PEND: case self::TR_PEND:
@ -43,7 +45,9 @@ abstract class AbstractDriver implements Driver {
$this->transStatus[$index] = self::TR_COMMIT; $this->transStatus[$index] = self::TR_COMMIT;
$a = $index; $a = $index;
while(++$a && $a <= $this->transDepth) { while(++$a && $a <= $this->transDepth) {
if($this->transStatus[$a] <= self::TR_PEND) $this->transStatus[$a] = self::TR_PEND_COMMIT; if($this->transStatus[$a] <= self::TR_PEND) {
$this->transStatus[$a] = self::TR_PEND_COMMIT;
}
} }
$out = true; $out = true;
break; break;
@ -78,7 +82,9 @@ abstract class AbstractDriver implements Driver {
} }
public function savepointUndo(int $index = null): bool { public function savepointUndo(int $index = null): bool {
if(is_null($index)) $index = $this->transDepth; if(is_null($index)) {
$index = $this->transDepth;
}
if(array_key_exists($index, $this->transStatus)) { if(array_key_exists($index, $this->transStatus)) {
switch($this->transStatus[$index]) { switch($this->transStatus[$index]) {
case self::TR_PEND: case self::TR_PEND:
@ -87,7 +93,9 @@ abstract class AbstractDriver implements Driver {
$this->transStatus[$index] = self::TR_ROLLBACK; $this->transStatus[$index] = self::TR_ROLLBACK;
$a = $index; $a = $index;
while(++$a && $a <= $this->transDepth) { while(++$a && $a <= $this->transDepth) {
if($this->transStatus[$a] <= self::TR_PEND) $this->transStatus[$a] = self::TR_PEND_ROLLBACK; if($this->transStatus[$a] <= self::TR_PEND) {
$this->transStatus[$a] = self::TR_PEND_ROLLBACK;
}
} }
$out = true; $out = true;
break; break;

24
lib/Db/AbstractStatement.php
View File

@ -20,7 +20,9 @@ abstract class AbstractStatement implements Statement {
} }
public function rebindArray(array $bindings, bool $append = false): bool { public function rebindArray(array $bindings, bool $append = false): bool {
if(!$append) $this->types = []; if(!$append) {
$this->types = [];
}
foreach($bindings as $binding) { foreach($bindings as $binding) {
if(is_array($binding)) { if(is_array($binding)) {
// recursively flatten any arrays, which may be provided for SET or IN() clauses // recursively flatten any arrays, which may be provided for SET or IN() clauses
@ -34,7 +36,9 @@ abstract class AbstractStatement implements Statement {
} else { } else {
$this->isNullable[] = true; $this->isNullable[] = true;
} }
if(!array_key_exists($binding, self::TYPES)) throw new Exception("paramTypeInvalid", $binding); if(!array_key_exists($binding, self::TYPES)) {
throw new Exception("paramTypeInvalid", $binding);
}
$this->types[] = self::TYPES[$binding]; $this->types[] = self::TYPES[$binding];
} }
} }
@ -44,13 +48,19 @@ abstract class AbstractStatement implements Statement {
protected function cast($v, string $t, bool $nullable) { protected function cast($v, string $t, bool $nullable) {
switch($t) { switch($t) {
case "date": case "date":
if(is_null($v) && !$nullable) $v = 0; if(is_null($v) && !$nullable) {
$v = 0;
}
return Date::transform($v, "date"); return Date::transform($v, "date");
case "time": case "time":
if(is_null($v) && !$nullable) $v = 0; if(is_null($v) && !$nullable) {
$v = 0;
}
return Date::transform($v, "time"); return Date::transform($v, "time");
case "datetime": case "datetime":
if(is_null($v) && !$nullable) $v = 0; if(is_null($v) && !$nullable) {
$v = 0;
}
return Date::transform($v, "sql"); return Date::transform($v, "sql");
case "null": case "null":
case "integer": case "integer":
@ -58,7 +68,9 @@ abstract class AbstractStatement implements Statement {
case "binary": case "binary":
case "string": case "string":
case "boolean": case "boolean":
if($t=="binary") $t = "string"; if($t=="binary") {
$t = "string";
}
if($v instanceof \DateTimeInterface) { if($v instanceof \DateTimeInterface) {
if($t=="string") { if($t=="string") {
return Date::transform($v, "sql"); return Date::transform($v, "sql");

8
lib/Db/SQLite3/Statement.php
View File

@ -59,7 +59,9 @@ class Statement extends \JKingWeb\Arsse\Db\AbstractStatement {
$a += $this->bindValues($value, $a); $a += $this->bindValues($value, $a);
} else if(array_key_exists($a,$this->types)) { } else if(array_key_exists($a,$this->types)) {
// if the parameter type is something other than the known values, this is an error // if the parameter type is something other than the known values, this is an error
if(!array_key_exists($this->types[$a], self::BINDINGS)) throw new Exception("paramTypeUnknown", $this->types[$a]); if(!array_key_exists($this->types[$a], self::BINDINGS)) {
throw new Exception("paramTypeUnknown", $this->types[$a]);
}
// if the parameter type is null or the value is null (and the type is nullable), just bind null // if the parameter type is null or the value is null (and the type is nullable), just bind null
if($this->types[$a]=="null" || ($this->isNullable[$a] && is_null($value))) { if($this->types[$a]=="null" || ($this->isNullable[$a] && is_null($value))) {
$this->st->bindValue($a+1, null, \SQLITE3_NULL); $this->st->bindValue($a+1, null, \SQLITE3_NULL);
@ -68,7 +70,9 @@ class Statement extends \JKingWeb\Arsse\Db\AbstractStatement {
$type = self::BINDINGS[$this->types[$a]]; $type = self::BINDINGS[$this->types[$a]];
$value = $this->cast($value, $this->types[$a], $this->isNullable[$a]); $value = $this->cast($value, $this->types[$a], $this->isNullable[$a]);
// re-adjust for null casts // re-adjust for null casts
if($value===null) $type = \SQLITE3_NULL; if($value===null) {
$type = \SQLITE3_NULL;
}
// perform binding // perform binding
$this->st->bindValue($a+1, $value, $type); $this->st->bindValue($a+1, $value, $type);
} }

80
lib/Feed.php
View File

@ -42,11 +42,17 @@ class Feed {
// ascertain whether there are any articles not in the database // ascertain whether there are any articles not in the database
$this->matchToDatabase($feedID); $this->matchToDatabase($feedID);
// if caching header fields are not sent by the server, try to ascertain a last-modified date from the feed contents // if caching header fields are not sent by the server, try to ascertain a last-modified date from the feed contents
if(!$this->lastModified) $this->lastModified = $this->computeLastModified(); if(!$this->lastModified) {
$this->lastModified = $this->computeLastModified();
}
// we only really care if articles have been modified; if there are no new articles, act as if the feed is unchanged // we only really care if articles have been modified; if there are no new articles, act as if the feed is unchanged
if(!sizeof($this->newItems) && !sizeof($this->changedItems)) $this->modified = false; if(!sizeof($this->newItems) && !sizeof($this->changedItems)) {
$this->modified = false;
}
// if requested, scrape full content for any new and changed items // if requested, scrape full content for any new and changed items
if($scrape) $this->scrape(); if($scrape) {
$this->scrape();
}
} }
// compute the time at which the feed should next be fetched // compute the time at which the feed should next be fetched
$this->nextFetch = $this->computeNextFetch(); $this->nextFetch = $this->computeNextFetch();
@ -116,11 +122,17 @@ class Feed {
// prefer an Atom ID as the item's ID // prefer an Atom ID as the item's ID
$id = (string) $f->xml->children('http://www.w3.org/2005/Atom')->id; $id = (string) $f->xml->children('http://www.w3.org/2005/Atom')->id;
// otherwise use the RSS2 guid element // otherwise use the RSS2 guid element
if(!strlen($id)) $id = (string) $f->xml->guid; if(!strlen($id)) {
$id = (string) $f->xml->guid;
}
// otherwise use the Dublin Core identifier element // otherwise use the Dublin Core identifier element
if(!strlen($id)) $id = (string) $f->xml->children('http://purl.org/dc/elements/1.1/')->identifier; if(!strlen($id)) {
$id = (string) $f->xml->children('http://purl.org/dc/elements/1.1/')->identifier;
}
// otherwise there is no ID; if there is one, hash it // otherwise there is no ID; if there is one, hash it
if(strlen($id)) $f->id = hash('sha256', $id); if(strlen($id)) {
$f->id = hash('sha256', $id);
}
// PicoFeed also doesn't gather up categories, so we do this as well // PicoFeed also doesn't gather up categories, so we do this as well
$f->categories = []; $f->categories = [];
@ -129,19 +141,27 @@ class Feed {
// if the category has a label, use that // if the category has a label, use that
$name = (string) $c->attributes()->label; $name = (string) $c->attributes()->label;
// otherwise use the term // otherwise use the term
if(!strlen($name)) $name = (string) $c->attributes()->term; if(!strlen($name)) {
$name = (string) $c->attributes()->term;
}
// ... assuming it has that much // ... assuming it has that much
if(strlen($name)) $f->categories[] = $name; if(strlen($name)) {
$f->categories[] = $name;
}
} }
// next add RSS2 categories // next add RSS2 categories
foreach($f->xml->children()->category as $c) { foreach($f->xml->children()->category as $c) {
$name = (string) $c; $name = (string) $c;
if(strlen($name)) $f->categories[] = $name; if(strlen($name)) {
$f->categories[] = $name;
}
} }
// and finally try Dublin Core subjects // and finally try Dublin Core subjects
foreach($f->xml->children('http://purl.org/dc/elements/1.1/')->subject as $c) { foreach($f->xml->children('http://purl.org/dc/elements/1.1/')->subject as $c) {
$name = (string) $c; $name = (string) $c;
if(strlen($name)) $f->categories[] = $name; if(strlen($name)) {
$f->categories[] = $name;
}
} }
//sort the results //sort the results
sort($f->categories); sort($f->categories);
@ -161,7 +181,9 @@ class Feed {
foreach($items as $item) { foreach($items as $item) {
foreach($out as $index => $check) { foreach($out as $index => $check) {
// if the two items both have IDs and they differ, they do not match, regardless of hashes // if the two items both have IDs and they differ, they do not match, regardless of hashes
if($item->id && $check->id && $item->id != $check->id) continue; if($item->id && $check->id && $item->id != $check->id) {
continue;
}
// if the two items have the same ID or any one hash matches, they are two versions of the same item // if the two items have the same ID or any one hash matches, they are two versions of the same item
if( if(
($item->id && $check->id && $item->id == $check->id) || ($item->id && $check->id && $item->id == $check->id) ||
@ -208,10 +230,18 @@ class Feed {
// if we need to, perform a second pass on the database looking specifically for IDs and hashes of the new items // if we need to, perform a second pass on the database looking specifically for IDs and hashes of the new items
$ids = $hashesUT = $hashesUC = $hashesTC = []; $ids = $hashesUT = $hashesUC = $hashesTC = [];
foreach($this->newItems as $i) { foreach($this->newItems as $i) {
if($i->id) $ids[] = $i->id; if($i->id) {
if($i->urlTitleHash) $hashesUT[] = $i->urlTitleHash; $ids[] = $i->id;
if($i->urlContentHash) $hashesUC[] = $i->urlContentHash; }
if($i->titleContentHash) $hashesTC[] = $i->titleContentHash; if($i->urlTitleHash) {
$hashesUT[] = $i->urlTitleHash;
}
if($i->urlContentHash) {
$hashesUC[] = $i->urlContentHash;
}
if($i->titleContentHash) {
$hashesTC[] = $i->titleContentHash;
}
} }
$articles = Arsse::$db->feedMatchIds($feedID, $ids, $hashesUT, $hashesUC, $hashesTC)->getAll(); $articles = Arsse::$db->feedMatchIds($feedID, $ids, $hashesUT, $hashesUC, $hashesTC)->getAll();
list($this->newItems, $changed) = $this->matchItems($this->newItems, $articles); list($this->newItems, $changed) = $this->matchItems($this->newItems, $articles);
@ -228,7 +258,9 @@ class Feed {
$found = false; $found = false;
foreach($articles as $a) { foreach($articles as $a) {
// if the item has an ID and it doesn't match the article ID, the two don't match, regardless of hashes // if the item has an ID and it doesn't match the article ID, the two don't match, regardless of hashes
if($i->id && $i->id !== $a['guid']) continue; if($i->id && $i->id !== $a['guid']) {
continue;
}
if( if(
// the item matches if the GUID matches... // the item matches if the GUID matches...
($i->id && $i->id === $a['guid']) || ($i->id && $i->id === $a['guid']) ||
@ -255,7 +287,9 @@ class Feed {
} }
} }
} }
if(!$found) $new[] = $i; if(!$found) {
$new[] = $i;
}
} }
return [$new, $edited]; return [$new, $edited];
} }
@ -319,7 +353,9 @@ class Feed {
} }
protected function computeLastModified() { protected function computeLastModified() {
if(!$this->modified) return $this->lastModified; if(!$this->modified) {
return $this->lastModified;
}
$dates = $this->gatherDates(); $dates = $this->gatherDates();
if(sizeof($dates)) { if(sizeof($dates)) {
return Date::normalize($dates[0]); return Date::normalize($dates[0]);
@ -331,8 +367,12 @@ class Feed {
protected function gatherDates(): array { protected function gatherDates(): array {
$dates = []; $dates = [];
foreach($this->data->items as $item) { foreach($this->data->items as $item) {
if($item->updatedDate) $dates[] = $item->updatedDate->getTimestamp(); if($item->updatedDate) {
if($item->publishedDate) $dates[] = $item->publishedDate->getTimestamp(); $dates[] = $item->updatedDate->getTimestamp();
}
if($item->publishedDate) {
$dates[] = $item->publishedDate->getTimestamp();
}
} }
$dates = array_unique($dates, \SORT_NUMERIC); $dates = array_unique($dates, \SORT_NUMERIC);
rsort($dates); rsort($dates);

55
lib/Lang.php
View File

@ -29,24 +29,32 @@ class Lang {
public function set(string $locale, bool $immediate = false): string { public function set(string $locale, bool $immediate = false): string {
// make sure the Intl extension is loaded // make sure the Intl extension is loaded
if(!static::$requirementsMet) static::checkRequirements(); if(!static::$requirementsMet) {
static::checkRequirements();
}
// if requesting the same locale as already wanted, just return (but load first if we've requested an immediate load) // if requesting the same locale as already wanted, just return (but load first if we've requested an immediate load)
if($locale==$this->wanted) { if($locale==$this->wanted) {
if($immediate && !$this->synched) $this->load(); if($immediate && !$this->synched) {
$this->load();
}
return $locale; return $locale;
} }
// if we've requested a locale other than the null locale, fetch the list of available files and find the closest match e.g. en_ca_somedialect -> en_ca // if we've requested a locale other than the null locale, fetch the list of available files and find the closest match e.g. en_ca_somedialect -> en_ca
if($locale != "") { if($locale != "") {
$list = $this->listFiles(); $list = $this->listFiles();
// if the default locale is unavailable, this is (for now) an error // if the default locale is unavailable, this is (for now) an error
if(!in_array(self::DEFAULT, $list)) throw new Lang\Exception("defaultFileMissing", self::DEFAULT); if(!in_array(self::DEFAULT, $list)) {
throw new Lang\Exception("defaultFileMissing", self::DEFAULT);
}
$this->wanted = $this->match($locale, $list); $this->wanted = $this->match($locale, $list);
} else { } else {
$this->wanted = ""; $this->wanted = "";
} }
$this->synched = false; $this->synched = false;
// load right now if asked to, otherwise load later when actually required // load right now if asked to, otherwise load later when actually required
if($immediate) $this->load(); if($immediate) {
$this->load();
}
return $this->wanted; return $this->wanted;
} }
@ -74,7 +82,9 @@ class Lang {
} }
// if the requested message is not present in any of the currently loaded language files, throw an exception // if the requested message is not present in any of the currently loaded language files, throw an exception
// note that this is indicative of a programming error since the default locale should have all strings // note that this is indicative of a programming error since the default locale should have all strings
if(!array_key_exists($msgID, $this->strings)) throw new Lang\Exception("stringMissing", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]); if(!array_key_exists($msgID, $this->strings)) {
throw new Lang\Exception("stringMissing", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]);
}
$msg = $this->strings[$msgID]; $msg = $this->strings[$msgID];
// variables fed to MessageFormatter must be contained in an array // variables fed to MessageFormatter must be contained in an array
if($vars===null) { if($vars===null) {
@ -84,7 +94,9 @@ class Lang {
$vars = [$vars]; $vars = [$vars];
} }
$msg = \MessageFormatter::formatMessage($this->locale, $msg, $vars); $msg = \MessageFormatter::formatMessage($this->locale, $msg, $vars);
if($msg===false) throw new Lang\Exception("stringInvalid", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]); if($msg===false) {
throw new Lang\Exception("stringInvalid", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]);
}
return $msg; return $msg;
} }
@ -98,13 +110,17 @@ class Lang {
} }
public function match(string $locale, array $list = null): string { public function match(string $locale, array $list = null): string {
if($list===null) $list = $this->listFiles(); if($list===null) {
$list = $this->listFiles();
}
$default = ($this->locale=="") ? self::DEFAULT : $this->locale; $default = ($this->locale=="") ? self::DEFAULT : $this->locale;
return \Locale::lookup($list,$locale, true, $default); return \Locale::lookup($list,$locale, true, $default);
} }
static protected function checkRequirements(): bool { static protected function checkRequirements(): bool {
if(!extension_loaded("intl")) throw new ExceptionFatal("The \"Intl\" extension is required, but not loaded"); if(!extension_loaded("intl")) {
throw new ExceptionFatal("The \"Intl\" extension is required, but not loaded");
}
static::$requirementsMet = true; static::$requirementsMet = true;
return true; return true;
} }
@ -128,7 +144,9 @@ class Lang {
} }
protected function load(): bool { protected function load(): bool {
if(!self::$requirementsMet) self::checkRequirements(); if(!self::$requirementsMet) {
self::checkRequirements();
}
// if we've requested no locale (""), just load the fallback strings and return // if we've requested no locale (""), just load the fallback strings and return
if($this->wanted=="") { if($this->wanted=="") {
$this->strings = self::REQUIRED; $this->strings = self::REQUIRED;
@ -144,13 +162,17 @@ class Lang {
$tag = array_pop($tags); $tag = array_pop($tags);
} }
// include the default locale as the base if the most general locale requested is not the default // include the default locale as the base if the most general locale requested is not the default
if($tag != self::DEFAULT) $files[] = self::DEFAULT; if($tag != self::DEFAULT) {
$files[] = self::DEFAULT;
}
// save the list of files to be loaded for later reference // save the list of files to be loaded for later reference
$loaded = $files; $loaded = $files;
// reduce the list of files to be loaded to the minimum necessary (e.g. if we go from "fr" to "fr_ca", we don't need to load "fr" or "en") // reduce the list of files to be loaded to the minimum necessary (e.g. if we go from "fr" to "fr_ca", we don't need to load "fr" or "en")
$files = []; $files = [];
foreach($loaded as $file) { foreach($loaded as $file) {
if($file==$this->locale) break; if($file==$this->locale) {
break;
}
$files[] = $file; $files[] = $file;
} }
// if we need to load all files, start with the fallback strings // if we need to load all files, start with the fallback strings
@ -164,8 +186,11 @@ class Lang {
// read files in reverse order // read files in reverse order
$files = array_reverse($files); $files = array_reverse($files);
foreach($files as $file) { foreach($files as $file) {
if(!file_exists($this->path."$file.php")) throw new Lang\Exception("fileMissing", $file); if(!file_exists($this->path."$file.php")) {
if(!is_readable($this->path."$file.php")) throw new Lang\Exception("fileUnreadable", $file); throw new Lang\Exception("fileMissing", $file);
} else if(!is_readable($this->path."$file.php")) {
throw new Lang\Exception("fileUnreadable", $file);
}
try { try {
// we use output buffering in case the language file is corrupted // we use output buffering in case the language file is corrupted
ob_start(); ob_start();
@ -175,7 +200,9 @@ class Lang {
} finally { } finally {
ob_end_clean(); ob_end_clean();
} }
if(!is_array($arr)) throw new Lang\Exception("fileCorrupt", $file); if(!is_array($arr)) {
throw new Lang\Exception("fileCorrupt", $file);
}
$strings[] = $arr; $strings[] = $arr;
} }
// apply the results and return // apply the results and return

20
lib/Misc/Context.php
View File

@ -36,15 +36,17 @@ class Context {
$spec = array_values($spec); $spec = array_values($spec);
for($a = 0; $a < sizeof($spec); $a++) { for($a = 0; $a < sizeof($spec); $a++) {
$id = $spec[$a]; $id = $spec[$a];
if(is_int($id) && $id > -1) continue; if(is_int($id) && $id > -1) {
if(is_float($id) && !fmod($id, 1) && $id >= 0) { continue;
} else if(is_float($id) && !fmod($id, 1) && $id >= 0) {
$spec[$a] = (int) $id; $spec[$a] = (int) $id;
continue; continue;
} } else if(is_string($id)) {
if(is_string($id)) {
$ch1 = strval(@intval($id)); $ch1 = strval(@intval($id));
$ch2 = strval($id); $ch2 = strval($id);
if($ch1 !== $ch2 || $id < 1) $id = 0; if($ch1 !== $ch2 || $id < 1) {
$id = 0;
}
} else { } else {
$id = 0; $id = 0;
} }
@ -108,12 +110,16 @@ class Context {
} }
function editions(array $spec = null) { function editions(array $spec = null) {
if($spec) $spec = $this->cleanArray($spec); if($spec) {
$spec = $this->cleanArray($spec);
}
return $this->act(__FUNCTION__, func_num_args(), $spec); return $this->act(__FUNCTION__, func_num_args(), $spec);
} }
function articles(array $spec = null) { function articles(array $spec = null) {
if($spec) $spec = $this->cleanArray($spec); if($spec) {
$spec = $this->cleanArray($spec);
}
return $this->act(__FUNCTION__, func_num_args(), $spec); return $this->act(__FUNCTION__, func_num_args(), $spec);
} }
} }

8
lib/Misc/Date.php
View File

@ -6,9 +6,13 @@ class Date {
static function transform($date, string $outFormat = null, string $inFormat = null, bool $inLocal = false) { static function transform($date, string $outFormat = null, string $inFormat = null, bool $inLocal = false) {
$date = self::normalize($date, $inFormat, $inLocal); $date = self::normalize($date, $inFormat, $inLocal);
if(is_null($date) || is_null($outFormat)) return $date; if(is_null($date) || is_null($outFormat)) {
return $date;
}
$outFormat = strtolower($outFormat); $outFormat = strtolower($outFormat);
if($outFormat=="unix") return $date->getTimestamp(); if($outFormat=="unix") {
return $date->getTimestamp();
}
switch ($outFormat) { switch ($outFormat) {
case 'http': $f = "D, d M Y H:i:s \G\M\T"; break; case 'http': $f = "D, d M Y H:i:s \G\M\T"; break;
case 'iso8601': $f = "Y-m-d\TH:i:s"; break; case 'iso8601': $f = "Y-m-d\TH:i:s"; break;

8
lib/Misc/Query.php
View File

@ -37,7 +37,9 @@ class Query {
$this->tCTE[] = $types; $this->tCTE[] = $types;
$this->vCTE[] = $values; $this->vCTE[] = $values;
} }
if(strlen($join)) $this->jCTE[] = $join; // the CTE might only participate in subqueries rather than a join on the main query if(strlen($join)) { // the CTE might only participate in subqueries rather than a join on the main query
$this->jCTE[] = $join;
}
return true; return true;
} }
@ -77,7 +79,9 @@ class Query {
$this->vWhere = []; $this->vWhere = [];
$this->order = []; $this->order = [];
$this->setLimit(0,0); $this->setLimit(0,0);
if(strlen($join)) $this->jCTE[] = $join; if(strlen($join)) {
$this->jCTE[] = $join;
}
return true; return true;
} }

8
lib/REST.php
View File

@ -31,7 +31,9 @@ class REST {
} }
function dispatch(REST\Request $req = null): bool { function dispatch(REST\Request $req = null): bool {
if($req===null) $req = new REST\Request(); if($req===null) {
$req = new REST\Request();
}
$api = $this->apiMatch($req->url, $this->apis); $api = $this->apiMatch($req->url, $this->apis);
$req->url = substr($req->url,strlen($this->apis[$api]['strip'])); $req->url = substr($req->url,strlen($this->apis[$api]['strip']));
$req->refreshURL(); $req->refreshURL();
@ -62,7 +64,9 @@ class REST {
uasort($map, function($a, $b) {return (strlen($a['match']) <=> strlen($b['match'])) * -1;}); uasort($map, function($a, $b) {return (strlen($a['match']) <=> strlen($b['match'])) * -1;});
// find a match // find a match
foreach($map as $id => $api) { foreach($map as $id => $api) {
if(strpos($url, $api['match'])===0) return $id; if(strpos($url, $api['match'])===0) {
return $id;
}
} }
// or throw an exception otherwise // or throw an exception otherwise
throw new REST\Exception501(); throw new REST\Exception501();

24
lib/REST/AbstractHandler.php
View File

@ -50,7 +50,9 @@ abstract class AbstractHandler implements Handler {
} }
switch($types[$key]) { switch($types[$key]) {
case "int": case "int":
if($this->validateInt($value)) $out[$key] = (int) $value; if($this->validateInt($value)) {
$out[$key] = (int) $value;
}
break; break;
case "string": case "string":
$out[$key] = (string) $value; $out[$key] = (string) $value;
@ -60,19 +62,29 @@ abstract class AbstractHandler implements Handler {
$out[$key] = $value; $out[$key] = $value;
} else if($this->validateInt($value)) { } else if($this->validateInt($value)) {
$value = (int) $value; $value = (int) $value;
if($value > -1 && $value < 2) $out[$key] = $value; if($value > -1 && $value < 2) {
$out[$key] = $value;
}
} else if(is_string($value)) { } else if(is_string($value)) {
$value = trim(strtolower($value)); $value = trim(strtolower($value));
if($value=="false") $out[$key] = false; if($value=="false") {
if($value=="true") $out[$key] = true; $out[$key] = false;
}
if($value=="true") {
$out[$key] = true;
}
} }
break; break;
case "float": case "float":
if(is_numeric($value)) $out[$key] = (float) $value; if(is_numeric($value)) {
$out[$key] = (float) $value;
}
break; break;
case "datetime": case "datetime":
$t = Date::normalize($value, $dateFormat); $t = Date::normalize($value, $dateFormat);
if($t) $out[$key] = $t; if($t) {
$out[$key] = $t;
}
break; break;
default: default:
throw new Exception("typeUnknown", $types[$key]); throw new Exception("typeUnknown", $types[$key]);

90
lib/REST/NextCloudNews/V1_2.php
View File

@ -40,13 +40,15 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
function dispatch(\JKingWeb\Arsse\REST\Request $req): Response { function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
// try to authenticate // try to authenticate
if(!Arsse::$user->authHTTP()) return new Response(401, "", "", ['WWW-Authenticate: Basic realm="'.self::REALM.'"']); if(!Arsse::$user->authHTTP()) {
// only accept GET, POST, PUT, or DELETE return new Response(401, "", "", ['WWW-Authenticate: Basic realm="'.self::REALM.'"']);
if(!in_array($req->method, ["GET", "POST", "PUT", "DELETE"])) return new Response(405, "", "", ['Allow: GET, POST, PUT, DELETE']); }
// normalize the input // normalize the input
if($req->body) { if($req->body) {
// if the entity body is not JSON according to content type, return "415 Unsupported Media Type" // if the entity body is not JSON according to content type, return "415 Unsupported Media Type"
if(!preg_match("<^application/json\b|^$>", $req->type)) return new Response(415, "", "", ['Accept: application/json']); if(!preg_match("<^application/json\b|^$>", $req->type)) {
return new Response(415, "", "", ['Accept: application/json']);
}
$data = @json_decode($req->body, true); $data = @json_decode($req->body, true);
if(json_last_error() != \JSON_ERROR_NONE) { if(json_last_error() != \JSON_ERROR_NONE) {
// if the body could not be parsed as JSON, return "400 Bad Request" // if the body could not be parsed as JSON, return "400 Bad Request"
@ -68,7 +70,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
} catch(Exception405 $e) { } catch(Exception405 $e) {
return new Response(405, "", "", ["Allow: ".$e->getMessage()]); return new Response(405, "", "", ["Allow: ".$e->getMessage()]);
} }
if(!method_exists($this, $func)) return new Response(501); if(!method_exists($this, $func)) {
return new Response(501);
}
// dispatch // dispatch
try { try {
return $this->$func($req->paths, $data); return $this->$func($req->paths, $data);
@ -129,12 +133,16 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
$scope = $url[0]; $scope = $url[0];
// any URL components which are only digits should be replaced with "0", for easier comparison (integer segments are IDs, and we don't care about the specific ID) // any URL components which are only digits should be replaced with "0", for easier comparison (integer segments are IDs, and we don't care about the specific ID)
for($a = 0; $a < sizeof($url); $a++) { for($a = 0; $a < sizeof($url); $a++) {
if($this->validateInt($url[$a])) $url[$a] = "0"; if($this->validateInt($url[$a])) {
$url[$a] = "0";
}
} }
// normalize the HTTP method to uppercase // normalize the HTTP method to uppercase
$method = strtoupper($method); $method = strtoupper($method);
// if the scope is not supported, return 501 // if the scope is not supported, return 501
if(!array_key_exists($scope, $choices)) throw new Exception501(); if(!array_key_exists($scope, $choices)) {
throw new Exception501();
}
// we now evaluate the supplied URL against every supported path for the selected scope // we now evaluate the supplied URL against every supported path for the selected scope
// the URL is evaluated as an array so as to avoid decoded escapes turning invalid URLs into valid ones // the URL is evaluated as an array so as to avoid decoded escapes turning invalid URLs into valid ones
foreach($choices[$scope] as $path => $funcs) { foreach($choices[$scope] as $path => $funcs) {
@ -251,7 +259,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// rename a folder (also supports moving nesting folders, but this is not a feature of the API) // rename a folder (also supports moving nesting folders, but this is not a feature of the API)
protected function folderRename(array $url, array $data): Response { protected function folderRename(array $url, array $data): Response {
// there must be some change to be made // there must be some change to be made
if(!sizeof($data)) return new Response(422); if(!sizeof($data)) {
return new Response(422);
}
// perform the edit // perform the edit
try { try {
Arsse::$db->folderPropertiesSet(Arsse::$user->id, (int) $url[1], $data); Arsse::$db->folderPropertiesSet(Arsse::$user->id, (int) $url[1], $data);
@ -296,7 +306,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// return list of feeds which should be refreshed // return list of feeds which should be refreshed
protected function feedListStale(array $url, array $data): Response { protected function feedListStale(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// list stale feeds which should be checked for updates // list stale feeds which should be checked for updates
$feeds = Arsse::$db->feedListStale(); $feeds = Arsse::$db->feedListStale();
$out = []; $out = [];
@ -310,9 +322,13 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// refresh a feed // refresh a feed
protected function feedUpdate(array $url, array $data): Response { protected function feedUpdate(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// perform an update of a single feed // perform an update of a single feed
if(!isset($data['feedId'])) return new Response(422); if(!isset($data['feedId'])) {
return new Response(422);
}
try { try {
Arsse::$db->feedUpdate($data['feedId']); Arsse::$db->feedUpdate($data['feedId']);
} catch(ExceptionInput $e) { } catch(ExceptionInput $e) {
@ -324,7 +340,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// add a new feed // add a new feed
protected function subscriptionAdd(array $url, array $data): Response { protected function subscriptionAdd(array $url, array $data): Response {
// normalize the feed URL // normalize the feed URL
if(!isset($data['url'])) return new Response(422); if(!isset($data['url'])) {
return new Response(422);
}
// normalize the folder ID, if specified; zero should be transformed to null // normalize the folder ID, if specified; zero should be transformed to null
$folder = (isset($data['folderId']) && $data['folderId']) ? $data['folderId'] : null; $folder = (isset($data['folderId']) && $data['folderId']) ? $data['folderId'] : null;
// try to add the feed // try to add the feed
@ -350,7 +368,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
$feed = $this->feedTranslate($feed); $feed = $this->feedTranslate($feed);
$out = ['feeds' => [$feed]]; $out = ['feeds' => [$feed]];
$newest = Arsse::$db->editionLatest(Arsse::$user->id, (new Context)->subscription($id)); $newest = Arsse::$db->editionLatest(Arsse::$user->id, (new Context)->subscription($id));
if($newest) $out['newestItemId'] = $newest; if($newest) {
$out['newestItemId'] = $newest;
}
return new Response(200, $out); return new Response(200, $out);
} }
@ -364,7 +384,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
$out = ['feeds' => $out]; $out = ['feeds' => $out];
$out['starredCount'] = Arsse::$db->articleStarredCount(Arsse::$user->id); $out['starredCount'] = Arsse::$db->articleStarredCount(Arsse::$user->id);
$newest = Arsse::$db->editionLatest(Arsse::$user->id); $newest = Arsse::$db->editionLatest(Arsse::$user->id);
if($newest) $out['newestItemId'] = $newest; if($newest) {
$out['newestItemId'] = $newest;
}
return new Response(200, $out); return new Response(200, $out);
} }
@ -456,7 +478,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// set the context options supplied by the client // set the context options supplied by the client
$c = new Context; $c = new Context;
// set the batch size // set the batch size
if(isset($data['batchSize']) && $data['batchSize'] > 0) $c->limit($data['batchSize']); if(isset($data['batchSize']) && $data['batchSize'] > 0) {
$c->limit($data['batchSize']);
}
// set the order of returned items // set the order of returned items
if(isset($data['oldestFirst']) && $data['oldestFirst']) { if(isset($data['oldestFirst']) && $data['oldestFirst']) {
$c->reverse(false); $c->reverse(false);
@ -472,15 +496,23 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
} }
} }
// set whether to only return unread // set whether to only return unread
if(isset($data['getRead']) && !$data['getRead']) $c->unread(true); if(isset($data['getRead']) && !$data['getRead']) {
$c->unread(true);
}
// if no type is specified assume 3 (All) // if no type is specified assume 3 (All)
if(!isset($data['type'])) $data['type'] = 3; if(!isset($data['type'])) {
$data['type'] = 3;
}
switch($data['type']) { switch($data['type']) {
case 0: // feed case 0: // feed
if(isset($data['id'])) $c->subscription($data['id']); if(isset($data['id'])) {
$c->subscription($data['id']);
}
break; break;
case 1: // folder case 1: // folder
if(isset($data['id'])) $c->folder($data['id']); if(isset($data['id'])) {
$c->folder($data['id']);
}
break; break;
case 2: // starred case 2: // starred
$c->starred(true); $c->starred(true);
@ -489,7 +521,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// return all items // return all items
} }
// whether to return only updated items // whether to return only updated items
if(isset($data['lastModified'])) $c->modifiedSince($data['lastModified']); if(isset($data['lastModified'])) {
$c->modifiedSince($data['lastModified']);
}
// perform the fetch // perform the fetch
try { try {
$items = Arsse::$db->articleList(Arsse::$user->id, $c); $items = Arsse::$db->articleList(Arsse::$user->id, $c);
@ -557,7 +591,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// determine whether to mark read or unread // determine whether to mark read or unread
$set = ($url[1]=="read"); $set = ($url[1]=="read");
// if the input data is not at all valid, return an error // if the input data is not at all valid, return an error
if(!isset($data['items']) || !is_array($data['items'])) return new Response(422); if(!isset($data['items']) || !is_array($data['items'])) {
return new Response(422);
}
// start a transaction and loop through the items // start a transaction and loop through the items
$t = Arsse::$db->begin(); $t = Arsse::$db->begin();
$in = array_chunk($data['items'], 50); $in = array_chunk($data['items'], 50);
@ -578,7 +614,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// determine whether to mark starred or unstarred // determine whether to mark starred or unstarred
$set = ($url[1]=="star"); $set = ($url[1]=="star");
// if the input data is not at all valid, return an error // if the input data is not at all valid, return an error
if(!isset($data['items']) || !is_array($data['items'])) return new Response(422); if(!isset($data['items']) || !is_array($data['items'])) {
return new Response(422);
}
// start a transaction and loop through the items // start a transaction and loop through the items
$t = Arsse::$db->begin(); $t = Arsse::$db->begin();
$in = array_chunk(array_column($data['items'], "guidHash"), 50); $in = array_chunk(array_column($data['items'], "guidHash"), 50);
@ -617,14 +655,18 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
protected function cleanupBefore(array $url, array $data): Response { protected function cleanupBefore(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// FIXME: stub // FIXME: stub
return new Response(204); return new Response(204);
} }
protected function cleanupAfter(array $url, array $data): Response { protected function cleanupAfter(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// FIXME: stub // FIXME: stub
return new Response(204); return new Response(204);
} }

20
lib/REST/Request.php
View File

@ -12,9 +12,15 @@ class Request {
public $body = ""; public $body = "";
function __construct(string $method = null, string $url = null, string $body = null, string $contentType = null) { function __construct(string $method = null, string $url = null, string $body = null, string $contentType = null) {
if(is_null($method)) $method = $_SERVER['REQUEST_METHOD']; if(is_null($method)) {
if(is_null($url)) $url = $_SERVER['REQUEST_URI']; $method = $_SERVER['REQUEST_METHOD'];
if(is_null($body)) $body = file_get_contents("php://input"); }
if(is_null($url)) {
$url = $_SERVER['REQUEST_URI'];
}
if(is_null($body)) {
$body = file_get_contents("php://input");
}
if(is_null($contentType)) { if(is_null($contentType)) {
if(isset($_SERVER['HTTP_CONTENT_TYPE'])) { if(isset($_SERVER['HTTP_CONTENT_TYPE'])) {
$contentType = $_SERVER['HTTP_CONTENT_TYPE']; $contentType = $_SERVER['HTTP_CONTENT_TYPE'];
@ -63,8 +69,12 @@ class Request {
if(!in_array($out['path'],["/",""])) { if(!in_array($out['path'],["/",""])) {
$paths = explode("/", $out['path']); $paths = explode("/", $out['path']);
// remove the first and last empty elements, if present (they are artefacts of the splitting; others should remain) // remove the first and last empty elements, if present (they are artefacts of the splitting; others should remain)
if(!strlen($paths[0])) array_shift($paths); if(!strlen($paths[0])) {
if(!strlen($paths[sizeof($paths)-1])) array_pop($paths); array_shift($paths);
}
if(!strlen($paths[sizeof($paths)-1])) {
array_pop($paths);
}
// %-decode each path element // %-decode each path element
$paths = array_map(function($v){return rawurldecode($v);}, $paths); $paths = array_map(function($v){return rawurldecode($v);}, $paths);
$out['paths'] = $paths; $out['paths'] = $paths;

4
lib/Service.php
View File

@ -66,7 +66,9 @@ class Service {
static function hasCheckedIn(): bool { static function hasCheckedIn(): bool {
$checkin = Arsse::$db->metaGet("service_last_checkin"); $checkin = Arsse::$db->metaGet("service_last_checkin");
// if the service has never checked in, return false // if the service has never checked in, return false
if(!$checkin) return false; if(!$checkin) {
return false;
}
// convert the check-in timestamp to a DateTime instance // convert the check-in timestamp to a DateTime instance
$checkin = Date::normalize($checkin, "sql"); $checkin = Date::normalize($checkin, "sql");
// get the checking interval // get the checking interval

2
lib/Service/Curl/Driver.php
View File

@ -42,7 +42,7 @@ class Driver implements \JKingWeb\Arsse\Service\Driver {
curl_multi_setopt($this->queue, \CURLMOPT_PIPELINING, 1); curl_multi_setopt($this->queue, \CURLMOPT_PIPELINING, 1);
} }
function qeueue(int ...$feeds): int { function queue(int ...$feeds): int {
foreach($feeds as $id) { foreach($feeds as $id) {
$h = curl_init(); $h = curl_init();
curl_setopt($h, \CURLOPT_POSTFIELDS, json_encode(['userId' => "", 'feedId' => $id])); curl_setopt($h, \CURLOPT_POSTFIELDS, json_encode(['userId' => "", 'feedId' => $id]));

160
lib/User.php
View File

@ -37,54 +37,86 @@ class User {
} }
public function __toString() { public function __toString() {
if($this->id===null) $this->credentials(); if($this->id===null) {
$this->credentials();
}
return (string) $this->id; return (string) $this->id;
} }
// checks whether the logged in user is authorized to act for the affected user (used especially when granting rights) // checks whether the logged in user is authorized to act for the affected user (used especially when granting rights)
function authorize(string $affectedUser, string $action, int $newRightsLevel = 0): bool { function authorize(string $affectedUser, string $action, int $newRightsLevel = 0): bool {
// if authorization checks are disabled (either because we're running the installer or the background updater) just return true // if authorization checks are disabled (either because we're running the installer or the background updater) just return true
if(!$this->authorizationEnabled()) return true; if(!$this->authorizationEnabled()) {
return true;
}
// if we don't have a logged-in user, fetch credentials // if we don't have a logged-in user, fetch credentials
if($this->id===null) $this->credentials(); if($this->id===null) {
$this->credentials();
}
// if the affected user is the actor and the actor is not trying to grant themselves rights, accept the request // if the affected user is the actor and the actor is not trying to grant themselves rights, accept the request
if($affectedUser==Arsse::$user->id && $action != "userRightsSet") return true; if($affectedUser==Arsse::$user->id && $action != "userRightsSet") {
return true;
}
// if we're authorizing something other than a user function and the affected user is not the actor, make sure the affected user exists // if we're authorizing something other than a user function and the affected user is not the actor, make sure the affected user exists
$this->authorizationEnabled(false); $this->authorizationEnabled(false);
if(Arsse::$user->id != $affectedUser && strpos($action, "user")!==0 && !$this->exists($affectedUser)) throw new User\Exception("doesNotExist", ["action" => $action, "user" => $affectedUser]); if(Arsse::$user->id != $affectedUser && strpos($action, "user")!==0 && !$this->exists($affectedUser)) {
throw new User\Exception("doesNotExist", ["action" => $action, "user" => $affectedUser]);
}
$this->authorizationEnabled(true); $this->authorizationEnabled(true);
// get properties of actor if not already available // get properties of actor if not already available
if(!sizeof($this->actor)) $this->actor = $this->propertiesGet(Arsse::$user->id); if(!sizeof($this->actor)) {
$this->actor = $this->propertiesGet(Arsse::$user->id);
}
$rights = $this->actor["rights"]; $rights = $this->actor["rights"];
// if actor is a global admin, accept the request // if actor is a global admin, accept the request
if($rights==User\Driver::RIGHTS_GLOBAL_ADMIN) return true; if($rights==User\Driver::RIGHTS_GLOBAL_ADMIN) {
return true;
}
// if actor is a common user, deny the request // if actor is a common user, deny the request
if($rights==User\Driver::RIGHTS_NONE) return false; if($rights==User\Driver::RIGHTS_NONE) {
return false;
}
// if actor is not some other sort of admin, deny the request // if actor is not some other sort of admin, deny the request
if(!in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN],true)) return false; if(!in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN],true)) {
return false;
}
// if actor is a domain admin/manager and domains don't match, deny the request // if actor is a domain admin/manager and domains don't match, deny the request
if(Arsse::$conf->userComposeNames && $this->actor["domain"] && $rights != User\Driver::RIGHTS_GLOBAL_MANAGER) { if(Arsse::$conf->userComposeNames && $this->actor["domain"] && $rights != User\Driver::RIGHTS_GLOBAL_MANAGER) {
$test = "@".$this->actor["domain"]; $test = "@".$this->actor["domain"];
if(substr($affectedUser,-1*strlen($test)) != $test) return false; if(substr($affectedUser,-1*strlen($test)) != $test) {
return false;
}
} }
// certain actions shouldn't check affected user's rights // certain actions shouldn't check affected user's rights
if(in_array($action, ["userRightsGet","userExists","userList"], true)) return true; if(in_array($action, ["userRightsGet","userExists","userList"], true)) {
return true;
}
if($action=="userRightsSet") { if($action=="userRightsSet") {
// setting rights above your own is not allowed // setting rights above your own is not allowed
if($newRightsLevel > $rights) return false; if($newRightsLevel > $rights) {
return false;
}
// setting yourself to rights you already have is harmless and can be allowed // setting yourself to rights you already have is harmless and can be allowed
if($this->id==$affectedUser && $newRightsLevel==$rights) return true; if($this->id==$affectedUser && $newRightsLevel==$rights) {
return true;
}
// managers can only set their own rights, and only to normal user // managers can only set their own rights, and only to normal user
if(in_array($rights, [User\Driver::RIGHTS_DOMAIN_MANAGER, User\Driver::RIGHTS_GLOBAL_MANAGER])) { if(in_array($rights, [User\Driver::RIGHTS_DOMAIN_MANAGER, User\Driver::RIGHTS_GLOBAL_MANAGER])) {
if($this->id != $affectedUser || $newRightsLevel != User\Driver::RIGHTS_NONE) return false; if($this->id != $affectedUser || $newRightsLevel != User\Driver::RIGHTS_NONE) {
return false;
}
return true; return true;
} }
} }
$affectedRights = $this->rightsGet($affectedUser); $affectedRights = $this->rightsGet($affectedUser);
// managers can only act on themselves (checked above) or regular users // managers can only act on themselves (checked above) or regular users
if(in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER]) && $affectedRights != User\Driver::RIGHTS_NONE) return false; if(in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER]) && $affectedRights != User\Driver::RIGHTS_NONE) {
return false;
}
// domain admins canot act above themselves // domain admins canot act above themselves
if(!in_array($affectedRights,[User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN])) return false; if(!in_array($affectedRights,[User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN])) {
return false;
}
return true; return true;
} }
@ -116,11 +148,15 @@ class User {
} else { } else {
$out = $this->u->auth($user, $password); $out = $this->u->auth($user, $password);
} }
if($out && !Arsse::$db->userExists($user)) $this->autoProvision($user, $password); if($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
if(Arsse::$conf->userPreAuth) { if(Arsse::$conf->userPreAuth) {
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, $password); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
return true; return true;
} else { } else {
return $this->u->auth($user, $password); return $this->u->auth($user, $password);
@ -133,7 +169,9 @@ class User {
public function authHTTP(): bool { public function authHTTP(): bool {
$cred = $this->credentials(); $cred = $this->credentials();
if(!$cred["user"]) return false; if(!$cred["user"]) {
return false;
}
return $this->auth($cred["user"], $cred["password"]); return $this->auth($cred["user"], $cred["password"]);
} }
@ -147,9 +185,13 @@ class User {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if($domain===null) { if($domain===null) {
if(!$this->authorize("@".$domain, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $domain]); if(!$this->authorize("@".$domain, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $domain]);
}
} else { } else {
if(!$this->authorize("", $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => "all users"]); if(!$this->authorize("", $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => "all users"]);
}
} }
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -160,9 +202,13 @@ class User {
} }
public function authorizationEnabled(bool $setting = null): bool { public function authorizationEnabled(bool $setting = null): bool {
if(is_null($setting)) return !$this->authz; if(is_null($setting)) {
return !$this->authz;
}
$this->authz += ($setting ? -1 : 1); $this->authz += ($setting ? -1 : 1);
if($this->authz < 0) $this->authz = 0; if($this->authz < 0) {
$this->authz = 0;
}
return !$this->authz; return !$this->authz;
} }
@ -171,9 +217,13 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userExists($user); $out = $this->u->userExists($user);
if($out && !Arsse::$db->userExists($user)) $this->autoProvision($user, ""); if($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, "");
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -189,10 +239,14 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$newPassword = $this->u->userAdd($user, $password); $newPassword = $this->u->userAdd($user, $password);
// if there was no exception and we don't have the user in the internal database, add it // if there was no exception and we don't have the user in the internal database, add it
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, $newPassword); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $newPassword);
}
return $newPassword; return $newPassword;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -207,11 +261,15 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userRemove($user); $out = $this->u->userRemove($user);
if($out && Arsse::$db->userExists($user)) { if($out && Arsse::$db->userExists($user)) {
// if the user was removed and we have it in our data, remove it there // if the user was removed and we have it in our data, remove it there
if(!Arsse::$db->userExists($user)) Arsse::$db->userRemove($user); if(!Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user);
}
} }
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
@ -227,7 +285,9 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword); $out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
if(Arsse::$db->userExists($user)) { if(Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value // if the password change was successful and the user exists, set the internal password to the same value
@ -248,7 +308,9 @@ class User {
public function propertiesGet(string $user, bool $withAvatar = false): array { public function propertiesGet(string $user, bool $withAvatar = false): array {
// prepare default values // prepare default values
$domain = null; $domain = null;
if(Arsse::$conf->userComposeNames) $domain = substr($user,strrpos($user,"@")+1); if(Arsse::$conf->userComposeNames) {
$domain = substr($user,strrpos($user,"@")+1);
}
$init = [ $init = [
"id" => $user, "id" => $user,
"name" => $user, "name" => $user,
@ -259,12 +321,18 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = array_merge($init, $this->u->userPropertiesGet($user)); $out = array_merge($init, $this->u->userPropertiesGet($user));
// remove password if it is return (not exhaustive, but...) // remove password if it is return (not exhaustive, but...)
if(array_key_exists('password', $out)) unset($out['password']); if(array_key_exists('password', $out)) {
unset($out['password']);
}
// if the user does not exist in the internal database, add it // if the user does not exist in the internal database, add it
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, "", $out); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, "", $out);
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -278,13 +346,17 @@ class User {
public function propertiesSet(string $user, array $properties): array { public function propertiesSet(string $user, array $properties): array {
// remove from the array any values which should be set specially // remove from the array any values which should be set specially
foreach(['id', 'domain', 'password', 'rights'] as $key) { foreach(['id', 'domain', 'password', 'rights'] as $key) {
if(array_key_exists($key, $properties)) unset($properties[$key]); if(array_key_exists($key, $properties)) {
unset($properties[$key]);
}
} }
$func = "userPropertiesSet"; $func = "userPropertiesSet";
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userPropertiesSet($user, $properties); $out = $this->u->userPropertiesSet($user, $properties);
if(Arsse::$db->userExists($user)) { if(Arsse::$db->userExists($user)) {
// if the property change was successful and the user exists, set the internal properties to the same values // if the property change was successful and the user exists, set the internal properties to the same values
@ -307,10 +379,14 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userRightsGet($user); $out = $this->u->userRightsGet($user);
// if the user does not exist in the internal database, add it // if the user does not exist in the internal database, add it
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, "", null, $out); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, "", null, $out);
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -326,7 +402,9 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userRightsSet($user, $level); $out = $this->u->userRightsSet($user, $level);
// if the user does not exist in the internal database, add it // if the user does not exist in the internal database, add it
if($out && Arsse::$db->userExists($user)) { if($out && Arsse::$db->userExists($user)) {
@ -365,7 +443,9 @@ class User {
if($properties===null) { if($properties===null) {
// if nothing is provided but the driver uses an external function, try to get the current values from the external source // if nothing is provided but the driver uses an external function, try to get the current values from the external source
try { try {
if($this->u->driverFunctions("userPropertiesGet")==User\Driver::FUNC_EXTERNAL) Arsse::$db->userPropertiesSet($user, $this->u->userPropertiesGet($user)); if($this->u->driverFunctions("userPropertiesGet")==User\Driver::FUNC_EXTERNAL) {
Arsse::$db->userPropertiesSet($user, $this->u->userPropertiesGet($user));
}
} catch(\Throwable $e) {} } catch(\Throwable $e) {}
} else { } else {
// otherwise if values are provided, use those // otherwise if values are provided, use those

4
lib/User/Internal/Driver.php
View File

@ -24,7 +24,9 @@ final class Driver implements \JKingWeb\Arsse\User\Driver {
} }
public function driverFunctions(string $function = null) { public function driverFunctions(string $function = null) {
if($function===null) return $this->functions; if($function===null) {
return $this->functions;
}
if(array_key_exists($function, $this->functions)) { if(array_key_exists($function, $this->functions)) {
return $this->functions[$function]; return $this->functions[$function];
} else { } else {

31
lib/User/Internal/InternalFunctions.php
View File

@ -2,54 +2,59 @@
declare(strict_types=1); declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal; namespace JKingWeb\Arsse\User\Internal;
use JKingWeb\Arsse\Arsse; use JKingWeb\Arsse\Arsse;
use JKingWeb\Arsse\User\Exception;
trait InternalFunctions { trait InternalFunctions {
protected $actor = []; protected $actor = [];
public function __construct() { public function __construct() {
$this->db = Arsse::$db;
} }
function auth(string $user, string $password): bool { function auth(string $user, string $password): bool {
if(!Arsse::$user->exists($user)) return false; try {
$hash = $this->db->userPasswordGet($user); $hash = Arsse::$db->userPasswordGet($user);
if($password==="" && $hash==="") return true; } catch(Exception $e) {
return false;
}
if($password==="" && $hash==="") {
return true;
}
return password_verify($password, $hash); return password_verify($password, $hash);
} }
function userExists(string $user): bool { function userExists(string $user): bool {
return $this->db->userExists($user); return Arsse::$db->userExists($user);
} }
function userAdd(string $user, string $password = null): string { function userAdd(string $user, string $password = null): string {
return $this->db->userAdd($user, $password); return Arsse::$db->userAdd($user, $password);
} }
function userRemove(string $user): bool { function userRemove(string $user): bool {
return $this->db->userRemove($user); return Arsse::$db->userRemove($user);
} }
function userList(string $domain = null): array { function userList(string $domain = null): array {
return $this->db->userList($domain); return Arsse::$db->userList($domain);
} }
function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string { function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
return $this->db->userPasswordSet($user, $newPassword); return Arsse::$db->userPasswordSet($user, $newPassword);
} }
function userPropertiesGet(string $user): array { function userPropertiesGet(string $user): array {
return $this->db->userPropertiesGet($user); return Arsse::$db->userPropertiesGet($user);
} }
function userPropertiesSet(string $user, array $properties): array { function userPropertiesSet(string $user, array $properties): array {
return $this->db->userPropertiesSet($user, $properties); return Arsse::$db->userPropertiesSet($user, $properties);
} }
function userRightsGet(string $user): int { function userRightsGet(string $user): int {
return $this->db->userRightsGet($user); return Arsse::$db->userRightsGet($user);
} }
function userRightsSet(string $user, int $level): bool { function userRightsSet(string $user, int $level): bool {
return $this->db->userRightsSet($user, $level); return Arsse::$db->userRightsSet($user, $level);
} }
} }

8
tests/Misc/TestContext.php
View File

@ -9,7 +9,9 @@ class TestContext extends Test\AbstractTest {
function testVerifyInitialState() { function testVerifyInitialState() {
$c = new Context; $c = new Context;
foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) { foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) {
if($m->isConstructor() || $m->isStatic()) continue; if($m->isConstructor() || $m->isStatic()) {
continue;
}
$method = $m->name; $method = $m->name;
$this->assertFalse($c->$method(), "Context method $method did not initially return false"); $this->assertFalse($c->$method(), "Context method $method did not initially return false");
$this->assertEquals(null, $c->$method, "Context property $method is not initially falsy"); $this->assertEquals(null, $c->$method, "Context property $method is not initially falsy");
@ -37,7 +39,9 @@ class TestContext extends Test\AbstractTest {
$times = ['modifiedSince','notModifiedSince']; $times = ['modifiedSince','notModifiedSince'];
$c = new Context; $c = new Context;
foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) { foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) {
if($m->isConstructor() || $m->isStatic()) continue; if($m->isConstructor() || $m->isStatic()) {
continue;
}
$method = $m->name; $method = $m->name;
$this->assertArrayHasKey($method, $v, "Context method $method not included in test"); $this->assertArrayHasKey($method, $v, "Context method $method not included in test");
$this->assertInstanceOf(Context::class, $c->$method($v[$method])); $this->assertInstanceOf(Context::class, $c->$method($v[$method]));

2
tests/REST/NextCloudNews/TestNCNV1_2.php
View File

@ -10,7 +10,7 @@ use JKingWeb\Arsse\Db\ExceptionInput;
use JKingWeb\Arsse\Db\Transaction; use JKingWeb\Arsse\Db\Transaction;
use Phake; use Phake;
/** @covers \JKingWeb\Arsse\REST\NextCloudNews\V1_2 */ /** @covers \JKingWeb\Arsse\REST\NextCloudNews\V1_2<extended> */
class TestNCNV1_2 extends Test\AbstractTest { class TestNCNV1_2 extends Test\AbstractTest {
protected $h; protected $h;
protected $feeds = [ // expected sample output of a feed list from the database, and the resultant expected transformation by the REST handler protected $feeds = [ // expected sample output of a feed list from the database, and the resultant expected transformation by the REST handler

28
tests/User/TestAuthorization.php
View File

@ -87,7 +87,9 @@ class TestAuthorization extends Test\AbstractTest {
function testRegularUserLogic() { function testRegularUserLogic() {
foreach(self::USERS as $actor => $rights) { foreach(self::USERS as $actor => $rights) {
if($rights != User\Driver::RIGHTS_NONE) continue; if($rights != User\Driver::RIGHTS_NONE) {
continue;
}
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(array_keys(self::USERS) as $affected) { foreach(array_keys(self::USERS) as $affected) {
// regular users should only be able to act for themselves // regular users should only be able to act for themselves
@ -112,7 +114,9 @@ class TestAuthorization extends Test\AbstractTest {
function testDomainManagerLogic() { function testDomainManagerLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_DOMAIN_MANAGER) continue; if($actorRights != User\Driver::RIGHTS_DOMAIN_MANAGER) {
continue;
}
$actorDomain = substr($actor,strrpos($actor,"@")+1); $actorDomain = substr($actor,strrpos($actor,"@")+1);
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(self::USERS as $affected => $affectedRights) { foreach(self::USERS as $affected => $affectedRights) {
@ -151,7 +155,9 @@ class TestAuthorization extends Test\AbstractTest {
function testDomainAdministratorLogic() { function testDomainAdministratorLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_DOMAIN_ADMIN) continue; if($actorRights != User\Driver::RIGHTS_DOMAIN_ADMIN) {
continue;
}
$actorDomain = substr($actor,strrpos($actor,"@")+1); $actorDomain = substr($actor,strrpos($actor,"@")+1);
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
$allowed = [User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN]; $allowed = [User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN];
@ -191,7 +197,9 @@ class TestAuthorization extends Test\AbstractTest {
function testGlobalManagerLogic() { function testGlobalManagerLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_GLOBAL_MANAGER) continue; if($actorRights != User\Driver::RIGHTS_GLOBAL_MANAGER) {
continue;
}
$actorDomain = substr($actor,strrpos($actor,"@")+1); $actorDomain = substr($actor,strrpos($actor,"@")+1);
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(self::USERS as $affected => $affectedRights) { foreach(self::USERS as $affected => $affectedRights) {
@ -222,7 +230,9 @@ class TestAuthorization extends Test\AbstractTest {
function testGlobalAdministratorLogic() { function testGlobalAdministratorLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_GLOBAL_ADMIN) continue; if($actorRights != User\Driver::RIGHTS_GLOBAL_ADMIN) {
continue;
}
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
// global admins can do anything // global admins can do anything
foreach(self::USERS as $affected => $affectedRights) { foreach(self::USERS as $affected => $affectedRights) {
@ -240,7 +250,9 @@ class TestAuthorization extends Test\AbstractTest {
function testInvalidLevelLogic() { function testInvalidLevelLogic() {
foreach(self::USERS as $actor => $rights) { foreach(self::USERS as $actor => $rights) {
if(in_array($rights, self::LEVELS)) continue; if(in_array($rights, self::LEVELS)) {
continue;
}
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(array_keys(self::USERS) as $affected) { foreach(array_keys(self::USERS) as $affected) {
// users with unknown/invalid rights should be treated just like regular users and only be able to act for themselves // users with unknown/invalid rights should be treated just like regular users and only be able to act for themselves
@ -297,7 +309,9 @@ class TestAuthorization extends Test\AbstractTest {
$err = []; $err = [];
foreach($tests as $func => $args) { foreach($tests as $func => $args) {
// list method does not take an affected user, so do not unshift for that one // list method does not take an affected user, so do not unshift for that one
if($func != "list") array_unshift($args, $user); if($func != "list") {
array_unshift($args, $user);
}
try { try {
call_user_func_array(array(Arsse::$user, $func), $args); call_user_func_array(array(Arsse::$user, $func), $args);
} catch(User\ExceptionAuthz $e) { } catch(User\ExceptionAuthz $e) {

Write Preview
Loading…
Cancel
Save