MensBeam
/
Arsse
3
1
Fork 0
Code Issues 24 Pull Requests Releases 28 Activity
Browse Source

Remove the distinction between internal and external user functionality

microsub
J. King 6 years ago
parent
11747c93fd
commit
057d72c816
4 changed files with 80 additions and 183 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 164
      lib/User.php
  2. 2
      lib/User/Driver.php
  3. 48
      lib/User/Internal/Driver.php
  4. 49
      lib/User/Internal/InternalFunctions.php

164
lib/User.php
View File

@ -6,6 +6,8 @@
declare(strict_types=1); declare(strict_types=1);
namespace JKingWeb\Arsse; namespace JKingWeb\Arsse;
use JKingWeb\Arsse\User\Internal\Driver as InternalDriver;
class User { class User {
public $id = null; public $id = null;
@ -44,30 +46,13 @@ class User {
public function auth(string $user, string $password): bool { public function auth(string $user, string $password): bool {
$prevUser = $this->id ?? null; $prevUser = $this->id ?? null;
$this->id = $user; $this->id = $user;
switch ($this->u->driverFunctions("auth")) { if (Arsse::$conf->userPreAuth) {
case User\Driver::FUNC_EXTERNAL: $out = true;
if (Arsse::$conf->userPreAuth) { } else {
$out = true; $out = $this->u->auth($user, $password);
} else { }
$out = $this->u->auth($user, $password); if ($out && !Arsse::$db->userExists($user)) {
} $this->autoProvision($user, $password);
if ($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
break;
case User\Driver::FUNC_INTERNAL:
if (Arsse::$conf->userPreAuth) {
if (!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
$out = true;
} else {
$out = $this->u->auth($user, $password);
}
break;
case User\Driver::FUNCT_NOT_IMPLEMENTED:
$out = false;
break;
} }
if (!$out) { if (!$out) {
$this->id = $prevUser; $this->id = $prevUser;
@ -75,118 +60,71 @@ class User {
return $out; return $out;
} }
public function driverFunctions(string $function = null) {
return $this->u->driverFunctions($function);
}
public function list(): array { public function list(): array {
$func = "userList"; $func = "userList";
switch ($this->u->driverFunctions($func)) { if (!$this->authorize("", $func)) {
case User\Driver::FUNC_EXTERNAL: throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
// we handle authorization checks for external drivers
if (!$this->authorize("", $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
}
// no break
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userList($domain);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $domain]);
} }
return $this->u->userList($domain);
} }
public function exists(string $user): bool { public function exists(string $user): bool {
$func = "userExists"; $func = "userExists";
switch ($this->u->driverFunctions($func)) { if (!$this->authorize($user, $func)) {
case User\Driver::FUNC_EXTERNAL: throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
// we handle authorization checks for external drivers }
if (!$this->authorize($user, $func)) { $out = $this->u->userExists($user);
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if (!$this->u instanceof InternalDriver) {
} // if an alternative driver doesn't match the internal database, add or remove the user as appropriate
$out = $this->u->userExists($user); if (!$out && Arsse::$db->userExists($user)) {
if ($out && !Arsse::$db->userExists($user)) { Arsse::$db->userRemove($user);
$this->autoProvision($user, ""); } elseif ($out && !Arsse::$db->userExists($user)) {
} $this->autoProvision($user, "");
return $out; }
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userExists($user);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
// throwing an exception here would break all kinds of stuff; we just report that the user exists
return true;
} }
return $out;
} }
public function add($user, $password = null): string { public function add($user, $password = null): string {
$func = "userAdd"; $func = "userAdd";
switch ($this->u->driverFunctions($func)) { if (!$this->authorize($user, $func)) {
case User\Driver::FUNC_EXTERNAL: throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
// we handle authorization checks for external drivers
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$newPassword = $this->u->userAdd($user, $password);
// if there was no exception and we don't have the user in the internal database, add it
if (!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $newPassword);
}
return $newPassword;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userAdd($user, $password);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
} }
$newPassword = $this->u->userAdd($user, $password);
// if there was no exception and we don't have the user in the internal database, add it
if (!$this->u instanceof InternalDriver && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $newPassword);
}
return $newPassword;
} }
public function remove(string $user): bool { public function remove(string $user): bool {
$func = "userRemove"; $func = "userRemove";
switch ($this->u->driverFunctions($func)) { if (!$this->authorize($user, $func)) {
case User\Driver::FUNC_EXTERNAL: throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
// we handle authorization checks for external drivers }
if (!$this->authorize($user, $func)) { $out = $this->u->userRemove($user);
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if ($out && !$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
} // if the user was removed and we have it in our data, remove it there
$out = $this->u->userRemove($user); Arsse::$db->userRemove($user);
if ($out && Arsse::$db->userExists($user)) {
// if the user was removed and we have it in our data, remove it there
if (!Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user);
}
}
return $out;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userRemove($user);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
} }
return $out;
} }
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string { public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
$func = "userPasswordSet"; $func = "userPasswordSet";
switch ($this->u->driverFunctions($func)) { if (!$this->authorize($user, $func)) {
case User\Driver::FUNC_EXTERNAL: throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
// we handle authorization checks for external drivers
if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
if (Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, $out);
} else {
// if the user does not exists in the internal database, create it
$this->autoProvision($user, $out);
}
return $out;
case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization
return $this->u->userPasswordSet($user, $newPassword);
case User\Driver::FUNCT_NOT_IMPLEMENTED:
throw new User\ExceptionNotImplemented("notImplemented", ["action" => $func, "user" => $user]);
} }
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, $out);
} elseif (!$this->u instanceof InternalDriver){
// if the user does not exists in the internal database, create it
$this->autoProvision($user, $out);
}
return $out;
} }
protected function autoProvision(string $user, string $password = null): string { protected function autoProvision(string $user, string $password = null): string {

2
lib/User/Driver.php
View File

@ -15,8 +15,6 @@ interface Driver {
public function __construct(); public function __construct();
// returns a human-friendly name for the driver (for display in installer, for example) // returns a human-friendly name for the driver (for display in installer, for example)
public static function driverName(): string; public static function driverName(): string;
// returns an array (or single queried member of same) of methods defined by this interface and whether the class implements the internal function or a custom version
public function driverFunctions(string $function = null);
// authenticates a user against their name and password // authenticates a user against their name and password
public function auth(string $user, string $password): bool; public function auth(string $user, string $password): bool;
// checks whether a user exists // checks whether a user exists

48
lib/User/Internal/Driver.php
View File

@ -7,32 +7,42 @@ declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal; namespace JKingWeb\Arsse\User\Internal;
final class Driver implements \JKingWeb\Arsse\User\Driver { final class Driver implements \JKingWeb\Arsse\User\Driver {
use InternalFunctions; public function __construct() {
}
protected $db;
protected $functions = [
"auth" => self::FUNC_INTERNAL,
"userList" => self::FUNC_INTERNAL,
"userExists" => self::FUNC_INTERNAL,
"userAdd" => self::FUNC_INTERNAL,
"userRemove" => self::FUNC_INTERNAL,
"userPasswordSet" => self::FUNC_INTERNAL,
];
public static function driverName(): string { public static function driverName(): string {
return Arsse::$lang->msg("Driver.User.Internal.Name"); return Arsse::$lang->msg("Driver.User.Internal.Name");
} }
public function driverFunctions(string $function = null) { public function auth(string $user, string $password): bool {
if ($function===null) { try {
return $this->functions; $hash = Arsse::$db->userPasswordGet($user);
} catch (Exception $e) {
return false;
} }
if (array_key_exists($function, $this->functions)) { if ($password==="" && $hash==="") {
return $this->functions[$function]; return true;
} else {
return self::FUNC_NOT_IMPLEMENTED;
} }
return password_verify($password, $hash);
}
public function userExists(string $user): bool {
return Arsse::$db->userExists($user);
}
public function userAdd(string $user, string $password = null): string {
return Arsse::$db->userAdd($user, $password);
} }
// see InternalFunctions.php for bulk of methods public function userRemove(string $user): bool {
return Arsse::$db->userRemove($user);
}
public function userList(): array {
return Arsse::$db->userList();
}
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
return Arsse::$db->userPasswordSet($user, $newPassword);
}
} }

49
lib/User/Internal/InternalFunctions.php
View File

@ -1,49 +0,0 @@
<?php
/** @license MIT
* Copyright 2017 J. King, Dustin Wilson et al.
* See LICENSE and AUTHORS files for details */
declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal;
use JKingWeb\Arsse\Arsse;
use JKingWeb\Arsse\User\Exception;
trait InternalFunctions {
protected $actor = [];
public function __construct() {
}
public function auth(string $user, string $password): bool {
try {
$hash = Arsse::$db->userPasswordGet($user);
} catch (Exception $e) {
return false;
}
if ($password==="" && $hash==="") {
return true;
}
return password_verify($password, $hash);
}
public function userExists(string $user): bool {
return Arsse::$db->userExists($user);
}
public function userAdd(string $user, string $password = null): string {
return Arsse::$db->userAdd($user, $password);
}
public function userRemove(string $user): bool {
return Arsse::$db->userRemove($user);
}
public function userList(): array {
return Arsse::$db->userList();
}
public function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
return Arsse::$db->userPasswordSet($user, $newPassword);
}
}
Write Preview
Loading…
Cancel
Save