MensBeam
/
Arsse
3
1
Fork 0
Code Issues 24 Pull Requests Releases 28 Activity
Browse Source

More simplification 

Authentication is now used as the primary point of synchronization
between the internal database and any external database
microsub
J. King 6 years ago
parent
40d679844b
commit
898533bde5
3 changed files with 26 additions and 41 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 59
      lib/User.php
  2. 2
      lib/User/Driver.php
  3. 6
      lib/User/Internal/Driver.php

59
lib/User.php
View File

@ -29,34 +29,33 @@ class User {
return $classes; return $classes;
} }
public function __construct() { public function __construct(\JKingWeb\Arsse\User\Driver $driver = null) {
$driver = Arsse::$conf->userDriver; $this->u = $driver ?? new Arsse::$conf->userDriver;
$this->u = new $driver();
} }
public function __toString() { public function __toString() {
return (string) $this->id; return (string) $this->id;
} }
// at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
public function authorize(string $affectedUser, string $action): bool { public function authorize(string $affectedUser, string $action): bool {
return true; // at one time there was a complicated authorization system; it exists vestigially to support a later revival if desired
return $this->u->authorize($affectedUser, $action);
} }
public function auth(string $user, string $password): bool { public function auth(string $user, string $password): bool {
$prevUser = $this->id ?? null; $prevUser = $this->id;
$this->id = $user; $this->id = $user;
if (Arsse::$conf->userPreAuth) { if (Arsse::$conf->userPreAuth) {
$out = true; $out = true;
} else { } else {
$out = $this->u->auth($user, $password); $out = $this->u->auth($user, $password);
} }
// if authentication was successful and we don't have the user in the internal database, add it
// users must be in the internal database to preserve referential integrity
if ($out && !Arsse::$db->userExists($user)) { if ($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password); Arsse::$db->userAdd($user, $password);
}
if (!$out) {
$this->id = $prevUser;
} }
$this->id = $prevUser;
return $out; return $out;
} }
@ -65,7 +64,7 @@ class User {
if (!$this->authorize("", $func)) { if (!$this->authorize("", $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => ""]);
} }
return $this->u->userList($domain); return $this->u->userList();
} }
public function exists(string $user): bool { public function exists(string $user): bool {
@ -73,16 +72,7 @@ class User {
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$out = $this->u->userExists($user); return $this->u->userExists($user);
if (!$this->u instanceof InternalDriver) {
// if an alternative driver doesn't match the internal database, add or remove the user as appropriate
if (!$out && Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user);
} elseif ($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, "");
}
}
return $out;
} }
public function add($user, $password = null): string { public function add($user, $password = null): string {
@ -90,12 +80,7 @@ class User {
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$newPassword = $this->u->userAdd($user, $password); return $this->u->userAdd($user, $password);
// if there was no exception and we don't have the user in the internal database, add it
if (!$this->u instanceof InternalDriver && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $newPassword);
}
return $newPassword;
} }
public function remove(string $user): bool { public function remove(string $user): bool {
@ -103,12 +88,14 @@ class User {
if (!$this->authorize($user, $func)) { if (!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
} }
$out = $this->u->userRemove($user); try {
if ($out && !$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) { return $this->u->userRemove($user);
// if the user was removed and we have it in our data, remove it there } finally {
Arsse::$db->userRemove($user); if (Arsse::$db->userExists($user)) {
// if the user was removed and we (still) have it in the internal database, remove it there
Arsse::$db->userRemove($user);
}
} }
return $out;
} }
public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string { public function passwordSet(string $user, string $newPassword = null, $oldPassword = null): string {
@ -120,15 +107,7 @@ class User {
if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) { if (!$this->u instanceof InternalDriver && Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value // if the password change was successful and the user exists, set the internal password to the same value
Arsse::$db->userPasswordSet($user, $out); Arsse::$db->userPasswordSet($user, $out);
} elseif (!$this->u instanceof InternalDriver){
// if the user does not exists in the internal database, create it
$this->autoProvision($user, $out);
} }
return $out; return $out;
} }
protected function autoProvision(string $user, string $password = null): string {
$out = Arsse::$db->userAdd($user, $password);
return $out;
}
} }

2
lib/User/Driver.php
View File

@ -17,6 +17,8 @@ interface Driver {
public static function driverName(): string; public static function driverName(): string;
// authenticates a user against their name and password // authenticates a user against their name and password
public function auth(string $user, string $password): bool; public function auth(string $user, string $password): bool;
// check whether a user is authorized to perform a certain action; not currently used and subject to change
public function authorize(string $affectedUser, string $action): bool;
// checks whether a user exists // checks whether a user exists
public function userExists(string $user): bool; public function userExists(string $user): bool;
// adds a user // adds a user

6
lib/User/Internal/Driver.php
View File

@ -6,7 +6,7 @@
declare(strict_types=1); declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal; namespace JKingWeb\Arsse\User\Internal;
final class Driver implements \JKingWeb\Arsse\User\Driver { class Driver implements \JKingWeb\Arsse\User\Driver {
public function __construct() { public function __construct() {
} }
@ -26,6 +26,10 @@ final class Driver implements \JKingWeb\Arsse\User\Driver {
return password_verify($password, $hash); return password_verify($password, $hash);
} }
public function authorize(string $affectedUser, string $action): bool {
return true;
}
public function userExists(string $user): bool { public function userExists(string $user): bool {
return Arsse::$db->userExists($user); return Arsse::$db->userExists($user);
} }

Write Preview
Loading…
Cancel
Save