Page MenuHomeDevCentral
Files F24894185

No OneTemporary
Actions

View Options

diff --git a/workspaces/src/includes/auth/AddToGroupUserAction.php b/workspaces/src/Engines/Auth/Actions/AddToGroupUserAction.php
similarity index 90%
rename from workspaces/src/includes/auth/AddToGroupUserAction.php
rename to workspaces/src/Engines/Auth/Actions/AddToGroupUserAction.php
index b91cf9e..6955065 100644
--- a/workspaces/src/includes/auth/AddToGroupUserAction.php
+++ b/workspaces/src/Engines/Auth/Actions/AddToGroupUserAction.php
@@ -1,67 +1,76 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Add to group user action class
*
* @package ObsidianWorkspaces
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*
*/
+namespace Waystone\Workspaces\Engines\Auth\Actions;
+
+use Waystone\Workspaces\Engines\Auth\UserAction;
use Waystone\Workspaces\Engines\Serialization\ArrayDeserializable;
+use Exception;
+
+use UserGroup;
+
/**
* User action to add a user into a group
*/
class AddToGroupUserAction extends UserAction implements ArrayDeserializable {
+
/**
* @var UserGroup The group to add the user to
*/
public $group;
/**
- * @var boolean Determines if the target user has to be added to the group in the quality of admin
+ * @var boolean Determines if the target user has to be added to the group
+ * in the quality of admin
*/
public $isAdmin;
/**
* Executes the user action
*/
public function run () {
if ($this->targetUser->isMemberOfGroup($this->group)) {
if ($this->isAdmin) {
//Promotes to admin if needed
$this->targetUser->addToGroup($this->group, true);
}
} else {
//Adds user to the group
$this->targetUser->addToGroup($this->group, $this->isAdmin);
}
}
/**
* Loads an AddToGroupUserAction instance from an object.
*
* @param array $data The associative array to deserialize
*
* @return AddToGroupUserAction The deserialized instance
* @throws Exception when the group code is not found
*/
public static function loadFromArray (array $data) : self {
$instance = new AddToGroupUserAction();
$instance->group = UserGroup::fromCode($data["code"]);
$instance->isAdmin = ($data["isAdmin"] == true);
return $instance;
}
}
diff --git a/workspaces/src/includes/auth/GivePermissionUserAction.php b/workspaces/src/Engines/Auth/Actions/GivePermissionUserAction.php
similarity index 76%
rename from workspaces/src/includes/auth/GivePermissionUserAction.php
rename to workspaces/src/Engines/Auth/Actions/GivePermissionUserAction.php
index 33af0f4..16ae66b 100644
--- a/workspaces/src/includes/auth/GivePermissionUserAction.php
+++ b/workspaces/src/Engines/Auth/Actions/GivePermissionUserAction.php
@@ -1,114 +1,131 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Give permission user action class
*
* @package ObsidianWorkspaces
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*
*/
+namespace Waystone\Workspaces\Engines\Auth\Actions;
+
+use Waystone\Workspaces\Engines\Auth\Permission;
+use Waystone\Workspaces\Engines\Auth\UserAction;
use Waystone\Workspaces\Engines\Serialization\ArrayDeserializable;
+use Exception;
+use InvalidArgumentException;
+use JsonSerializable;
+
/**
* User action to grant user a permission
*/
-class GivePermissionUserAction extends UserAction implements ArrayDeserializable, JsonSerializable {
+class GivePermissionUserAction extends UserAction
+ implements ArrayDeserializable, JsonSerializable {
+
/**
* @var string The permission name
*/
public $permissionName;
/**
* @var int The permission flag
*/
public $permissionFlag = 1;
/**
* @var string The target resource type
*/
public $resourceType;
/**
* @var string The target resource identifier
*/
public $resourceIdentifier;
/**
* Executes the user action
*/
public function run () {
- if (!$id = resolve_resource_id($this->resourceType, $this->resourceIdentifier)) {
- throw new Exception("Can't get identifier from resource " . $this->resourceType . " " . $this->resourceIdentifier);
+ if (!$id = resolve_resource_id($this->resourceType,
+ $this->resourceIdentifier)) {
+ throw new Exception("Can't get identifier from resource "
+ . $this->resourceType . " " . $this->resourceIdentifier);
}
$this->targetUser->setPermission(
$this->resourceType, $id,
- $this->permissionName, $this->permissionFlag
+ $this->permissionName, $this->permissionFlag,
);
}
/**
* Loads a GivePermissionUserAction instance from an associative array.
*
* @param object $data The associative array to deserialize
+ *
* @return GivePermissionUserAction The deserialized instance
*/
- public static function loadFromArray (mixed $data) : self {
+ public static function loadFromArray (mixed $data) : self {
// Validate mandatory data
if (!array_key_exists("resource", $data)) {
throw new InvalidArgumentException("A resource property, with two mandatory type and id property is required.");
}
if (!array_key_exists("permission", $data)) {
throw new InvalidArgumentException("A permission property, with a mandatory name property and a facultative flag property is required.");
}
$resource = $data["resource"];
$permission = $data["permission"];
if (!array_key_exists("name", $permission)) {
throw new InvalidArgumentException("Permission name is required.");
}
if (!array_key_exists("type", $resource)) {
throw new InvalidArgumentException("Resource type is required.");
}
if (!array_key_exists("id", $resource)) {
throw new InvalidArgumentException("Resource id is required.");
}
// Build instance
$instance = new GivePermissionUserAction();
- $instance->resourceType = Permission::getResourceTypeLetterFromCode($resource["type"]);
+ $instance->resourceType =
+ Permission::getResourceTypeLetterFromCode($resource["type"]);
$instance->resourceIdentifier = $resource["id"];
$instance->permissionName = $permission["name"];
if (array_key_exists("flag", $permission)) {
$instance->permissionFlag = $permission["flag"];
}
return $instance;
}
/**
- * Serializes the object to a value that can be serialized natively by json_encode().
+ * Serializes the object to a value that can be serialized natively by
+ * json_encode().
*
* @return object The serializable value
*/
- public function jsonSerialize() {
+ public function jsonSerialize () {
//TODO: if you wish strict code here, we need such a class.
- $data->resource->type = Permission::getResourceTypeCodeFromLetter($this->resourceType);
+ $data->resource->type =
+ Permission::getResourceTypeCodeFromLetter($this->resourceType);
$data->resource->id = $this->resourceIdentifier;
$data->permission->name = $this->permissionName;
$data->permission->flag = $this->permissionFlag;
+
return $data;
}
}
diff --git a/workspaces/src/includes/auth/AuthenticationMethod.php b/workspaces/src/Engines/Auth/AuthenticationMethod.php
similarity index 80%
rename from workspaces/src/includes/auth/AuthenticationMethod.php
rename to workspaces/src/Engines/Auth/AuthenticationMethod.php
index a83cc7a..12b9b59 100644
--- a/workspaces/src/includes/auth/AuthenticationMethod.php
+++ b/workspaces/src/Engines/Auth/AuthenticationMethod.php
@@ -1,245 +1,273 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Authentication method class
*
* @package ObsidianWorkspaces
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*/
+namespace Waystone\Workspaces\Engines\Auth;
+
+use Waystone\Workspaces\Engines\Auth\Actions\AddToGroupUserAction;
+use Waystone\Workspaces\Engines\Auth\Actions\GivePermissionUserAction;
use Waystone\Workspaces\Engines\Framework\Context;
use Waystone\Workspaces\Engines\Serialization\ArrayDeserializable;
-/**
- * Authentication method class
- *
- * This class has to be extended to implement custom authentication methods.
- */
+use Language;
+use Message;
+use User;
+use Exception;
+use InvalidArgumentException;
+
+/**
+ * Authentication method class
+ *
+ * This class has to be extended to implement custom authentication methods.
+ */
abstract class AuthenticationMethod implements ArrayDeserializable {
+
/**
* @var User The local user matching the authentication
*/
public $localUser;
/**
* @var string The username
*/
public $name;
/**
* @var string The e-mail address
*/
public $email;
/**
* @var string The authentication method identifiant
*/
public $id;
/**
* @var string The remote identity provider user identifiant
*/
public $remoteUserId;
/**
* @var Message The localized authentication login message
*/
public $loginMessage;
/**
- * @var boolean Determines if the authentication method could be used to register new users
+ * @var boolean Determines if the authentication method could be used to
+ * register new users
*/
public $canCreateUser = false;
/**
- * @var Array Actions to execute if a user is created, each instance a member of UserAction
+ * @var Array Actions to execute if a user is created, each instance a
+ * member of UserAction
*/
public $createUserActions = [];
/**
* @var Context The site context
*/
public $context;
/**
* @var Message The localized authentication error message
*/
public $loginError;
/**
* Gets authentication link for this method
*/
- public abstract function getAuthenticationLink();
+ public abstract function getAuthenticationLink ();
/**
* Handles request
*/
- public abstract function handleRequest();
+ public abstract function handleRequest ();
/**
* Runs actions planned on user create
*/
protected function runCreateUserActions () {
foreach ($this->createUserActions as $action) {
$action->targetUser = $this->localUser;
$action->run();
}
}
/**
* Finds user from available data
*
* @return User the user if a user has been found; otherwise, false.
*/
private function findUser () {
if ($this->remoteUserId != '') {
$user = User::getUserFromRemoteIdentity(
- $this->id, $this->remoteUserId
+ $this->id, $this->remoteUserId,
);
- if ($user !== null) return $user;
+ if ($user !== null) {
+ return $user;
+ }
}
if ($this->email != '') {
$user = User::get_user_from_email($this->email);
- if ($user !== null) return $user;
+ if ($user !== null) {
+ return $user;
+ }
}
return null;
}
/**
* Signs in or creates a new user
*
- * @return boolean true if user has been successfully logged in; otherwise, false.
+ * @return boolean true if user has been successfully logged in; otherwise,
+ * false.
*/
public function signInOrCreateUser () {
// At this stage, if we don't already have a user instance,
// we're fetching it by remote user id or mail.
//
// If no result is returned, we're creating a new user if needed.
//
// Finally, we proceed to log in.
if ($this->localUser === null) {
$this->localUser = $this->findUser();
}
if ($this->localUser === null) {
if (!$this->canCreateUser) {
- $this->loginError = Language::get("ExternalLoginCantCreateAccount");
+ $this->loginError =
+ Language::get("ExternalLoginCantCreateAccount");
+
return false;
} else {
$this->createUser();
if ($this->localUser === null) {
throw new Exception("Can't sign in: after correct remote authentication, an error occurred creating locally a new user.");
}
}
}
$this->signIn($this->localUser);
+
return true;
}
/**
* Signs in the specified user
*
* @param User The user to log in
*/
- public function signIn(User $user) {
+ public function signIn (User $user) {
$this->context->session->user_login($user->id);
}
/**
* Creates a new user based on the authentication provisioning information
*
* @return User The user created
*/
public function createUser () {
if (!$this->canCreateUser) {
throw new Exception("Can't create user: the canCreateUser property is set at false.");
}
$user = User::create();
$user->name = $this->name;
$user->email = $this->email;
$user->save_to_database();
$user->setRemoteIdentity(
- $this->id, $this->remoteUserId
+ $this->id, $this->remoteUserId,
);
$this->localUser = $user;
$this->runCreateUserActions();
}
/**
* Gets authentication method from ID
*
* @param string $id The authentication method id
* @param Context $context The site context
+ *
* @return AuthenticationMethod The authentication method matching the id
*/
public static function getFromId ($id, $context) {
if ($context->workspace != null) {
- foreach ($context->workspace->configuration->authenticationMethods as $authenticationMethod) {
+ foreach (
+ $context->workspace->configuration->authenticationMethods as
+ $authenticationMethod
+ ) {
if ($authenticationMethod->id == $id) {
return $authenticationMethod;
}
}
}
+
return null;
}
/**
* Loads an AuthenticationMethod instance from a generic array.
* Typically used to deserialize a configuration.
*
* @param array $data The associative array to deserialize
*
* @return AuthenticationMethod The deserialized instance
* @throws InvalidArgumentException|Exception
*/
- public static function loadFromArray(array $data) : self {
+ public static function loadFromArray (array $data) : self {
$instance = new static;
if (!array_key_exists("id", $data)) {
throw new InvalidArgumentException("Authentication method id is required.");
}
$instance->id = $data["id"];
$message = $data["loginMessage"] ?? Language::get("SignIn");
$instance->loginMessage = new Message($message);
if (array_key_exists("createUser", $data)) {
$createUser = $data["createUser"];
if (array_key_exists("enabled", $createUser)) {
$instance->canCreateUser = ($createUser["enabled"] === true);
}
$addToGroups = $createUser["addToGroups"] ?? [];
foreach ($addToGroups as $actionData) {
- $instance->createUserActions[] = AddToGroupUserAction::loadFromArray($actionData);
+ $instance->createUserActions[] =
+ AddToGroupUserAction::loadFromArray($actionData);
}
$givePermissions = $createUser["givePermissions"] ?? [];
foreach ($createUser["givePermissions"] as $actionData) {
- $instance->createUserActions[] = GivePermissionUserAction::loadFromArray($actionData);
+ $instance->createUserActions[] =
+ GivePermissionUserAction::loadFromArray($actionData);
}
}
return $instance;
}
}
diff --git a/workspaces/src/includes/auth/AzharProvider.php b/workspaces/src/Engines/Auth/Methods/AzharProvider.php
similarity index 86%
rename from workspaces/src/includes/auth/AzharProvider.php
rename to workspaces/src/Engines/Auth/Methods/AzharProvider.php
index aa1cf74..5618a1e 100644
--- a/workspaces/src/includes/auth/AzharProvider.php
+++ b/workspaces/src/Engines/Auth/Methods/AzharProvider.php
@@ -1,206 +1,225 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Azhàr provider authentication method class
*
* @package ObsidianWorkspaces
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*/
- /**
- * Azhàr provider authentication method class
- *
- * Azhàr sends a document providing authentication and registration of new users.
- * It's signed by a shared secret key.
- */
+namespace Waystone\Workspaces\Engines\Auth\Methods;
+
+use Waystone\Workspaces\Engines\Auth\AuthenticationMethod;
+
+use Language;
+
+use stdClass;
+
+/**
+ * Azhàr provider authentication method class
+ *
+ * Azhàr sends a document providing authentication and registration of new
+ * users. It's signed by a shared secret key.
+ */
class AzharProvider extends AuthenticationMethod {
+
/**
* @var string Shared secret key
*/
public $secretKey;
/**
* @var string Client key, to identify the consumer application.
*/
public $clientKey;
/**
* @var string The Azhàr identity provider login URL
*/
public $url;
/**
* Handles user login request
*/
public function handleRequest () {
$action = array_key_exists('action', $_GET) ? $_GET['action'] : '';
- $sessionKey = array_key_exists('sessionKey', $_GET) ? $_GET['sessionKey'] : '';
+ $sessionKey =
+ array_key_exists('sessionKey', $_GET) ? $_GET['sessionKey'] : '';
if ($action == "user.login.azhar.initialize") {
//Redirects user to Azhàr SSO service
- $callbackUrl = get_server_url() . get_url($this->context->workspace->code)
- . '?action=user.login.azhar.success&authenticationMethodId=' . $this->id;
+ $callbackUrl =
+ get_server_url() . get_url($this->context->workspace->code)
+ . '?action=user.login.azhar.success&authenticationMethodId='
+ . $this->id;
$url = $this->url . '?mode=provider&key=' . $this->clientKey
- . '&sessionKey=' . $this->getSessionKey()
- . '&url=' . urlencode($callbackUrl);
+ . '&sessionKey=' . $this->getSessionKey()
+ . '&url=' . urlencode($callbackUrl);
header('Location: ' . $url);
exit;
} elseif ($action == "user.login.azhar.success") {
//User claims to have logged in, we can get authentication information
$reply = $this->fetchInformation();
if (!$this->isDocumentLegit($reply)) {
- $this ->loginError = Language::get('ExternalLoginNotLegitReply');
+ $this->loginError = Language::get('ExternalLoginNotLegitReply');
+
return;
}
if ($reply->status == "SUCCESS") {
//Creates user or login
$this->name = $reply->username;
$this->email = $reply->email;
$this->remoteUserId = $reply->localUserId;
$this->signInOrCreateUser();
+
return;
} elseif ($reply->status == "ERROR_USER_SIDE") {
switch ($reply->code) {
case 'NO_USER_VISIT':
case 'NOT_LOGGED_IN':
$this ->loginError = Language::get('ExternalLoginNotRemotelyLoggedIn');
return;
}
} elseif ($reply->status == "ERROR_BETWEEN_US") {
switch ($reply->code) {
case 'SESSION_BADSECRET':
$this->loginError = sprintf(Language::get('ExternalLoginTechnicalDifficulty'), $reply->code);
return;
}
}
$this->loginError = '<p>An unknown error has been received:</p><pre>' . print_r($reply, true) . '</pre><p>Please notify technical support about this new error message, so we can handle it in the future.</p>';
} else {
- $this ->loginError = '<p>Unknown action: $action</p>';
+ $this->loginError = '<p>Unknown action: $action</p>';
}
}
/**
* Gets Azhàr provider session key
*
* This key allows us as consumer to fetch information, and Azhàr as provider to store it.
*
* @return string the session key
*/
public function getSessionKey () {
$hash = md5($this->id);
if (!isset($_SESSION['Auth-$hash']['SessionKey'])) {
$url = $this->url . '?mode=provider.announce&key=' . $this->clientKey
. '&url=n/a';
$reply = self::query($url);
$this->setSessionSecret($reply->sessionSecret);
$_SESSION['Auth-$hash']['SessionKey'] = $reply->sessionKey;
}
+
return $_SESSION['Auth-$hash']['SessionKey'];
}
/**
* Gets Azhàr provider session secret
*
* @return string the session secret
*/
private function getSessionSecret () {
$hash = md5($this->id);
+
return $_SESSION['Auth-$hash']['SessionSecret'];
}
/**
* Sets Azhàr provider session secret
*
* @param string $secret the session secret
*/
private function setSessionSecret ($secret) {
$hash = md5($this->id);
$_SESSION['Auth-$hash']['SessionSecret'] = $secret;
}
/**
* Gets Azhàr external authentication link
*
* @retrun string the login link
*/
- public function getAuthenticationLink() {
+ public function getAuthenticationLink () {
$url = get_server_url() . get_url($this->context->workspace->code)
. '?action=user.login.azhar.initialize&authenticationMethodId=' . $this->id;
return $url;
}
/**
* Determines if the document received has been signed by the correct shared secret key.
*
* @return boolean true if the document is legit; otherwise, false.
*/
function isDocumentLegit ($document) {
$hash = '';
- $claimedHash = NULL;
+ $claimedHash = null;
foreach ($document as $key => $value) {
if ($key == 'hash') {
$claimedHash = $value;
continue;
}
$hash .= md5($key . $value);
}
$salt = '$2y$10$' . substr($this->secretKey, 0, 22);
$computedHash = crypt($hash, $salt);
return $claimedHash === $computedHash;
}
/**
* Fetches information document
*
* @return stdClass The Azhàr identity provider information about the current login operation
*/
function fetchInformation () {
$url = $this->url . '?mode=provider.fetch&key=' . $this->clientKey
. '&sessionSecret=' . $this->getSessionSecret()
. '&sessionKey=' . $this->getSessionKey()
. '&url=n/a';
return self::query($url);
}
/**
* Gets the contents of the specified URL and decode the JSON reply
*
* @param string $url The URL to the JSON document to query.
+ *
* @return stdClass The reply
*/
public static function query ($url) {
$data = file_get_contents($url);
+
return json_decode($data);
}
/**
* Loads an AzharProvider instance from a generic array.
* Typically used to deserialize a configuration.
*
* @param array $data The associative array to deserialize
+ *
* @return AzharProvider The deserialized instance
*/
public static function loadFromArray (array $data) : self {
$instance = parent::loadFromArray($data);
$instance->url = $data["url"];
$instance->secretKey = $data["secretKey"];
$instance->clientKey = $data["clientKey"];
return $instance;
}
}
diff --git a/workspaces/src/includes/objects/Permission.php b/workspaces/src/Engines/Auth/Permission.php
similarity index 88%
rename from workspaces/src/includes/objects/Permission.php
rename to workspaces/src/Engines/Auth/Permission.php
index 5657d7e..8dc91fc 100644
--- a/workspaces/src/includes/objects/Permission.php
+++ b/workspaces/src/Engines/Auth/Permission.php
@@ -1,56 +1,63 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Permission class
*
* @package ObsidianWorkspaces
- * @subpackage Model
+ * @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*
*/
+namespace Waystone\Workspaces\Engines\Auth;
+
+use InvalidArgumentException;
+
/**
* Permission class
*/
class Permission {
+
/**
* Gets resource type letter from code
*
* @param string $code The resource type code
+ *
* @return string The resource type letter
*/
public static function getResourceTypeLetterFromCode ($code) {
switch ($code) {
case "user": return 'U';
case "group": return 'G';
case "workspace": return 'W';
default:
throw new InvalidArgumentException("Not a resource type code: $code");
}
}
/**
* Gets resource type code from letter
*
* @param string $letter The resource type letter
+ *
* @return string The resource type code
*/
- public static function getResourceTypeCodeFromLetter($letter) {
+ public static function getResourceTypeCodeFromLetter ($letter) {
switch ($letter) {
case 'U': return "user";
case 'G': return "group";
case 'W': return "workspace";
default:
throw new InvalidArgumentException("Not a resource type letter: $letter");
}
}
}
diff --git a/workspaces/src/includes/auth/UserAction.php b/workspaces/src/Engines/Auth/UserAction.php
similarity index 88%
rename from workspaces/src/includes/auth/UserAction.php
rename to workspaces/src/Engines/Auth/UserAction.php
index 4f72622..aee1388 100644
--- a/workspaces/src/includes/auth/UserAction.php
+++ b/workspaces/src/Engines/Auth/UserAction.php
@@ -1,41 +1,46 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* User action class
*
* @package ObsidianWorkspaces
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*
*/
+namespace Waystone\Workspaces\Engines\Auth;
+
+use User;
+
/**
* User action class, to be extended to implement an action related to user
*/
abstract class UserAction {
+
/**
* @var User the target action user
*/
public $targetUser;
/**
* Initializes a new instance of an UserAction object
*
* @param User $targetUser the target action user
*/
- public function __construct ($targetUser = NULL) {
+ public function __construct ($targetUser = null) {
$this->targetUser = $targetUser;
}
/**
* Executes the user action
*/
abstract public function run ();
}
diff --git a/workspaces/src/Engines/Workspaces/WorkspaceConfiguration.php b/workspaces/src/Engines/Workspaces/WorkspaceConfiguration.php
index 3f660e7..117c5d6 100644
--- a/workspaces/src/Engines/Workspaces/WorkspaceConfiguration.php
+++ b/workspaces/src/Engines/Workspaces/WorkspaceConfiguration.php
@@ -1,272 +1,269 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Workspace configuration class
*
* @package ObsidianWorkspaces
* @subpackage Workspaces
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*/
namespace Waystone\Workspaces\Engines\Workspaces;
+use Exception;
+use Keruald\Yaml\Parser as YamlParser;
+use Keruald\Yaml\Tags\EnvTag;
use Waystone\Workspaces\Engines\Apps\ApplicationConfiguration;
+use Waystone\Workspaces\Engines\Auth\AuthenticationMethod;
use Waystone\Workspaces\Engines\Exceptions\WorkspaceException;
use Waystone\Workspaces\Engines\Framework\Context;
use Waystone\Workspaces\Engines\Serialization\ArrayDeserializableWithContext;
-use Keruald\Yaml\Parser as YamlParser;
-use Keruald\Yaml\Tags\EnvTag;
-
-use AuthenticationMethod;
-
-use Exception;
-
/**
* Workspace configuration class
*
* This class maps the workspaces table.
*/
class WorkspaceConfiguration implements ArrayDeserializableWithContext {
/**
* @var array applications (each element is an instance of
* ApplicationConfiguration)
*/
public $applications = [];
/**
* @var array authentication methods for this workspace (each element is an
* instance of AuthenticationMethod)
*/
public $authenticationMethods = [];
/**
* @var array disclaimers (each element a string)
*/
public $disclaimers = [];
/**
* @var array collections (each key a string to the collection name, each
* value a string to the collection document type)
*/
public $collections = [];
/**
* Determines if internal Obsidian Workspaces authentication can be used to
* login on this workspace URL
*
* @return boolean True if a user not logged in Obsidian Workspaces going
* to a workspace URL should be offered to login through
* Obsidian ; otherwise, false.
*/
public $allowInternalAuthentication = true;
/**
* @var string The overall custom header to prepend to the header site
*/
public $header = '';
/**
* @var string The overall custom footer to append to the footer site
*/
public $footer = '';
/**
* Get applications controllers binds for this workspace
*/
public function getControllersBinds () {
$controllers = [];
foreach ($this->applications as $application) {
$controllers[$application->bind] = $application;
}
return $controllers;
}
/**
* Determines if the URL fragment matches a controller bound to it.
*
* @param ApplicationConfiguration $applicationConfiguration The
* application
* configuration
*
* @return boolean true if the URL fragment matches an application
* controller's bind
*/
public function hasControllerBind ($url, &$applicationConfiguration) {
foreach ($this->applications as $application) {
if ($application->bind == $url) {
$applicationConfiguration = $application;
return true;
}
}
return false;
}
/**
* Loads a WorkspaceConfiguration instance from an array
*
* @param array $data The array to deserialize
* @param mixed $context The application context
*
* @return WorkspaceConfiguration The deserialized instance
* @throws WorkspaceException
*/
public static function loadFromArray (
array $data,
mixed $context
) : self {
$instance = new WorkspaceConfiguration();
// Parse applications to load in the workspace
$applications = $data["applications"] ?? [];
foreach ($applications as $applicationData) {
if (!array_key_exists("name", $applicationData)) {
throw new WorkspaceException("Missing required property: application name");
}
$controllerClass = $applicationData["name"];
if (!class_exists($controllerClass)) {
trigger_error("Application controller doesn't exist: $controllerClass.",
E_USER_WARNING);
continue;
}
$configurationClass = $controllerClass . "Configuration";
if (!class_exists($configurationClass)) {
$configurationClass = ApplicationConfiguration::class;
}
$instance->applications[] = [$configurationClass, "loadFromArray"]($applicationData);
}
// Parse custom authentication methods for this workspace
if (array_key_exists("login", $data)) {
$instance->allowInternalAuthentication = false;
foreach ($data["login"] as $authData) {
if ($authData["type"] == "internal") {
$instance->allowInternalAuthentication = true;
continue;
}
$auth = self::loadAuthenticationMethod($authData, $context);
$instance->authenticationMethods[] = $auth;
}
}
// Parse collections the workspace applications can access
$collections = $data->collections ?? [];
foreach ($collections as $collection) {
if (!property_exists($collection, 'name')) {
throw new WorkspaceException("A collection has been declared without name in the workspace configuration.");
}
$name = $collection->name;
if (!property_exists($collection, 'global')
|| !$collection->global) {
$name =
WorkspaceConfiguration::getCollectionNameWithPrefix($context->workspace,
$name);
}
if (property_exists($collection, 'documentType')) {
$type = $collection->documentType;
if (!class_exists($type)) {
throw new WorkspaceException("CollectionDocument children class doesn't exist: $type. If you've just added authentication code, update includes/autoload.php file to register your new classes.");
}
} else {
$type = null;
}
$instance->collections[$name] = $type;
}
// Customization
$instance->disclaimers = $data->disclaimers ?? [];
$instance->header = $data["header"] ?? "";
$instance->footer = $data["footer"] ?? "";
return $instance;
}
private static function loadAuthenticationMethod (
array $authData,
Context $context,
) : AuthenticationMethod {
if (!array_key_exists("type", $authData)) {
throw new WorkspaceException("Missing required property: login type");
}
$class = $authData["type"];
if (!class_exists($class)) {
throw new WorkspaceException("Authentication method doesn't exist: $class.");
}
try {
$authenticationMethod = $class::loadFromArray($authData);
$authenticationMethod->context = $context;
} catch (Exception $ex) {
throw new WorkspaceException(
"Can't load authentication method: " . $ex->getMessage(), 0, $ex
);
}
return $authenticationMethod;
}
/**
* Gets the full name of a collection, with the workspace prefix
*
* @param Workspace $workspace The current workspace
* @param string $name The collection name
*
* @return string The full name of the collection
*/
public static function getCollectionNameWithPrefix (
Workspace $workspace,
string $name
) {
return $workspace->code . '-' . $name;
}
/**
* Loads a WorkspaceConfiguration instance deserializing a JSON file
*/
public static function loadFromFile ($file, $context) {
$object = json_decode(file_get_contents($file), true);
if ($object === null) {
throw new Exception("Can't parse configuration file: "
. json_last_error_msg());
}
return self::loadFromArray($object, $context);
}
/**
* @throws WorkspaceException
*/
public static function loadFromYamlFile (
string $file,
Context $context
) : self {
$parser = new YamlParser();
$parser->withTagClass(EnvTag::class);
try {
$value = $parser->parseFile($file);
}
catch (Exception $ex) {
throw new WorkspaceException("Can't parse configuration file: "
. $ex->getMessage(), 0, $ex);
}
return self::loadFromArray($value, $context);
}
}
diff --git a/workspaces/src/includes/login.php b/workspaces/src/includes/login.php
index 76249e4..cf17638 100755
--- a/workspaces/src/includes/login.php
+++ b/workspaces/src/includes/login.php
@@ -1,56 +1,57 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Login and logout code
*
* @package ObsidianWorkspaces
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*
*/
+use Waystone\Workspaces\Engines\Auth\AuthenticationMethod;
use Waystone\Workspaces\Engines\Errors\ErrorHandling;
global $context;
$db = $context->db;
$action = array_key_exists('action', $_GET) ? $_GET['action'] : '';
if (array_key_exists('LogIn', $_POST)) {
//User have submitted login form
$username = $db->escape($_POST['username']);
$sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
if ( !($result = $db->query($sql)) ) ErrorHandling::messageAndDie(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
if ($row = $db->fetchRow($result)) {
if (!$row['user_password']) {
//No password set
$LoginError = "This account exists but hasn't a password defined. Contact the site administrator.";
} elseif ($row['user_password'] != md5($_POST['password'])) {
//The password doesn't match
$LoginError = "Incorrect password.";
} else {
//Login successful
$context->session->user_login($row['user_id']);
$LoginSuccessful = true;
}
} else {
$LoginError = "Username not found.";
}
} elseif (array_key_exists('LogOut', $_POST) || $action == "user.logout") {
//User have submitted logout form or clicked a logout link
$context->session->user_logout();
} elseif (array_key_exists('authenticationMethodId', $_GET)) {
//Call authentication method for more processing
$auth = AuthenticationMethod::getFromId($_GET['authenticationMethodId'], $context);
if ($auth) {
$auth->handleRequest();
}
-}
\ No newline at end of file
+}

File Metadata

Mime Type
text/x-diff
Expires
Wed, Mar 18, 12:42 (1 d, 17 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3539737
Default Alt Text
(40 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator