Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UserToken small fixes

Browse Source
This commit is contained in:
Roman Hergenreder 2020-06-22 21:50:58 +02:00
parent 0f21a6941d
commit 5a4256cf47
3 changed files with 403 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
core/Api/UserAPI.class.php
View File

@ -2,9 +2,9 @@
namespace Api { namespace Api {
use Driver\SQL\Condition\Compare; use Driver\SQL\Condition\Compare;
abstract class UserAPI extends Request { abstract class UserAPI extends Request {
protected function userExists($username, $email) { protected function userExists($username, $email) {
$sql = $this->user->getSQL(); $sql = $this->user->getSQL();
@ -51,7 +51,7 @@ abstract class UserAPI extends Request {
protected function hashPassword($password, $salt) { protected function hashPassword($password, $salt) {
return hash('sha256', $password . $salt); return hash('sha256', $password . $salt);
} }
} }
} }
@ -63,6 +63,7 @@ namespace Api\User {
use Api\UserAPI; use Api\UserAPI;
use DateTime; use DateTime;
use Driver\SQL\Condition\Compare; use Driver\SQL\Condition\Compare;
use Driver\SQL\Condition\CondBool;
use Views\Account\ConfirmEmail; use Views\Account\ConfirmEmail;
class Create extends UserAPI { class Create extends UserAPI {
@ -98,9 +99,9 @@ namespace Api\User {
return $this->insertUser($username, $email, $password) !== FALSE; return $this->insertUser($username, $email, $password) !== FALSE;
} }
} }
class Fetch extends UserAPI { class Fetch extends UserAPI {
const SELECT_SIZE = 10; const SELECT_SIZE = 10;
@ -133,12 +134,12 @@ class Fetch extends UserAPI {
} }
public function execute($values = array()) { public function execute($values = array()) {
if(!parent::execute($values)) { if (!parent::execute($values)) {
return false; return false;
} }
$page = $this->getParam("page"); $page = $this->getParam("page");
if($page < 1) { if ($page < 1) {
return $this->createError("Invalid page count"); return $this->createError("Invalid page count");
} }
@ -161,9 +162,9 @@ class Fetch extends UserAPI {
$this->success = ($res !== FALSE); $this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError(); $this->lastError = $sql->getLastError();
if($this->success) { if ($this->success) {
$this->result["users"] = array(); $this->result["users"] = array();
foreach($res as $row) { foreach ($res as $row) {
$userId = intval($row["userId"]); $userId = intval($row["userId"]);
$groupId = intval($row["groupId"]); $groupId = intval($row["groupId"]);
$groupName = $row["groupName"]; $groupName = $row["groupName"];
@ -177,7 +178,7 @@ class Fetch extends UserAPI {
); );
} }
if(!is_null($groupId)) { if (!is_null($groupId)) {
$this->result["users"][$userId]["groups"][$groupId] = $groupName; $this->result["users"][$userId]["groups"][$groupId] = $groupName;
} }
} }
@ -187,9 +188,9 @@ class Fetch extends UserAPI {
return $this->success; return $this->success;
} }
} }
class Info extends UserAPI { class Info extends UserAPI {
public function __construct($user, $externalCall = false) { public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array()); parent::__construct($user, $externalCall, array());
@ -197,7 +198,7 @@ class Info extends UserAPI {
} }
public function execute($values = array()) { public function execute($values = array()) {
if(!parent::execute($values)) { if (!parent::execute($values)) {
return false; return false;
} }
@ -210,9 +211,9 @@ class Info extends UserAPI {
$this->result["user"] = $this->user->jsonSerialize(); $this->result["user"] = $this->user->jsonSerialize();
return $this->success; return $this->success;
} }
} }
class Invite extends UserAPI { class Invite extends UserAPI {
public function __construct($user, $externalCall = false) { public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array( parent::__construct($user, $externalCall, array(
@ -225,7 +226,7 @@ class Invite extends UserAPI {
} }
public function execute($values = array()) { public function execute($values = array()) {
if(!parent::execute($values)) { if (!parent::execute($values)) {
return false; return false;
} }
@ -246,7 +247,7 @@ class Invite extends UserAPI {
$this->lastError = $sql->getLastError(); $this->lastError = $sql->getLastError();
//send validation mail //send validation mail
if($this->success) { if ($this->success) {
$request = new SendMail($this->user); $request = new SendMail($this->user);
$link = "http://localhost/acceptInvitation?token=$token"; $link = "http://localhost/acceptInvitation?token=$token";
$this->success = $request->execute(array( $this->success = $request->execute(array(
@ -263,9 +264,9 @@ If the invitation was not intended, you can simply ignore this email.<br><br><a
} }
return $this->success; return $this->success;
} }
} }
class Login extends UserAPI { class Login extends UserAPI {
private int $startedAt; private int $startedAt;
@ -281,16 +282,16 @@ class Login extends UserAPI {
private function wrongCredentials() { private function wrongCredentials() {
$runtime = microtime(true) - $this->startedAt; $runtime = microtime(true) - $this->startedAt;
$sleepTime = round(3e6 - $runtime); $sleepTime = round(3e6 - $runtime);
if($sleepTime > 0) usleep($sleepTime); if ($sleepTime > 0) usleep($sleepTime);
return $this->createError(L('Wrong username or password')); return $this->createError(L('Wrong username or password'));
} }
public function execute($values = array()) { public function execute($values = array()) {
if(!parent::execute($values)) { if (!parent::execute($values)) {
return false; return false;
} }
if($this->user->isLoggedIn()) { if ($this->user->isLoggedIn()) {
$this->lastError = L('You are already logged in'); $this->lastError = L('You are already logged in');
$this->success = true; $this->success = true;
return true; return true;
@ -311,24 +312,23 @@ class Login extends UserAPI {
$this->success = ($res !== FALSE); $this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError(); $this->lastError = $sql->getLastError();
if($this->success) { if ($this->success) {
if(count($res) === 0) { if (count($res) === 0) {
return $this->wrongCredentials(); return $this->wrongCredentials();
} else { } else {
$row = $res[0]; $row = $res[0];
$salt = $row['salt']; $salt = $row['salt'];
$uid = $row['uid']; $uid = $row['uid'];
$hash = $this->hashPassword($password, $salt); $hash = $this->hashPassword($password, $salt);
if($hash === $row['password']) { if ($hash === $row['password']) {
if(!($this->success = $this->user->createSession($uid, $stayLoggedIn))) { if (!($this->success = $this->user->createSession($uid, $stayLoggedIn))) {
return $this->createError("Error creating Session: " . $sql->getLastError()); return $this->createError("Error creating Session: " . $sql->getLastError());
} else { } else {
$this->result["loggedIn"] = true; $this->result["loggedIn"] = true;
$this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds(); $this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds();
$this->success = true; $this->success = true;
} }
} } else {
else {
return $this->wrongCredentials(); return $this->wrongCredentials();
} }
} }
@ -336,9 +336,9 @@ class Login extends UserAPI {
return $this->success; return $this->success;
} }
} }
class Logout extends UserAPI { class Logout extends UserAPI {
public function __construct($user, $externalCall = false) { public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall); parent::__construct($user, $externalCall);
@ -348,7 +348,7 @@ class Logout extends UserAPI {
} }
public function execute($values = array()) { public function execute($values = array()) {
if(!parent::execute($values)) { if (!parent::execute($values)) {
return false; return false;
} }
@ -356,9 +356,9 @@ class Logout extends UserAPI {
$this->lastError = $this->user->getSQL()->getLastError(); $this->lastError = $this->user->getSQL()->getLastError();
return $this->success; return $this->success;
} }
} }
class Register extends UserAPI { class Register extends UserAPI {
private ?int $userId; private ?int $userId;
private string $token; private string $token;
@ -403,7 +403,7 @@ class Register extends UserAPI {
$password = $this->getParam("password"); $password = $this->getParam("password");
$confirmPassword = $this->getParam("confirmPassword"); $confirmPassword = $this->getParam("confirmPassword");
if(strcmp($password, $confirmPassword) !== 0) { if (strcmp($password, $confirmPassword) !== 0) {
return $this->createError("The given passwords don't match"); return $this->createError("The given passwords don't match");
} }
@ -438,41 +438,44 @@ If the registration was not intended, you can simply ignore this email.<br><br><
return $this->success; return $this->success;
} }
} }
class CheckToken extends UserAPI{ class CheckToken extends UserAPI {
public function __construct($user, $externalCall = false) { public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array( parent::__construct($user, $externalCall, array(
'token' => new StringType('token', 36), 'token' => new StringType('token', 36),
)); ));
} }
public function execute($values = array()){ public function execute($values = array()) {
parent::execute($values); if (!parent::execute($values)) {
return false;
}
$token = $this->getParam('token'); $token = $this->getParam('token');
$sql = $this->user->getSQL(); $sql = $this->user->getSQL();
$res = $sql->select("UserToken.token_type, User.name, User.email")->from("UserToken") $res = $sql->select("UserToken.token_type", "User.name", "User.email")
->innerJoin("user", "UserToken.user_id","User.uid") ->from("UserToken")
->where(new Compare("UserToken.token",$token), ->innerJoin("User", "UserToken.user_id", "User.uid")
new Compare("UserToken.valid_until", $sql->now(), ">")) ->where(new Compare("UserToken.token", $token))
->where(new Compare("UserToken.valid_until", $sql->now(), ">"))
->where(new Compare("UserToken.used", 0))
->execute(); ->execute();
$this->lastError = $sql->getLastError(); $this->lastError = $sql->getLastError();
$this->success = ($res !== FALSE); $this->success = ($res !== FALSE);
if($this->success) { if ($this->success) {
if(count($res) == 0) { if (count($res) > 0) {
$this->lastError = "This token does not exist or is no longer valid"; $row = $res[0];
$this->success = false; $this->result["token"] = array("type" => $row["token_type"]);
return false; $this->result["user"] = array("name" => $row["name"], "email" => $row["email"]);
} else {
return $this->createError("This token does not exist or is no longer valid");
} }
$this->result["token_type"] = $res[0]["UserToken.token_type"];
$this->result["username"] = $res[0]["User.username"];
$this->result["email"] = $res[0]["User.email"];
} }
return $this->success; return $this->success;
} }
} }
} }

3
core/Configuration/CreateDatabase.class.php
View File

@ -60,8 +60,9 @@ class CreateDatabase {
$queries[] = $sql->createTable("UserToken") $queries[] = $sql->createTable("UserToken")
->addInt("user_id") ->addInt("user_id")
->addString("token", 36) ->addString("token", 36)
->addEnum("token_type", array("password_reset", "confirmation")) ->addEnum("token_type", array("password_reset", "email_confirm"))
->addDateTime("valid_until") ->addDateTime("valid_until")
->addBool("used", false)
->foreignKey("user_id", "User", "uid", new CascadeStrategy()); ->foreignKey("user_id", "User", "uid", new CascadeStrategy());
$queries[] = $sql->createTable("Group") $queries[] = $sql->createTable("Group")

1
core/Driver/SQL/SQL.class.php
View File

@ -281,6 +281,7 @@ abstract class SQL {
protected abstract function columnName($col); protected abstract function columnName($col);
// Special Keywords and functions // Special Keywords and functions
public function now() { return $this->currentTimestamp(); }
public abstract function currentTimestamp(); public abstract function currentTimestamp();
public function count($col = NULL) { public function count($col = NULL) {