UserToken small fixes
This commit is contained in:
parent
0f21a6941d
commit
5a4256cf47
@ -2,57 +2,57 @@
|
|||||||
|
|
||||||
namespace Api {
|
namespace Api {
|
||||||
|
|
||||||
use Driver\SQL\Condition\Compare;
|
use Driver\SQL\Condition\Compare;
|
||||||
|
|
||||||
abstract class UserAPI extends Request {
|
abstract class UserAPI extends Request {
|
||||||
|
|
||||||
protected function userExists($username, $email) {
|
protected function userExists($username, $email) {
|
||||||
$sql = $this->user->getSQL();
|
$sql = $this->user->getSQL();
|
||||||
$res = $sql->select("User.name", "User.email")
|
$res = $sql->select("User.name", "User.email")
|
||||||
->from("User")
|
->from("User")
|
||||||
->where(new Compare("User.name", $username), new Compare("User.email", $email))
|
->where(new Compare("User.name", $username), new Compare("User.email", $email))
|
||||||
->execute();
|
->execute();
|
||||||
|
|
||||||
$this->success = ($res !== FALSE);
|
$this->success = ($res !== FALSE);
|
||||||
$this->lastError = $sql->getLastError();
|
$this->lastError = $sql->getLastError();
|
||||||
|
|
||||||
if ($this->success && !empty($res)) {
|
if ($this->success && !empty($res)) {
|
||||||
$row = $res[0];
|
$row = $res[0];
|
||||||
if (strcasecmp($username, $row['name']) === 0) {
|
if (strcasecmp($username, $row['name']) === 0) {
|
||||||
return $this->createError("This username is already taken.");
|
return $this->createError("This username is already taken.");
|
||||||
} else if (strcasecmp($username, $row['email']) === 0) {
|
} else if (strcasecmp($username, $row['email']) === 0) {
|
||||||
return $this->createError("This email address is already in use.");
|
return $this->createError("This email address is already in use.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->success;
|
protected function insertUser($username, $email, $password) {
|
||||||
}
|
$sql = $this->user->getSQL();
|
||||||
|
$salt = generateRandomString(16);
|
||||||
|
$hash = $this->hashPassword($password, $salt);
|
||||||
|
$res = $sql->insert("User", array("name", "password", "salt", "email"))
|
||||||
|
->addRow($username, $hash, $salt, $email)
|
||||||
|
->returning("uid")
|
||||||
|
->execute();
|
||||||
|
|
||||||
protected function insertUser($username, $email, $password) {
|
$this->lastError = $sql->getLastError();
|
||||||
$sql = $this->user->getSQL();
|
$this->success = ($res !== FALSE);
|
||||||
$salt = generateRandomString(16);
|
|
||||||
$hash = $this->hashPassword($password, $salt);
|
|
||||||
$res = $sql->insert("User", array("name", "password", "salt", "email"))
|
|
||||||
->addRow($username, $hash, $salt, $email)
|
|
||||||
->returning("uid")
|
|
||||||
->execute();
|
|
||||||
|
|
||||||
$this->lastError = $sql->getLastError();
|
if ($this->success) {
|
||||||
$this->success = ($res !== FALSE);
|
return $sql->getLastInsertId();
|
||||||
|
}
|
||||||
|
|
||||||
if ($this->success) {
|
return $this->success;
|
||||||
return $sql->getLastInsertId();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->success;
|
// TODO: replace this with crypt() in the future
|
||||||
|
protected function hashPassword($password, $salt) {
|
||||||
|
return hash('sha256', $password . $salt);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: replace this with crypt() in the future
|
|
||||||
protected function hashPassword($password, $salt) {
|
|
||||||
return hash('sha256', $password . $salt);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace Api\User {
|
namespace Api\User {
|
||||||
@ -63,416 +63,419 @@ namespace Api\User {
|
|||||||
use Api\UserAPI;
|
use Api\UserAPI;
|
||||||
use DateTime;
|
use DateTime;
|
||||||
use Driver\SQL\Condition\Compare;
|
use Driver\SQL\Condition\Compare;
|
||||||
use Views\Account\ConfirmEmail;
|
use Driver\SQL\Condition\CondBool;
|
||||||
|
use Views\Account\ConfirmEmail;
|
||||||
|
|
||||||
class Create extends UserAPI {
|
class Create extends UserAPI {
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
public function __construct($user, $externalCall = false) {
|
||||||
parent::__construct($user, $externalCall, array(
|
parent::__construct($user, $externalCall, array(
|
||||||
'username' => new StringType('username', 32),
|
'username' => new StringType('username', 32),
|
||||||
'email' => new StringType('email', 64, true),
|
'email' => new StringType('email', 64, true),
|
||||||
'password' => new StringType('password'),
|
'password' => new StringType('password'),
|
||||||
'confirmPassword' => new StringType('confirmPassword'),
|
'confirmPassword' => new StringType('confirmPassword'),
|
||||||
));
|
));
|
||||||
$this->csrfTokenRequired = true;
|
$this->csrfTokenRequired = true;
|
||||||
$this->loginRequired = true;
|
$this->loginRequired = true;
|
||||||
$this->requiredGroup = USER_GROUP_ADMIN;
|
$this->requiredGroup = USER_GROUP_ADMIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute($values = array()) {
|
||||||
|
if (!parent::execute($values)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$username = $this->getParam('username');
|
||||||
|
$email = $this->getParam('email');
|
||||||
|
if (!$this->userExists($username, $email) || !$this->success) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$password = $this->getParam('password');
|
||||||
|
$confirmPassword = $this->getParam('confirmPassword');
|
||||||
|
if ($password !== $confirmPassword) {
|
||||||
|
return $this->createError("The given passwords do not match.");
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->insertUser($username, $email, $password) !== FALSE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function execute($values = array()) {
|
class Fetch extends UserAPI {
|
||||||
if (!parent::execute($values)) {
|
|
||||||
return false;
|
const SELECT_SIZE = 10;
|
||||||
|
|
||||||
|
private int $userCount;
|
||||||
|
|
||||||
|
public function __construct($user, $externalCall = false) {
|
||||||
|
|
||||||
|
parent::__construct($user, $externalCall, array(
|
||||||
|
'page' => new Parameter('page', Parameter::TYPE_INT, true, 1)
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->loginRequired = true;
|
||||||
|
$this->requiredGroup = USER_GROUP_ADMIN;
|
||||||
|
$this->userCount = 0;
|
||||||
|
$this->csrfTokenRequired = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$username = $this->getParam('username');
|
private function getUserCount() {
|
||||||
$email = $this->getParam('email');
|
|
||||||
if (!$this->userExists($username, $email) || !$this->success) {
|
$sql = $this->user->getSQL();
|
||||||
return false;
|
$res = $sql->select($sql->count())->from("User")->execute();
|
||||||
|
$this->success = ($res !== FALSE);
|
||||||
|
$this->lastError = $sql->getLastError();
|
||||||
|
|
||||||
|
if ($this->success) {
|
||||||
|
$this->userCount = $res[0]["count"];
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
$password = $this->getParam('password');
|
public function execute($values = array()) {
|
||||||
$confirmPassword = $this->getParam('confirmPassword');
|
if (!parent::execute($values)) {
|
||||||
if ($password !== $confirmPassword) {
|
return false;
|
||||||
return $this->createError("The given passwords do not match.");
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return $this->insertUser($username, $email, $password) !== FALSE;
|
$page = $this->getParam("page");
|
||||||
}
|
if ($page < 1) {
|
||||||
}
|
return $this->createError("Invalid page count");
|
||||||
|
}
|
||||||
|
|
||||||
class Fetch extends UserAPI {
|
if (!$this->getUserCount()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
const SELECT_SIZE = 10;
|
$sql = $this->user->getSQL();
|
||||||
|
$res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at",
|
||||||
|
"Group.uid as groupId", "Group.name as groupName")
|
||||||
|
->from("User")
|
||||||
|
->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
|
||||||
|
->leftJoin("Group", "Group.uid", "UserGroup.group_id")
|
||||||
|
->orderBy("User.uid")
|
||||||
|
->ascending()
|
||||||
|
->limit(Fetch::SELECT_SIZE)
|
||||||
|
->offset(($page - 1) * Fetch::SELECT_SIZE)
|
||||||
|
->execute();
|
||||||
|
|
||||||
private int $userCount;
|
$this->success = ($res !== FALSE);
|
||||||
|
$this->lastError = $sql->getLastError();
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
if ($this->success) {
|
||||||
|
$this->result["users"] = array();
|
||||||
|
foreach ($res as $row) {
|
||||||
|
$userId = intval($row["userId"]);
|
||||||
|
$groupId = intval($row["groupId"]);
|
||||||
|
$groupName = $row["groupName"];
|
||||||
|
if (!isset($this->result["users"][$userId])) {
|
||||||
|
$this->result["users"][$userId] = array(
|
||||||
|
"uid" => $userId,
|
||||||
|
"name" => $row["name"],
|
||||||
|
"email" => $row["email"],
|
||||||
|
"registered_at" => $row["registered_at"],
|
||||||
|
"groups" => array(),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
parent::__construct($user, $externalCall, array(
|
if (!is_null($groupId)) {
|
||||||
'page' => new Parameter('page', Parameter::TYPE_INT, true, 1)
|
$this->result["users"][$userId]["groups"][$groupId] = $groupName;
|
||||||
));
|
}
|
||||||
|
|
||||||
$this->loginRequired = true;
|
|
||||||
$this->requiredGroup = USER_GROUP_ADMIN;
|
|
||||||
$this->userCount = 0;
|
|
||||||
$this->csrfTokenRequired = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function getUserCount() {
|
|
||||||
|
|
||||||
$sql = $this->user->getSQL();
|
|
||||||
$res = $sql->select($sql->count())->from("User")->execute();
|
|
||||||
$this->success = ($res !== FALSE);
|
|
||||||
$this->lastError = $sql->getLastError();
|
|
||||||
|
|
||||||
if ($this->success) {
|
|
||||||
$this->userCount = $res[0]["count"];
|
|
||||||
}
|
|
||||||
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function execute($values = array()) {
|
|
||||||
if(!parent::execute($values)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$page = $this->getParam("page");
|
|
||||||
if($page < 1) {
|
|
||||||
return $this->createError("Invalid page count");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$this->getUserCount()) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$sql = $this->user->getSQL();
|
|
||||||
$res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at",
|
|
||||||
"Group.uid as groupId", "Group.name as groupName")
|
|
||||||
->from("User")
|
|
||||||
->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
|
|
||||||
->leftJoin("Group", "Group.uid", "UserGroup.group_id")
|
|
||||||
->orderBy("User.uid")
|
|
||||||
->ascending()
|
|
||||||
->limit(Fetch::SELECT_SIZE)
|
|
||||||
->offset(($page - 1) * Fetch::SELECT_SIZE)
|
|
||||||
->execute();
|
|
||||||
|
|
||||||
$this->success = ($res !== FALSE);
|
|
||||||
$this->lastError = $sql->getLastError();
|
|
||||||
|
|
||||||
if($this->success) {
|
|
||||||
$this->result["users"] = array();
|
|
||||||
foreach($res as $row) {
|
|
||||||
$userId = intval($row["userId"]);
|
|
||||||
$groupId = intval($row["groupId"]);
|
|
||||||
$groupName = $row["groupName"];
|
|
||||||
if (!isset($this->result["users"][$userId])) {
|
|
||||||
$this->result["users"][$userId] = array(
|
|
||||||
"uid" => $userId,
|
|
||||||
"name" => $row["name"],
|
|
||||||
"email" => $row["email"],
|
|
||||||
"registered_at" => $row["registered_at"],
|
|
||||||
"groups" => array(),
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
$this->result["pageCount"] = intval(ceil($this->userCount / Fetch::SELECT_SIZE));
|
||||||
|
$this->result["totalCount"] = $this->userCount;
|
||||||
|
}
|
||||||
|
|
||||||
if(!is_null($groupId)) {
|
return $this->success;
|
||||||
$this->result["users"][$userId]["groups"][$groupId] = $groupName;
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Info extends UserAPI {
|
||||||
|
|
||||||
|
public function __construct($user, $externalCall = false) {
|
||||||
|
parent::__construct($user, $externalCall, array());
|
||||||
|
$this->csrfTokenRequired = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute($values = array()) {
|
||||||
|
if (!parent::execute($values)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$this->user->isLoggedIn()) {
|
||||||
|
$this->result["loggedIn"] = false;
|
||||||
|
} else {
|
||||||
|
$this->result["loggedIn"] = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->result["user"] = $this->user->jsonSerialize();
|
||||||
|
return $this->success;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Invite extends UserAPI {
|
||||||
|
|
||||||
|
public function __construct($user, $externalCall = false) {
|
||||||
|
parent::__construct($user, $externalCall, array(
|
||||||
|
'username' => new StringType('username', 32),
|
||||||
|
'email' => new StringType('email', 64),
|
||||||
|
));
|
||||||
|
$this->csrfTokenRequired = true;
|
||||||
|
$this->loginRequired = true;
|
||||||
|
$this->requiredGroup = USER_GROUP_ADMIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute($values = array()) {
|
||||||
|
if (!parent::execute($values)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$username = $this->getParam('username');
|
||||||
|
$email = $this->getParam('email');
|
||||||
|
if (!$this->userExists($username, $email)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
//add to DB
|
||||||
|
$token = generateRandomString(36);
|
||||||
|
$valid_until = (new DateTime())->modify("+48 hour");
|
||||||
|
$sql = $this->user->getSQL();
|
||||||
|
$res = $sql->insert("UserInvitation", array("username", "email", "token", "valid_until"))
|
||||||
|
->addRow($username, $email, $token, $valid_until)
|
||||||
|
->execute();
|
||||||
|
$this->success = ($res !== FALSE);
|
||||||
|
$this->lastError = $sql->getLastError();
|
||||||
|
|
||||||
|
//send validation mail
|
||||||
|
if ($this->success) {
|
||||||
|
$request = new SendMail($this->user);
|
||||||
|
$link = "http://localhost/acceptInvitation?token=$token";
|
||||||
|
$this->success = $request->execute(array(
|
||||||
|
"from" => "webmaster@romanh.de",
|
||||||
|
"to" => $email,
|
||||||
|
"subject" => "Account Invitation for web-base@localhost",
|
||||||
|
"body" =>
|
||||||
|
"Hello,<br>
|
||||||
|
you were invited to create an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now.
|
||||||
|
If the invitation was not intended, you can simply ignore this email.<br><br><a href=\"$link\">$link</a>"
|
||||||
|
)
|
||||||
|
);
|
||||||
|
$this->lastError = $request->getLastError();
|
||||||
|
}
|
||||||
|
return $this->success;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Login extends UserAPI {
|
||||||
|
|
||||||
|
private int $startedAt;
|
||||||
|
|
||||||
|
public function __construct($user, $externalCall = false) {
|
||||||
|
parent::__construct($user, $externalCall, array(
|
||||||
|
'username' => new StringType('username', 32),
|
||||||
|
'password' => new StringType('password'),
|
||||||
|
'stayLoggedIn' => new Parameter('stayLoggedIn', Parameter::TYPE_BOOLEAN, true, true)
|
||||||
|
));
|
||||||
|
$this->forbidMethod("GET");
|
||||||
|
}
|
||||||
|
|
||||||
|
private function wrongCredentials() {
|
||||||
|
$runtime = microtime(true) - $this->startedAt;
|
||||||
|
$sleepTime = round(3e6 - $runtime);
|
||||||
|
if ($sleepTime > 0) usleep($sleepTime);
|
||||||
|
return $this->createError(L('Wrong username or password'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute($values = array()) {
|
||||||
|
if (!parent::execute($values)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->user->isLoggedIn()) {
|
||||||
|
$this->lastError = L('You are already logged in');
|
||||||
|
$this->success = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->startedAt = microtime(true);
|
||||||
|
$this->success = false;
|
||||||
|
$username = $this->getParam('username');
|
||||||
|
$password = $this->getParam('password');
|
||||||
|
$stayLoggedIn = $this->getParam('stayLoggedIn');
|
||||||
|
|
||||||
|
$sql = $this->user->getSQL();
|
||||||
|
$res = $sql->select("User.uid", "User.password", "User.salt")
|
||||||
|
->from("User")
|
||||||
|
->where(new Compare("User.name", $username))
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->success = ($res !== FALSE);
|
||||||
|
$this->lastError = $sql->getLastError();
|
||||||
|
|
||||||
|
if ($this->success) {
|
||||||
|
if (count($res) === 0) {
|
||||||
|
return $this->wrongCredentials();
|
||||||
|
} else {
|
||||||
|
$row = $res[0];
|
||||||
|
$salt = $row['salt'];
|
||||||
|
$uid = $row['uid'];
|
||||||
|
$hash = $this->hashPassword($password, $salt);
|
||||||
|
if ($hash === $row['password']) {
|
||||||
|
if (!($this->success = $this->user->createSession($uid, $stayLoggedIn))) {
|
||||||
|
return $this->createError("Error creating Session: " . $sql->getLastError());
|
||||||
|
} else {
|
||||||
|
$this->result["loggedIn"] = true;
|
||||||
|
$this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds();
|
||||||
|
$this->success = true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return $this->wrongCredentials();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->result["pageCount"] = intval(ceil($this->userCount / Fetch::SELECT_SIZE));
|
|
||||||
$this->result["totalCount"] = $this->userCount;
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class Info extends UserAPI {
|
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
|
||||||
parent::__construct($user, $externalCall, array());
|
|
||||||
$this->csrfTokenRequired = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function execute($values = array()) {
|
class Logout extends UserAPI {
|
||||||
if(!parent::execute($values)) {
|
|
||||||
return false;
|
public function __construct($user, $externalCall = false) {
|
||||||
|
parent::__construct($user, $externalCall);
|
||||||
|
$this->loginRequired = true;
|
||||||
|
$this->apiKeyAllowed = false;
|
||||||
|
$this->csrfTokenRequired = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$this->user->isLoggedIn()) {
|
public function execute($values = array()) {
|
||||||
$this->result["loggedIn"] = false;
|
if (!parent::execute($values)) {
|
||||||
} else {
|
return false;
|
||||||
$this->result["loggedIn"] = true;
|
}
|
||||||
|
|
||||||
|
$this->success = $this->user->logout();
|
||||||
|
$this->lastError = $this->user->getSQL()->getLastError();
|
||||||
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->result["user"] = $this->user->jsonSerialize();
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class Invite extends UserAPI {
|
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
|
||||||
parent::__construct($user, $externalCall, array(
|
|
||||||
'username' => new StringType('username', 32),
|
|
||||||
'email' => new StringType('email', 64),
|
|
||||||
));
|
|
||||||
$this->csrfTokenRequired = true;
|
|
||||||
$this->loginRequired = true;
|
|
||||||
$this->requiredGroup = USER_GROUP_ADMIN;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function execute($values = array()) {
|
class Register extends UserAPI {
|
||||||
if(!parent::execute($values)) {
|
|
||||||
return false;
|
private ?int $userId;
|
||||||
|
private string $token;
|
||||||
|
|
||||||
|
public function __construct($user, $externalCall = false) {
|
||||||
|
parent::__construct($user, $externalCall, array(
|
||||||
|
"username" => new StringType("username", 32),
|
||||||
|
"email" => new StringType("email", 64),
|
||||||
|
"password" => new StringType("password"),
|
||||||
|
"confirmPassword" => new StringType("confirmPassword"),
|
||||||
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
$username = $this->getParam('username');
|
private function insertToken() {
|
||||||
$email = $this->getParam('email');
|
$validUntil = (new DateTime())->modify("+48 hour");
|
||||||
if (!$this->userExists($username, $email)) {
|
$sql = $this->user->getSQL();
|
||||||
return false;
|
$res = $sql->insert("UserToken", array("user_id", "token", "token_type", "valid_until"))
|
||||||
|
->addRow(array($this->userId, $this->token, "confirmation", $validUntil))
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->success = ($res !== FALSE);
|
||||||
|
$this->lastError = $sql->getLastError();
|
||||||
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
//add to DB
|
public function execute($values = array()) {
|
||||||
$token = generateRandomString(36);
|
if (!parent::execute($values)) {
|
||||||
$valid_until = (new DateTime())->modify("+48 hour");
|
return false;
|
||||||
$sql = $this->user->getSQL();
|
}
|
||||||
$res = $sql->insert("UserInvitation", array("username", "email", "token", "valid_until"))
|
|
||||||
->addRow($username, $email, $token, $valid_until)
|
if ($this->user->isLoggedIn()) {
|
||||||
->execute();
|
$this->lastError = L('You are already logged in');
|
||||||
$this->success = ($res !== FALSE);
|
$this->success = false;
|
||||||
$this->lastError = $sql->getLastError();
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$username = $this->getParam("username");
|
||||||
|
$email = $this->getParam('email');
|
||||||
|
if (!$this->userExists($username, $email)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$password = $this->getParam("password");
|
||||||
|
$confirmPassword = $this->getParam("confirmPassword");
|
||||||
|
if (strcmp($password, $confirmPassword) !== 0) {
|
||||||
|
return $this->createError("The given passwords don't match");
|
||||||
|
}
|
||||||
|
|
||||||
|
$id = $this->insertUser($username, $email, $password);
|
||||||
|
if ($id === FALSE) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->userId = $id;
|
||||||
|
$this->token = generateRandomString(36);
|
||||||
|
if ($this->insertToken()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
//send validation mail
|
|
||||||
if($this->success) {
|
|
||||||
$request = new SendMail($this->user);
|
$request = new SendMail($this->user);
|
||||||
$link = "http://localhost/acceptInvitation?token=$token";
|
$link = "http://localhost/confirmEmail?token=$this->token";
|
||||||
$this->success = $request->execute(array(
|
$this->success = $request->execute(array(
|
||||||
"from" => "webmaster@romanh.de",
|
"from" => "webmaster@romanh.de",
|
||||||
"to" => $email,
|
"to" => $email,
|
||||||
"subject" => "Account Invitation for web-base@localhost",
|
"subject" => "E-Mail Confirmation for web-base@localhost",
|
||||||
"body" =>
|
"body" =>
|
||||||
"Hello,<br>
|
"Hello,<br>
|
||||||
you were invited to create an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now.
|
|
||||||
If the invitation was not intended, you can simply ignore this email.<br><br><a href=\"$link\">$link</a>"
|
|
||||||
)
|
|
||||||
);
|
|
||||||
$this->lastError = $request->getLastError();
|
|
||||||
}
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class Login extends UserAPI {
|
|
||||||
|
|
||||||
private int $startedAt;
|
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
|
||||||
parent::__construct($user, $externalCall, array(
|
|
||||||
'username' => new StringType('username', 32),
|
|
||||||
'password' => new StringType('password'),
|
|
||||||
'stayLoggedIn' => new Parameter('stayLoggedIn', Parameter::TYPE_BOOLEAN, true, true)
|
|
||||||
));
|
|
||||||
$this->forbidMethod("GET");
|
|
||||||
}
|
|
||||||
|
|
||||||
private function wrongCredentials() {
|
|
||||||
$runtime = microtime(true) - $this->startedAt;
|
|
||||||
$sleepTime = round(3e6 - $runtime);
|
|
||||||
if($sleepTime > 0) usleep($sleepTime);
|
|
||||||
return $this->createError(L('Wrong username or password'));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function execute($values = array()) {
|
|
||||||
if(!parent::execute($values)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if($this->user->isLoggedIn()) {
|
|
||||||
$this->lastError = L('You are already logged in');
|
|
||||||
$this->success = true;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->startedAt = microtime(true);
|
|
||||||
$this->success = false;
|
|
||||||
$username = $this->getParam('username');
|
|
||||||
$password = $this->getParam('password');
|
|
||||||
$stayLoggedIn = $this->getParam('stayLoggedIn');
|
|
||||||
|
|
||||||
$sql = $this->user->getSQL();
|
|
||||||
$res = $sql->select("User.uid", "User.password", "User.salt")
|
|
||||||
->from("User")
|
|
||||||
->where(new Compare("User.name", $username))
|
|
||||||
->execute();
|
|
||||||
|
|
||||||
$this->success = ($res !== FALSE);
|
|
||||||
$this->lastError = $sql->getLastError();
|
|
||||||
|
|
||||||
if($this->success) {
|
|
||||||
if(count($res) === 0) {
|
|
||||||
return $this->wrongCredentials();
|
|
||||||
} else {
|
|
||||||
$row = $res[0];
|
|
||||||
$salt = $row['salt'];
|
|
||||||
$uid = $row['uid'];
|
|
||||||
$hash = $this->hashPassword($password, $salt);
|
|
||||||
if($hash === $row['password']) {
|
|
||||||
if(!($this->success = $this->user->createSession($uid, $stayLoggedIn))) {
|
|
||||||
return $this->createError("Error creating Session: " . $sql->getLastError());
|
|
||||||
} else {
|
|
||||||
$this->result["loggedIn"] = true;
|
|
||||||
$this->result['logoutIn'] = $this->user->getSession()->getExpiresSeconds();
|
|
||||||
$this->success = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return $this->wrongCredentials();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class Logout extends UserAPI {
|
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
|
||||||
parent::__construct($user, $externalCall);
|
|
||||||
$this->loginRequired = true;
|
|
||||||
$this->apiKeyAllowed = false;
|
|
||||||
$this->csrfTokenRequired = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function execute($values = array()) {
|
|
||||||
if(!parent::execute($values)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->success = $this->user->logout();
|
|
||||||
$this->lastError = $this->user->getSQL()->getLastError();
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class Register extends UserAPI {
|
|
||||||
|
|
||||||
private ?int $userId;
|
|
||||||
private string $token;
|
|
||||||
|
|
||||||
public function __construct($user, $externalCall = false) {
|
|
||||||
parent::__construct($user, $externalCall, array(
|
|
||||||
"username" => new StringType("username", 32),
|
|
||||||
"email" => new StringType("email", 64),
|
|
||||||
"password" => new StringType("password"),
|
|
||||||
"confirmPassword" => new StringType("confirmPassword"),
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
private function insertToken() {
|
|
||||||
$validUntil = (new DateTime())->modify("+48 hour");
|
|
||||||
$sql = $this->user->getSQL();
|
|
||||||
$res = $sql->insert("UserToken", array("user_id", "token", "token_type", "valid_until"))
|
|
||||||
->addRow(array($this->userId, $this->token, "confirmation", $validUntil))
|
|
||||||
->execute();
|
|
||||||
|
|
||||||
$this->success = ($res !== FALSE);
|
|
||||||
$this->lastError = $sql->getLastError();
|
|
||||||
return $this->success;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function execute($values = array()) {
|
|
||||||
if (!parent::execute($values)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($this->user->isLoggedIn()) {
|
|
||||||
$this->lastError = L('You are already logged in');
|
|
||||||
$this->success = false;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$username = $this->getParam("username");
|
|
||||||
$email = $this->getParam('email');
|
|
||||||
if (!$this->userExists($username, $email)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$password = $this->getParam("password");
|
|
||||||
$confirmPassword = $this->getParam("confirmPassword");
|
|
||||||
if(strcmp($password, $confirmPassword) !== 0) {
|
|
||||||
return $this->createError("The given passwords don't match");
|
|
||||||
}
|
|
||||||
|
|
||||||
$id = $this->insertUser($username, $email, $password);
|
|
||||||
if ($id === FALSE) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->userId = $id;
|
|
||||||
$this->token = generateRandomString(36);
|
|
||||||
if ($this->insertToken()) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$request = new SendMail($this->user);
|
|
||||||
$link = "http://localhost/confirmEmail?token=$this->token";
|
|
||||||
$this->success = $request->execute(array(
|
|
||||||
"from" => "webmaster@romanh.de",
|
|
||||||
"to" => $email,
|
|
||||||
"subject" => "E-Mail Confirmation for web-base@localhost",
|
|
||||||
"body" =>
|
|
||||||
"Hello,<br>
|
|
||||||
you recently registered an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now.
|
you recently registered an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now.
|
||||||
If the registration was not intended, you can simply ignore this email.<br><br><a href=\"$link\">$link</a>"
|
If the registration was not intended, you can simply ignore this email.<br><br><a href=\"$link\">$link</a>"
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!$this->success) {
|
if (!$this->success) {
|
||||||
$this->lastError = "Your account was registered but the confirmation email could not be sent. " .
|
$this->lastError = "Your account was registered but the confirmation email could not be sent. " .
|
||||||
"Please contact the server administration. Reason: " . $request->getLastError();
|
"Please contact the server administration. Reason: " . $request->getLastError();
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->success;
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
class CheckToken extends UserAPI{
|
class CheckToken extends UserAPI {
|
||||||
public function __construct($user, $externalCall = false) {
|
public function __construct($user, $externalCall = false) {
|
||||||
parent::__construct($user, $externalCall, array(
|
parent::__construct($user, $externalCall, array(
|
||||||
'token' => new StringType('token', 36),
|
'token' => new StringType('token', 36),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function execute($values = array()){
|
public function execute($values = array()) {
|
||||||
parent::execute($values);
|
if (!parent::execute($values)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$token = $this->getParam('token');
|
$token = $this->getParam('token');
|
||||||
$sql = $this->user->getSQL();
|
$sql = $this->user->getSQL();
|
||||||
$res = $sql->select("UserToken.token_type, User.name, User.email")->from("UserToken")
|
$res = $sql->select("UserToken.token_type", "User.name", "User.email")
|
||||||
->innerJoin("user", "UserToken.user_id","User.uid")
|
->from("UserToken")
|
||||||
->where(new Compare("UserToken.token",$token),
|
->innerJoin("User", "UserToken.user_id", "User.uid")
|
||||||
new Compare("UserToken.valid_until", $sql->now(), ">"))
|
->where(new Compare("UserToken.token", $token))
|
||||||
->execute();
|
->where(new Compare("UserToken.valid_until", $sql->now(), ">"))
|
||||||
$this->lastError = $sql->getLastError();
|
->where(new Compare("UserToken.used", 0))
|
||||||
$this->success = ($res !== FALSE);
|
->execute();
|
||||||
|
$this->lastError = $sql->getLastError();
|
||||||
|
$this->success = ($res !== FALSE);
|
||||||
|
|
||||||
if($this->success) {
|
if ($this->success) {
|
||||||
if(count($res) == 0) {
|
if (count($res) > 0) {
|
||||||
$this->lastError = "This token does not exist or is no longer valid";
|
$row = $res[0];
|
||||||
$this->success = false;
|
$this->result["token"] = array("type" => $row["token_type"]);
|
||||||
return false;
|
$this->result["user"] = array("name" => $row["name"], "email" => $row["email"]);
|
||||||
}
|
} else {
|
||||||
$this->result["token_type"] = $res[0]["UserToken.token_type"];
|
return $this->createError("This token does not exist or is no longer valid");
|
||||||
$this->result["username"] = $res[0]["User.username"];
|
|
||||||
$this->result["email"] = $res[0]["User.email"];
|
|
||||||
}
|
}
|
||||||
return $this->success;
|
}
|
||||||
|
return $this->success;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
@ -60,8 +60,9 @@ class CreateDatabase {
|
|||||||
$queries[] = $sql->createTable("UserToken")
|
$queries[] = $sql->createTable("UserToken")
|
||||||
->addInt("user_id")
|
->addInt("user_id")
|
||||||
->addString("token", 36)
|
->addString("token", 36)
|
||||||
->addEnum("token_type", array("password_reset", "confirmation"))
|
->addEnum("token_type", array("password_reset", "email_confirm"))
|
||||||
->addDateTime("valid_until")
|
->addDateTime("valid_until")
|
||||||
|
->addBool("used", false)
|
||||||
->foreignKey("user_id", "User", "uid", new CascadeStrategy());
|
->foreignKey("user_id", "User", "uid", new CascadeStrategy());
|
||||||
|
|
||||||
$queries[] = $sql->createTable("Group")
|
$queries[] = $sql->createTable("Group")
|
||||||
|
@ -281,6 +281,7 @@ abstract class SQL {
|
|||||||
protected abstract function columnName($col);
|
protected abstract function columnName($col);
|
||||||
|
|
||||||
// Special Keywords and functions
|
// Special Keywords and functions
|
||||||
|
public function now() { return $this->currentTimestamp(); }
|
||||||
public abstract function currentTimestamp();
|
public abstract function currentTimestamp();
|
||||||
|
|
||||||
public function count($col = NULL) {
|
public function count($col = NULL) {
|
||||||
|
Loading…
Reference in New Issue
Block a user