Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Permission stuff

Browse Source
This commit is contained in:
Roman Hergenreder
2020-06-27 22:47:12 +02:00
parent be6d48ac10
commit e48ea51a5a
19 changed files with 493 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/Api/GroupsAPI.class.php
View File

@@ -37,8 +37,6 @@ namespace Api\Groups {
'count' => new Parameter('count', Parameter::TYPE_INT, true, 20)
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_SUPPORT, USER_GROUP_ADMIN);
$this->groupCount = 0;
}
@@ -116,9 +114,6 @@ namespace Api\Groups {
'name' => new StringType('name', 32),
'color' => new StringType('color', 10),
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
public function execute($values = array()) {
@@ -165,9 +160,6 @@ namespace Api\Groups {
parent::__construct($user, $externalCall, array(
'uid' => new Parameter('uid', Parameter::TYPE_INT)
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
public function execute($values = array()) {

120
core/Api/MailAPI.class.php Normal file
View File

@@ -0,0 +1,120 @@
<?php
namespace Api {
class MailAPI extends Request {
}
}
namespace Api\Mail {
use Api\MailAPI;
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
use External\PHPMailer\Exception;
use External\PHPMailer\PHPMailer;
use Objects\ConnectionData;
use Objects\User;
class Test extends MailAPI {
public function __construct(User $user, bool $externalCall = false) {
parent::__construct($user, $externalCall, array(
"receiver" => new Parameter("receiver", Parameter::TYPE_EMAIL)
));
}
public function execute($values = array()) {
if (!parent::execute($values)) {
return false;
}
$receiver = $this->getParam("receiver");
$req = new \Api\Mail\Send($this->user);
$this->success = $req->execute(array(
"to" => $receiver,
"subject" => "Test E-Mail",
"body" => "Hey! If you receive this e-mail, your mail configuration seems to be working."
));
$this->lastError = $req->getLastError();
return $this->success;
}
}
class Send extends MailAPI {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
'to' => new Parameter('to', Parameter::TYPE_EMAIL),
'subject' => new StringType('subject', -1),
'body' => new StringType('body', -1),
));
$this->isPublic = false;
}
private function getMailConfig() : ?ConnectionData {
$req = new \Api\Settings\Get($this->user);
$this->success = $req->execute(array("key" => "^mail_"));
$this->lastError = $req->getLastError();
if ($this->success) {
$settings = $req->getResult()["settings"];
if (!isset($settings["mail_enabled"]) || $settings["mail_enabled"] !== "1") {
$this->createError("Mail is not configured yet.");
return null;
}
$host = $settings["mail_host"] ?? "localhost";
$port = intval($settings["mail_port"] ?? "25");
$login = $settings["mail_username"] ?? "";
$password = $settings["mail_password"] ?? "";
$connectionData = new ConnectionData($host, $port, $login, $password);
$connectionData->setProperty("from", $settings["mail_from"] ?? "");
return $connectionData;
}
return null;
}
public function execute($values = array()) {
if(!parent::execute($values)) {
return false;
}
$mailConfig = $this->getMailConfig();
if (!$this->success) {
return false;
}
try {
$mail = new PHPMailer;
$mail->IsSMTP();
$mail->setFrom($mailConfig->getProperty("from"));
$mail->addAddress($this->getParam('to'));
$mail->Subject = $this->getParam('subject');
$mail->SMTPDebug = 0;
$mail->Host = $mailConfig->getHost();
$mail->Port = $mailConfig->getPort();
$mail->SMTPAuth = true;
$mail->Username = $mailConfig->getLogin();
$mail->Password = $mailConfig->getPassword();
$mail->SMTPSecure = 'tls';
$mail->IsHTML(true);
$mail->CharSet = 'UTF-8';
$mail->Body = $this->getParam('body');
$this->success = @$mail->Send();
if (!$this->success) {
$this->lastError = "Error sending Mail: $mail->ErrorInfo";
error_log("sendMail() failed: $mail->ErrorInfo");
}
} catch (Exception $e) {
$this->success = false;
$this->lastError = "Error sending Mail: $e";
}
return $this->success;
}
}
}

1
core/Api/NotificationsAPI.class.php
View File

@@ -26,7 +26,6 @@ namespace Api\Notifications {
'message' => new StringType('message', 256),
));
$this->isPublic = false;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
private function checkUser($userId) {

64
core/Api/PermissionAPI.class.php
View File

@@ -18,7 +18,11 @@ namespace Api\Permission {
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
use Api\PermissionAPI;
use Driver\SQL\Column\Column;
use Driver\SQL\Condition\Compare;
use Driver\SQL\Condition\CondIn;
use Driver\SQL\Condition\CondNot;
use Driver\SQL\Strategy\UpdateStrategy;
use Objects\User;
class Check extends PermissionAPI {
@@ -57,6 +61,7 @@ namespace Api\Permission {
}
if (!$this->user->isLoggedIn() || empty(array_intersect($groups, array_keys($this->user->getGroups())))) {
header('HTTP 1.1 401 Unauthorized');
return $this->createError("Permission denied.");
}
}
@@ -75,7 +80,7 @@ namespace Api\Permission {
private function fetchGroups() {
$sql = $this->user->getSQL();
$res = $sql->select("uid", "name")
$res = $sql->select("uid", "name", "color")
->from("Group")
->orderBy("uid")
->ascending()
@@ -89,7 +94,8 @@ namespace Api\Permission {
foreach($res as $row) {
$groupId = $row["uid"];
$groupName = $row["name"];
$this->groups[$groupId] = $groupName;
$groupColor = $row["color"];
$this->groups[$groupId] = array("name" => $groupName, "color" => $groupColor);
}
}
@@ -110,7 +116,7 @@ namespace Api\Permission {
}
$sql = $this->user->getSQL();
$res = $sql->select("method", "groups")
$res = $sql->select("method", "groups", "description")
->from("ApiPermission")
->execute();
@@ -121,8 +127,13 @@ namespace Api\Permission {
$permissions = array();
foreach ($res as $row) {
$method = $row["method"];
$description = $row["description"];
$groups = json_decode($row["groups"]);
$permissions[] = array("method" => $method, "groups" => $groups);
$permissions[] = array(
"method" => $method,
"groups" => $groups,
"description" => $description
);
}
$this->result["permissions"] = $permissions;
$this->result["groups"] = $this->groups;
@@ -149,7 +160,52 @@ namespace Api\Permission {
return false;
}
$permissions = $this->getParam("permissions");
$sql = $this->user->getSQL();
$methodParam = new StringType('method', 32);
$groupsParam = new Parameter('groups', Parameter::TYPE_ARRAY);
$updateQuery = $sql->insert("ApiPermission", array("method", "groups"))
->onDuplicateKeyStrategy(new UpdateStrategy(array("method"), array( "groups" => new Column("groups") )));
$insertedMethods = array();
foreach($permissions as $permission) {
if (!is_array($permission)) {
return $this->createError("Invalid data type found in parameter: permissions, expected: object");
} else if(!isset($permission["method"]) || !array_key_exists("groups", $permission)) {
return $this->createError("Invalid object found in parameter: permissions, expected keys 'method' and 'groups'");
} else if (!$methodParam->parseParam($permission["method"])) {
$expectedType = $methodParam->getTypeName();
return $this->createError("Invalid data type found for attribute 'method', expected: $expectedType");
} else if(!$groupsParam->parseParam($permission["groups"])) {
$expectedType = $groupsParam->getTypeName();
return $this->createError("Invalid data type found for attribute 'groups', expected: $expectedType");
} else if(empty(trim($methodParam->value))) {
return $this->createError("Method cannot be empty.");
} else {
$method = $methodParam->value;
$groups = $groupsParam->value;
$updateQuery->addRow($method, $groups);
$insertedMethods[] = $method;
}
}
if (!empty($permissions)) {
$res = $updateQuery->execute();
$this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError();
}
if ($this->success) {
$res = $sql->delete("ApiPermission")
->where(new Compare("description", "")) // only delete non default permissions
->where(new CondNot(new CondIn("method", $insertedMethods)))
->execute();
$this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError();
}
return $this->success;
}

29
core/Api/Request.class.php
View File

@@ -16,7 +16,6 @@ class Request {
protected bool $variableParamCount;
protected bool $isDisabled;
protected bool $apiKeyAllowed;
protected array $requiredGroup;
protected bool $csrfTokenRequired;
private array $aDefaultParams;
@@ -36,7 +35,6 @@ class Request {
$this->variableParamCount = false;
$this->apiKeyAllowed = true;
$this->allowedMethods = array("GET", "POST");
$this->requiredGroup = array();
$this->lastError = "";
$this->csrfTokenRequired = true;
}
@@ -54,15 +52,13 @@ class Request {
$isEmpty = (is_string($value) || is_array($value)) && empty($value);
if(!$param->optional && (is_null($value) || $isEmpty)) {
$this->lastError = 'Missing parameter: ' . $name;
return false;
return $this->createError("Missing parameter: $name");
}
if(!is_null($value) && !$isEmpty) {
if(!$param->parseParam($value)) {
$value = print_r($value, true);
$this->lastError = "Invalid Type for parameter: $name '$value' (Required: " . $param->getTypeName() . ")";
return false;
return $this->createError("Invalid Type for parameter: $name '$value' (Required: " . $param->getTypeName() . ")");
}
}
}
@@ -135,26 +131,25 @@ class Request {
header('HTTP 1.1 401 Unauthorized');
return false;
}
}
// CSRF Token
if($this->csrfTokenRequired && !$apiKeyAuthorized) {
// csrf token required + external call
// if it's not a call with API_KEY, check for csrf_token
if (!isset($values["csrf_token"]) || strcmp($values["csrf_token"], $this->user->getSession()->getCsrfToken()) !== 0) {
$this->lastError = "CSRF-Token mismatch";
header('HTTP 1.1 403 Forbidden');
return false;
}
// CSRF Token
if($this->csrfTokenRequired && $this->user->isLoggedIn()) {
// csrf token required + external call
// if it's not a call with API_KEY, check for csrf_token
if (!isset($values["csrf_token"]) || strcmp($values["csrf_token"], $this->user->getSession()->getCsrfToken()) !== 0) {
$this->lastError = "CSRF-Token mismatch";
header('HTTP 1.1 403 Forbidden');
return false;
}
}
// Check for permission
if (!($this instanceof PermissionAPI)) {
if (!($this instanceof \Api\Permission\Save)) {
$req = new \Api\Permission\Check($this->user);
$this->success = $req->execute(array("method" => $this->getMethod()));
$this->lastError = $req->getLastError();
if (!$this->success) {
header('HTTP 1.1 401 Unauthorized');
return false;
}
}

5
core/Api/RoutesAPI.class.php
View File

@@ -32,8 +32,6 @@ namespace Api\Routes {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array());
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
public function execute($values = array()) {
@@ -133,9 +131,6 @@ namespace Api\Routes {
parent::__construct($user, $externalCall, array(
'routes' => new Parameter('routes',Parameter::TYPE_ARRAY, false)
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
public function execute($values = array()) {

85
core/Api/SendMail.class.php
View File

@@ -1,85 +0,0 @@
<?php
namespace Api;
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
use External\PHPMailer\Exception;
use External\PHPMailer\PHPMailer;
use Objects\ConnectionData;
class SendMail extends Request {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
'to' => new Parameter('to', Parameter::TYPE_EMAIL),
'subject' => new StringType('subject', -1),
'body' => new StringType('body', -1),
));
$this->isPublic = false;
}
private function getMailConfig() : ?ConnectionData {
$req = new \Api\Settings\Get($this->user);
$this->success = $req->execute(array("key" => "^mail_"));
$this->lastError = $req->getLastError();
if ($this->success) {
$settings = $req->getResult()["settings"];
if (!isset($settings["mail_enabled"]) || $settings["mail_enabled"] !== "1") {
$this->createError("Mail is not configured yet.");
return null;
}
$host = $settings["mail_host"] ?? "localhost";
$port = intval($settings["mail_port"] ?? "25");
$login = $settings["mail_username"] ?? "";
$password = $settings["mail_password"] ?? "";
$connectionData = new ConnectionData($host, $port, $login, $password);
$connectionData->setProperty("from", $settings["mail_from"] ?? "");
return $connectionData;
}
return null;
}
public function execute($values = array()) {
if(!parent::execute($values)) {
return false;
}
$mailConfig = $this->getMailConfig();
if (!$this->success) {
return false;
}
try {
$mail = new PHPMailer;
$mail->IsSMTP();
$mail->setFrom($mailConfig->getProperty("from"));
$mail->addAddress($this->getParam('to'));
$mail->Subject = $this->getParam('subject');
$mail->SMTPDebug = 0;
$mail->Host = $mailConfig->getHost();
$mail->Port = $mailConfig->getPort();
$mail->SMTPAuth = true;
$mail->Username = $mailConfig->getLogin();
$mail->Password = $mailConfig->getPassword();
$mail->SMTPSecure = 'tls';
$mail->IsHTML(true);
$mail->CharSet = 'UTF-8';
$mail->Body = $this->getParam('body');
$this->success = @$mail->Send();
if (!$this->success) {
$this->lastError = "Error sending Mail: $mail->ErrorInfo";
error_log("sendMail() failed: $mail->ErrorInfo");
}
} catch (Exception $e) {
$this->success = false;
$this->lastError = "Error sending Mail: $e";
}
return $this->success;
}
}

35
core/Api/SendTestMail.class.php
View File

@@ -1,35 +0,0 @@
<?php
namespace Api;
use Api\Parameter\Parameter;
use Objects\User;
class SendTestMail extends Request {
public function __construct(User $user, bool $externalCall = false) {
parent::__construct($user, $externalCall, array(
"receiver" => new Parameter("receiver", Parameter::TYPE_EMAIL)
));
$this->requiredGroup = array(USER_GROUP_ADMIN, USER_GROUP_SUPPORT);
}
public function execute($values = array()) {
if (!parent::execute($values)) {
return false;
}
$receiver = $this->getParam("receiver");
$req = new SendMail($this->user);
$this->success = $req->execute(array(
"to" => $receiver,
"subject" => "Test E-Mail",
"body" => "Hey! If you receive this e-mail, your mail configuration seems to be working."
));
$this->lastError = $req->getLastError();
return $this->success;
}
}

8
core/Api/SettingsAPI.class.php
View File

@@ -25,11 +25,8 @@ namespace Api\Settings {
public function __construct(User $user, bool $externalCall = false) {
parent::__construct($user, $externalCall, array(
'key' => new StringType('key', 32, true, NULL)
'key' => new StringType('key', -1, true, NULL)
));
$this->requiredGroup = array(USER_GROUP_ADMIN);
$this->loginRequired = true;
}
public function execute($values = array()) {
@@ -73,9 +70,6 @@ namespace Api\Settings {
parent::__construct($user, $externalCall, array(
'settings' => new Parameter('settings', Parameter::TYPE_ARRAY)
));
$this->requiredGroup = array(USER_GROUP_ADMIN);
$this->loginRequired = true;
}
public function execute($values = array()) {

21
core/Api/Stats.class.php
View File

@@ -7,11 +7,11 @@ use Driver\SQL\Condition\CondBool;
class Stats extends Request {
private bool $mailConfigured;
private bool $recaptchaConfigured;
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array());
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_SUPPORT, USER_GROUP_ADMIN);
}
private function getUserCount() {
@@ -67,12 +67,15 @@ class Stats extends Request {
return $visitors;
}
private function isMailConfigured() {
private function checkSettings() {
$req = new \Api\Settings\Get($this->user);
$this->success = $req->execute(array("key" => "^mail_enabled$"));
$this->success = $req->execute(array("key" => "^(mail_enabled|recaptcha_enabled)$"));
$this->lastError = $req->getLastError();
if ($this->success) {
return ($req->getResult()["mail_enabled"] ?? "0") === "1";
$settings = $req->getResult()["settings"];
$this->mailConfigured = ($settings["mail_enabled"] ?? "0") === "1";
$this->recaptchaConfigured = ($settings["recaptcha_enabled"] ?? "0") === "1";
}
return $this->success;
@@ -95,8 +98,7 @@ class Stats extends Request {
$loadAvg = sys_getloadavg();
}
$mailConfigured = $this->isMailConfigured();
if (!$this->success) {
if (!$this->checkSettings()) {
return false;
}
@@ -109,7 +111,8 @@ class Stats extends Request {
"memory_usage" => memory_get_usage(),
"load_avg" => $loadAvg,
"database" => $this->user->getSQL()->getStatus(),
"mail" => $mailConfigured
"mail" => $this->mailConfigured,
"reCaptcha" => $this->recaptchaConfigured
);
return $this->success;

36
core/Api/UserAPI.class.php
View File

@@ -118,7 +118,6 @@ namespace Api\User {
use Api\Parameter\Parameter;
use Api\Parameter\StringType;
use Api\SendMail;
use Api\UserAPI;
use Api\VerifyCaptcha;
use DateTime;
@@ -137,7 +136,6 @@ namespace Api\User {
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
public function execute($values = array()) {
@@ -179,15 +177,10 @@ namespace Api\User {
private int $userCount;
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
'page' => new Parameter('page', Parameter::TYPE_INT, true, 1),
'count' => new Parameter('count', Parameter::TYPE_INT, true, 20)
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_SUPPORT, USER_GROUP_ADMIN);
$this->userCount = 0;
}
private function getUserCount() {
@@ -297,13 +290,9 @@ namespace Api\User {
class Get extends UserAPI {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
'id' => new Parameter('id', Parameter::TYPE_INT)
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_SUPPORT, USER_GROUP_ADMIN);
}
public function execute($values = array()) {
@@ -373,7 +362,6 @@ namespace Api\User {
));
$this->loginRequired = true;
$this->requiredGroup = array(USER_GROUP_ADMIN);
}
public function execute($values = array()) {
@@ -418,7 +406,7 @@ namespace Api\User {
$body = str_replace("{{{$key}}}", $value, $body);
}
$request = new SendMail($this->user);
$request = new \Api\Mail\Send($this->user);
$this->success = $request->execute(array(
"to" => $email,
"subject" => "[$siteName] Account Invitation",
@@ -560,18 +548,6 @@ namespace Api\User {
return $this->success;
}
private function checkSettings() {
$req = new \Api\Settings\Get($this->user);
$this->success = $req->execute(array("key" => "user_registration_enabled"));
$this->lastError = $req->getLastError();
if ($this->success) {
return ($req->getResult()["user_registration_enabled"] ?? "0") === "1";
}
return $this->success;
}
public function execute($values = array()) {
if (!parent::execute($values)) {
return false;
@@ -581,11 +557,7 @@ namespace Api\User {
return $this->createError(L('You are already logged in'));
}
$registrationAllowed = $this->checkSettings();
if (!$this->success) {
return false;
}
$registrationAllowed = $this->user->getConfiguration()->getSettings()->isRegistrationAllowed();
if(!$registrationAllowed) {
return $this->createError("User Registration is not enabled.");
}
@@ -640,7 +612,7 @@ namespace Api\User {
$body = str_replace("{{{$key}}}", $value, $body);
}
$request = new SendMail($this->user);
$request = new \Api\Mail\Send($this->user);
$this->success = $request->execute(array(
"to" => $email,
"subject" => "[$siteName] E-Mail Confirmation",
@@ -696,7 +668,6 @@ namespace Api\User {
'groups' => new Parameter('groups', Parameter::TYPE_ARRAY, true, NULL),
));
$this->requiredGroup = array(USER_GROUP_ADMIN);
$this->loginRequired = true;
}
@@ -786,7 +757,6 @@ namespace Api\User {
'id' => new Parameter('id', Parameter::TYPE_INT)
));
$this->requiredGroup = array(USER_GROUP_ADMIN);
$this->loginRequired = true;
}