GEANT /
CAT
| Total Complexity | 67 |
| Total Lines | 377 |
| Duplicated Lines | 0 % |
| Changes | 2 | ||
| Bugs | 1 | Features | 0 |
Complex classes like User often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use User, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 43 | class User extends EntityWithDBProperties |
||
| 44 | { |
||
| 45 | |||
| 46 | /** |
||
| 47 | * |
||
| 48 | * @var string |
||
| 49 | */ |
||
| 50 | public $userName; |
||
| 51 | |||
| 52 | public $edugain = false; |
||
| 53 | |||
| 54 | public $roles = []; |
||
| 55 | |||
| 56 | /** |
||
| 57 | * Class constructor. The required argument is a user's persistent identifier as was returned by the authentication source. |
||
| 58 | * |
||
| 59 | * @param string $userId User Identifier as per authentication source |
||
| 60 | */ |
||
| 61 | public function __construct($userId) |
||
| 62 | { |
||
| 63 | $this->databaseType = "USER"; |
||
| 64 | parent::__construct(); // database handle is now available |
||
| 65 | $this->attributes = []; |
||
| 66 | $this->entityOptionTable = "user_options"; |
||
| 67 | $this->entityIdColumn = "user_id"; |
||
| 68 | $this->identifier = 0; // not used |
||
| 69 | $this->userName = $userId; |
||
| 70 | $optioninstance = Options::instance(); |
||
| 71 | |||
| 72 | if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
||
| 73 | // e d u r o a m DB doesn't follow the usual approach |
||
| 74 | // we could get multiple rows below (if administering multiple |
||
| 75 | // federations), so consolidate all into the usual options |
||
| 76 | $info = $this->databaseHandle->exec("SELECT email, common_name, role, realm FROM view_admin WHERE eptid = ?", "s", $this->userName); |
||
| 77 | $visited = false; |
||
| 78 | // SELECT -> resource, not boolean |
||
| 79 | while ($userDetailQuery = mysqli_fetch_object(/** @scrutinizer ignore-type */ $info)) { |
||
| 80 | if (!$visited) { |
||
| 81 | $mailOptinfo = $optioninstance->optionType("user:email"); |
||
| 82 | $this->attributes[] = ["name" => "user:email", "lang" => NULL, "value" => $userDetailQuery->email, "level" => Options::LEVEL_USER, "row_id" => 0, "flag" => $mailOptinfo['flag']]; |
||
| 83 | $realnameOptinfo = $optioninstance->optionType("user:realname"); |
||
| 84 | $this->attributes[] = ["name" => "user:realname", "lang" => NULL, "value" => $userDetailQuery->common_name, "level" => Options::LEVEL_USER, "row_id" => 0, "flag" => $realnameOptinfo['flag']]; |
||
| 85 | $visited = TRUE; |
||
| 86 | } |
||
| 87 | if ($userDetailQuery->role == "fedadmin") { |
||
| 88 | $optinfo = $optioninstance->optionType("user:fedadmin"); |
||
| 89 | $this->attributes[] = ["name" => "user:fedadmin", "lang" => NULL, "value" => strtoupper($userDetailQuery->realm), "level" => Options::LEVEL_USER, "row_id" => 0, "flag" => $optinfo['flag']]; |
||
| 90 | } |
||
| 91 | } |
||
| 92 | } else { |
||
| 93 | $this->attributes = $this->retrieveOptionsFromDatabase("SELECT DISTINCT option_name, option_lang, option_value, row_id |
||
| 94 | FROM $this->entityOptionTable |
||
| 95 | WHERE $this->entityIdColumn = ?", "User"); |
||
| 96 | } |
||
| 97 | $this->getAdminRoles(); |
||
| 98 | } |
||
| 99 | |||
| 100 | /** |
||
| 101 | * This dunction loads the roles table with all user's functions. |
||
| 102 | */ |
||
| 103 | |||
| 104 | private function getAdminRoles() { |
||
| 105 | if (in_array($this->userName, \config\Master::SUPERADMINS)) { |
||
| 106 | $this->roles[] = 'superadmin'; |
||
| 107 | } |
||
| 108 | if (in_array($this->userName, \config\Master::SUPPORT)) { |
||
| 109 | $this->roles[] = 'support'; |
||
| 110 | } |
||
| 111 | if (count($this->getAttributes("user:fedadmin")) > 0) { |
||
| 112 | $this->roles[] = 'fedadmin'; |
||
| 113 | } |
||
| 114 | if (count($this->listOwnerships()) > 0) { |
||
| 115 | $this->roles[] = 'instadmin'; |
||
| 116 | } |
||
| 117 | } |
||
| 118 | |||
| 119 | /** |
||
| 120 | * This function checks whether a user is a federation administrator. When called without argument, it only checks if the |
||
| 121 | * user is a federation administrator of *any* federation. When given a parameter (ISO shortname of federation), it checks |
||
| 122 | * if the user administers this particular federation. |
||
| 123 | * |
||
| 124 | * @param string $federation optional: federation to be checked |
||
| 125 | * @return boolean TRUE if the user is federation admin, false if not |
||
| 126 | */ |
||
| 127 | public function isFederationAdmin($federation = 0) |
||
| 128 | { |
||
| 129 | $feds = $this->getAttributes("user:fedadmin"); |
||
| 130 | if (count($feds) == 0) { // not a fedadmin at all |
||
| 131 | return false; |
||
| 132 | } |
||
| 133 | if ($federation === 0) { // fedadmin for one; that's all we want to know |
||
| 134 | return TRUE; |
||
| 135 | } |
||
| 136 | foreach ($feds as $fed) { // check if authz is for requested federation |
||
| 137 | if (strtoupper($fed['value']) == strtoupper($federation)) { |
||
| 138 | return TRUE; |
||
| 139 | } |
||
| 140 | } |
||
| 141 | return false; // no luck so far? Not the admin we are looking for. |
||
| 142 | } |
||
| 143 | |||
| 144 | /** |
||
| 145 | * This function tests if the current user has been configured as the system superadmin, i.e. if the user is allowed |
||
| 146 | * to execute the 112365365321.php script and obtain read-only access to admin areas. |
||
| 147 | * |
||
| 148 | * @return boolean TRUE if the user is a superadmin, false if not |
||
| 149 | */ |
||
| 150 | public function isSuperadmin() |
||
| 151 | { |
||
| 152 | return in_array('superadmin', $this->roles); |
||
| 153 | } |
||
| 154 | |||
| 155 | |||
| 156 | /** |
||
| 157 | * This function tests if the current user has been configured as the system superadmin, i.e. if the user is allowed |
||
| 158 | * obtain read-only access to admin areas. |
||
| 159 | * |
||
| 160 | * @return boolean TRUE if the user is a support member, false if not |
||
| 161 | */ |
||
| 162 | public function isSupport() |
||
| 163 | { |
||
| 164 | return in_array('support', $this->roles); |
||
| 165 | } |
||
| 166 | |||
| 167 | /** |
||
| 168 | * This function tests if the current user is an ovner of a given IdP |
||
| 169 | * |
||
| 170 | * @param int $idp integer identifier of the IdP |
||
| 171 | * @return boolean TRUE if the user is an owner, false if not |
||
| 172 | */ |
||
| 173 | public function isIdPOwner($idp) |
||
| 174 | { |
||
| 175 | $temp = new IdP($idp); |
||
| 176 | foreach ($temp->listOwners() as $oneowner) { |
||
| 177 | if ($oneowner['ID'] == $this->userName) { |
||
| 178 | return TRUE; |
||
| 179 | } |
||
| 180 | } |
||
| 181 | return false; |
||
| 182 | } |
||
| 183 | |||
| 184 | /** This function tests if user's IdP is listed in eduGAIN - it uses an external |
||
| 185 | * call to technical eduGAIN API |
||
| 186 | * |
||
| 187 | * @return boolean true if the IdP is listed, false otherwise |
||
| 188 | * |
||
| 189 | */ |
||
| 190 | public function isFromEduGAIN() |
||
| 191 | { |
||
| 192 | $_SESSION['eduGAIN'] = false; |
||
| 193 | preg_match('/!([^!]+)$/', $_SESSION['user'], $matches); |
||
| 194 | if (!isset($matches[1])) { |
||
| 195 | return false; |
||
| 196 | } |
||
| 197 | $entityId = $matches[1]; |
||
| 198 | $url = \config\Diagnostics::EDUGAINRESOLVER['url'] . "?action=get_entity_name&type=idp&opt=2&e_id=$entityId"; |
||
| 199 | \core\common\Logging::debug_s(4, $url, "URL: ","\n"); |
||
| 200 | $ch = curl_init($url); |
||
| 201 | if ($ch === false) { |
||
| 202 | $loggerInstance->debug(2, "Unable ask eduGAIN about IdP - CURL init failed!"); |
||
|
Comprehensibility
Best Practice
introduced
by
|
|||
| 203 | return false; |
||
| 204 | } |
||
| 205 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
||
| 206 | curl_setopt($ch, CURLOPT_TIMEOUT, \config\Diagnostics::EDUGAINRESOLVER['timeout']); |
||
| 207 | $response = curl_exec($ch); |
||
| 208 | \core\common\Logging::debug_s(4, $response, "RESP\n", "\n"); |
||
| 209 | if (function_exists('json_validate')) { |
||
| 210 | if (json_validate($response) === false) { |
||
| 211 | \core\common\Logging::debug_s(2, "eduGAIN resolver did not return valid json\n"); |
||
| 212 | return false; |
||
| 213 | } |
||
| 214 | } |
||
| 215 | $responseDetails = json_decode($response, true); |
||
| 216 | if ($responseDetails == null || !isset($responseDetails['status'])) { |
||
| 217 | \core\common\Logging::debug_s(2, $response, "EDUGAINRESOLVER returned incorrect response:\n", "\n"); |
||
| 218 | return false; |
||
| 219 | } |
||
| 220 | if ($responseDetails['status'] !== 1) { |
||
| 221 | \core\common\Logging::debug_s(4, "EDUGAINRESOLVER returned status 0\n"); |
||
| 222 | return false; |
||
| 223 | } |
||
| 224 | if ($responseDetails['name'] === null) { |
||
| 225 | \core\common\Logging::debug_s(4,"User not in eduGAIN\n"); |
||
| 226 | return false; |
||
| 227 | } |
||
| 228 | \core\common\Logging::debug_s(4,"User in eduGAIN\n"); |
||
| 229 | $_SESSION['eduGAIN'] = $responseDetails['regauth']; |
||
| 230 | return true; |
||
| 231 | } |
||
| 232 | |||
| 233 | /** |
||
| 234 | * This function lists all institution ids for which the user appears as admin |
||
| 235 | * |
||
| 236 | * @return array if institution ids. |
||
| 237 | */ |
||
| 238 | public function listOwnerships() { |
||
| 239 | $dbHandle = \core\DBConnection::handle("INST"); |
||
| 240 | $query = $dbHandle->exec("SELECT institution_id FROM ownership WHERE user_id='".$this->userName."'"); |
||
| 241 | return array_column($query->fetch_all(), 0); |
||
| 242 | } |
||
| 243 | |||
| 244 | /** |
||
| 245 | * shorthand function for email sending to the user |
||
| 246 | * |
||
| 247 | * @param string $subject addressee of the mail |
||
| 248 | * @param string $content content of the mail |
||
| 249 | * @return boolean did it work? |
||
| 250 | */ |
||
| 251 | public function sendMailToUser($subject, $content) |
||
| 252 | { |
||
| 253 | $mailaddr = $this->getAttributes("user:email"); |
||
| 254 | if (count($mailaddr) == 0) { // we don't know user's mail address |
||
| 255 | return false; |
||
| 256 | } |
||
| 257 | return $this::doMailing($mailaddr[0]["value"], $subject, $content); |
||
| 258 | } |
||
| 259 | |||
| 260 | /** |
||
| 261 | * sending mail to CAT admins (if defined in Master), mainly for debugging purposes |
||
| 262 | * |
||
| 263 | * @param string $subject |
||
| 264 | * @param string $content |
||
| 265 | * @return boolean did it work? |
||
| 266 | */ |
||
| 267 | public static function sendMailToCATadmins($subject, $content) { |
||
| 268 | if (!isset(\config\Master::APPEARANCE['cat-admin-mail']) || \config\Master::APPEARANCE['cat-admin-mail'] === []) { |
||
| 269 | return; |
||
| 270 | } |
||
| 271 | foreach (\config\Master::APPEARANCE['cat-admin-mail'] as $mailaddr) { |
||
| 272 | $sent = User::doMailing($mailaddr, $subject, $content); |
||
| 273 | if (!$sent) { |
||
| 274 | \core\common\Logging::debug_s(2, $mailaddr, "Mailing to: ", " failed\n"); |
||
| 275 | } |
||
| 276 | } |
||
| 277 | } |
||
| 278 | |||
| 279 | /** |
||
| 280 | * shorthand function for actual email sending to the user |
||
| 281 | * |
||
| 282 | * @param array $mailaddr the mail address ro mail to |
||
| 283 | * @param string $subject addressee of the mail |
||
| 284 | * @param string $content content of the mail |
||
| 285 | * @return boolean did it work? |
||
| 286 | */ |
||
| 287 | private static function doMailing($mailaddr, $subject, $content) { |
||
| 301 | } |
||
| 302 | |||
| 303 | /** |
||
| 304 | * NOOP in this class, only need to override abstract base class |
||
| 305 | * |
||
| 306 | * @return void |
||
| 307 | */ |
||
| 308 | public function updateFreshness() |
||
| 310 | // User is always fresh |
||
| 311 | } |
||
| 312 | |||
| 313 | const PROVIDER_STRINGS = [ |
||
| 314 | "eduPersonTargetedID" => "eduGAIN", |
||
| 315 | "pairwise-id" => "eduGAIN", |
||
| 316 | "facebook_targetedID" => "Facebook", |
||
| 317 | "google_eppn" => "Google", |
||
| 318 | "linkedin_targetedID" => "LinkedIn", |
||
| 319 | "twitter_targetedID" => "Twitter", |
||
| 320 | "openid" => "Google (defunct)", |
||
| 321 | ]; |
||
| 322 | |||
| 323 | /** |
||
| 324 | * Some users apparently forget which eduGAIN/social ID they originally used |
||
| 325 | * to log into CAT. We can try to help them: if they tell us the email |
||
| 326 | * address by which they received the invitation token, then we can see if |
||
| 327 | * any CAT IdPs are associated to an account which originally came in via |
||
| 328 | * that email address. We then see which pretty-print auth provider name |
||
| 329 | * was used |
||
| 330 | * |
||
| 331 | * @param string $mail mail address to search with |
||
| 332 | * @param string $lang language for the eduGAIN request |
||
| 333 | * @return boolean|array the list of auth source IdPs we found for the mail, or false if none found or invalid input |
||
| 334 | */ |
||
| 335 | public static function findLoginIdPByEmail($mail, $lang) |
||
| 420 | } |
||
| 421 | } |
Loading history...