enwikipedia-acc / waca

includes/Security/AuthenticationManager.php

Doc Comments +4 added lines

@@ -42,6 +42,10 @@
         $this->database = $database;
     }
 
+    /**
+     * @param string $data
+     * @param integer $stage
+     */
     public function authenticate(User $user, $data, $stage)
     {
         $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage';

Unused Use Statements -1 removed lines

@@ -14,7 +14,6 @@
 use Waca\PdoDatabase;
 use Waca\Security\CredentialProviders\ICredentialProvider;
 use Waca\Security\CredentialProviders\PasswordCredentialProvider;
-use Waca\Security\CredentialProviders\YubikeyCredentialProvider;
 use Waca\SiteConfiguration;
 
 class AuthenticationManager

Indentation +51 added lines, -51 removed lines

@@ -19,62 +19,62 @@
 
 class AuthenticationManager
 {
-    const AUTH_OK = 1;
-    const AUTH_FAIL = 2;
-    const AUTH_REQUIRE_NEXT_STAGE = 3;
-    private $typeMap = array();
-    /**
-     * @var PdoDatabase
-     */
-    private $database;
+	const AUTH_OK = 1;
+	const AUTH_FAIL = 2;
+	const AUTH_REQUIRE_NEXT_STAGE = 3;
+	private $typeMap = array();
+	/**
+	 * @var PdoDatabase
+	 */
+	private $database;
 
-    /**
-     * AuthenticationManager constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $siteConfiguration
-     * @param HttpHelper        $httpHelper
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $siteConfiguration, HttpHelper $httpHelper)
-    {
-        // setup providers
-        $this->typeMap['password'] = new PasswordCredentialProvider($database, $siteConfiguration);
-        $this->database = $database;
-    }
+	/**
+	 * AuthenticationManager constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param HttpHelper        $httpHelper
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $siteConfiguration, HttpHelper $httpHelper)
+	{
+		// setup providers
+		$this->typeMap['password'] = new PasswordCredentialProvider($database, $siteConfiguration);
+		$this->database = $database;
+	}
 
-    public function authenticate(User $user, $data, $stage)
-    {
-        $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage';
-        $statement = $this->database->prepare($sql);
-        $statement->execute(array(':user' => $user->getId(), ':stage' => $stage));
-        $options = $statement->fetchAll(PDO::FETCH_COLUMN);
+	public function authenticate(User $user, $data, $stage)
+	{
+		$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage';
+		$statement = $this->database->prepare($sql);
+		$statement->execute(array(':user' => $user->getId(), ':stage' => $stage));
+		$options = $statement->fetchAll(PDO::FETCH_COLUMN);
 
-        $sql = 'SELECT count(DISTINCT factor) FROM credential WHERE user = :user AND factor > :stage';
-        $statement = $this->database->prepare($sql);
-        $statement->execute(array(':user' => $user->getId(), ':stage' => $stage));
-        $requiredFactors = $statement->fetchColumn();
+		$sql = 'SELECT count(DISTINCT factor) FROM credential WHERE user = :user AND factor > :stage';
+		$statement = $this->database->prepare($sql);
+		$statement->execute(array(':user' => $user->getId(), ':stage' => $stage));
+		$requiredFactors = $statement->fetchColumn();
 
-        // prep the correct OK response based on how many factors are ahead of this one
-        $success = self::AUTH_OK;
-        if ($requiredFactors > 0) {
-            $success = self::AUTH_REQUIRE_NEXT_STAGE;
-        }
+		// prep the correct OK response based on how many factors are ahead of this one
+		$success = self::AUTH_OK;
+		if ($requiredFactors > 0) {
+			$success = self::AUTH_REQUIRE_NEXT_STAGE;
+		}
 
-        foreach ($options as $type) {
-            if (!isset($this->typeMap[$type])) {
-                // does this type have a credentialProvider registered?
-                continue;
-            }
+		foreach ($options as $type) {
+			if (!isset($this->typeMap[$type])) {
+				// does this type have a credentialProvider registered?
+				continue;
+			}
 
-            /** @var ICredentialProvider $credentialProvider */
-            $credentialProvider = $this->typeMap[$type];
-            if ($credentialProvider->authenticate($user, $data)) {
-                return $success;
-            }
-        }
+			/** @var ICredentialProvider $credentialProvider */
+			$credentialProvider = $this->typeMap[$type];
+			if ($credentialProvider->authenticate($user, $data)) {
+				return $success;
+			}
+		}
 
-        // We've iterated over all the available providers for this stage.
-        // They all hate you.
-        return self::AUTH_FAIL;
-    }
+		// We've iterated over all the available providers for this stage.
+		// They all hate you.
+		return self::AUTH_FAIL;
+	}
 }
\ No newline at end of file

includes/Security/RoleConfiguration.php

Unused Use Statements +4 added lines, -4 removed lines

@@ -16,10 +16,6 @@ 
 use Waca\Pages\PageJobQueue;
 use Waca\Pages\PageLog;
 use Waca\Pages\PageMain;
-use Waca\Pages\RequestAction\PageCreateRequest;
-use Waca\Pages\UserAuth\PageChangePassword;
-use Waca\Pages\UserAuth\PageOAuth;
-use Waca\Pages\UserAuth\PagePreferences;
 use Waca\Pages\PageSearch;
 use Waca\Pages\PageSiteNotice;
 use Waca\Pages\PageTeam;
@@ -29,6 +25,7 @@ 
 use Waca\Pages\RequestAction\PageBreakReservation;
 use Waca\Pages\RequestAction\PageCloseRequest;
 use Waca\Pages\RequestAction\PageComment;
+use Waca\Pages\RequestAction\PageCreateRequest;
 use Waca\Pages\RequestAction\PageCustomClose;
 use Waca\Pages\RequestAction\PageDeferRequest;
 use Waca\Pages\RequestAction\PageDropRequest;
@@ -42,6 +39,9 @@ 
 use Waca\Pages\Statistics\StatsTemplateStats;
 use Waca\Pages\Statistics\StatsTopCreators;
 use Waca\Pages\Statistics\StatsUsers;
+use Waca\Pages\UserAuth\PageChangePassword;
+use Waca\Pages\UserAuth\PageOAuth;
+use Waca\Pages\UserAuth\PagePreferences;
 
 class RoleConfiguration
 {

Indentation +334 added lines, -334 removed lines

@@ -45,364 +45,364 @@
 
 class RoleConfiguration
 {
-    const ACCESS_ALLOW = 1;
-    const ACCESS_DENY = -1;
-    const ACCESS_DEFAULT = 0;
-    const MAIN = 'main';
-    const ALL = '*';
-    /**
-     * A map of roles to rights
-     *
-     * For example:
-     *
-     * array(
-     *   'myrole' => array(
-     *       PageMyPage::class => array(
-     *           'edit' => self::ACCESS_ALLOW,
-     *           'create' => self::ACCESS_DENY,
-     *       )
-     *   )
-     * )
-     *
-     * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
-     * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
-     * be the expected result:
-     *
-     * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
-     * - (A,-,-) = A
-     * - (D,-,-) = D
-     * - (A,D,-) = D (deny takes precedence over allow)
-     * - (A,A,A) = A (repetition has no effect)
-     *
-     * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
-     *
-     * @var array
-     */
-    private $roleConfig = array(
-        'public'            => array(
-            /*
+	const ACCESS_ALLOW = 1;
+	const ACCESS_DENY = -1;
+	const ACCESS_DEFAULT = 0;
+	const MAIN = 'main';
+	const ALL = '*';
+	/**
+	 * A map of roles to rights
+	 *
+	 * For example:
+	 *
+	 * array(
+	 *   'myrole' => array(
+	 *       PageMyPage::class => array(
+	 *           'edit' => self::ACCESS_ALLOW,
+	 *           'create' => self::ACCESS_DENY,
+	 *       )
+	 *   )
+	 * )
+	 *
+	 * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
+	 * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
+	 * be the expected result:
+	 *
+	 * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
+	 * - (A,-,-) = A
+	 * - (D,-,-) = D
+	 * - (A,D,-) = D (deny takes precedence over allow)
+	 * - (A,A,A) = A (repetition has no effect)
+	 *
+	 * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
+	 *
+	 * @var array
+	 */
+	private $roleConfig = array(
+		'public'            => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED *OUT* USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'   => array(
-                'publicStats',
-            ),
-            PageTeam::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'loggedIn'          => array(
-            /*
+			'_childRoles'   => array(
+				'publicStats',
+			),
+			PageTeam::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'loggedIn'          => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED IN USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'             => array(
-                'public',
-            ),
-            PagePreferences::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageChangePassword::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageOAuth::class          => array(
-                'attach' => self::ACCESS_ALLOW,
-                'detach' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'user'              => array(
-            '_description'                       => 'A standard tool user.',
-            '_editableBy'                        => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'internalStats',
-            ),
-            PageMain::class                      => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBan::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEmailManagement::class           => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageExpandedRequestList::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageLog::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSearch::class                    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'select'   => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageViewRequest::class               => array(
-                self::MAIN       => self::ACCESS_ALLOW,
-                'seeAllRequests' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'                        => array(
-                'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
-                'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageComment::class                   => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCloseRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCreateRequest::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDeferRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDropRequest::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageReservation::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSendToUser::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class          => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageJobQueue::class                  => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-                'all'      => self::ACCESS_ALLOW,
-            ),
-            'RequestCreation'                    => array(
-                User::CREATION_MANUAL => self::ACCESS_ALLOW,
-                User::CREATION_OAUTH  => self::ACCESS_ALLOW,
-            ),
-        ),
-        'admin'             => array(
-            '_description'                       => 'A tool administrator.',
-            '_editableBy'                        => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'user',
-                'requestAdminTools',
-            ),
-            PageEmailManagement::class           => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'create' => self::ACCESS_ALLOW,
-            ),
-            PageSiteNotice::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageUserManagement::class            => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-                'approve'   => self::ACCESS_ALLOW,
-                'decline'   => self::ACCESS_ALLOW,
-                'rename'    => self::ACCESS_ALLOW,
-                'editUser'  => self::ACCESS_ALLOW,
-                'suspend'   => self::ACCESS_ALLOW,
-                'editRoles' => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'delete' => self::ACCESS_ALLOW,
-                'add'    => self::ACCESS_ALLOW,
-            ),
-            PageJobQueue::class                  => array(
-                'acknowledge' => self::ACCESS_ALLOW,
-                'requeue'     => self::ACCESS_ALLOW,
-            ),
-        ),
-        'checkuser'         => array(
-            '_description'            => 'A user with CheckUser access',
-            '_editableBy'             => array('checkuser', 'toolRoot'),
-            '_childRoles'             => array(
-                'user',
-                'requestAdminTools',
-            ),
-            PageUserManagement::class => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-                'suspend'   => self::ACCESS_ALLOW,
-                'editRoles' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'             => array(
-                'seeUserAgentData' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'toolRoot'          => array(
-            '_description' => 'A user with shell access to the servers running the tool',
-            '_editableBy'  => array('toolRoot'),
-            '_childRoles'  => array(
-                'admin',
-                'checkuser',
-            ),
-        ),
-        'botCreation'       => array(
-            '_description'    => 'A user allowed to use the bot to perform account creations',
-            '_editableBy'     => array('admin', 'toolRoot'),
-            '_childRoles'     => array(),
-            'RequestCreation' => array(
-                User::CREATION_BOT => self::ACCESS_ALLOW,
-            ),
-        ),
+			'_childRoles'             => array(
+				'public',
+			),
+			PagePreferences::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageChangePassword::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageOAuth::class          => array(
+				'attach' => self::ACCESS_ALLOW,
+				'detach' => self::ACCESS_ALLOW,
+			),
+		),
+		'user'              => array(
+			'_description'                       => 'A standard tool user.',
+			'_editableBy'                        => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'internalStats',
+			),
+			PageMain::class                      => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBan::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEmailManagement::class           => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageExpandedRequestList::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageLog::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSearch::class                    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'select'   => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageViewRequest::class               => array(
+				self::MAIN       => self::ACCESS_ALLOW,
+				'seeAllRequests' => self::ACCESS_ALLOW,
+			),
+			'RequestData'                        => array(
+				'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
+				'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageComment::class                   => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCloseRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCreateRequest::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDeferRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDropRequest::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageReservation::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSendToUser::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class          => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageJobQueue::class                  => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+				'all'      => self::ACCESS_ALLOW,
+			),
+			'RequestCreation'                    => array(
+				User::CREATION_MANUAL => self::ACCESS_ALLOW,
+				User::CREATION_OAUTH  => self::ACCESS_ALLOW,
+			),
+		),
+		'admin'             => array(
+			'_description'                       => 'A tool administrator.',
+			'_editableBy'                        => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'user',
+				'requestAdminTools',
+			),
+			PageEmailManagement::class           => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'create' => self::ACCESS_ALLOW,
+			),
+			PageSiteNotice::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageUserManagement::class            => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+				'approve'   => self::ACCESS_ALLOW,
+				'decline'   => self::ACCESS_ALLOW,
+				'rename'    => self::ACCESS_ALLOW,
+				'editUser'  => self::ACCESS_ALLOW,
+				'suspend'   => self::ACCESS_ALLOW,
+				'editRoles' => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'delete' => self::ACCESS_ALLOW,
+				'add'    => self::ACCESS_ALLOW,
+			),
+			PageJobQueue::class                  => array(
+				'acknowledge' => self::ACCESS_ALLOW,
+				'requeue'     => self::ACCESS_ALLOW,
+			),
+		),
+		'checkuser'         => array(
+			'_description'            => 'A user with CheckUser access',
+			'_editableBy'             => array('checkuser', 'toolRoot'),
+			'_childRoles'             => array(
+				'user',
+				'requestAdminTools',
+			),
+			PageUserManagement::class => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+				'suspend'   => self::ACCESS_ALLOW,
+				'editRoles' => self::ACCESS_ALLOW,
+			),
+			'RequestData'             => array(
+				'seeUserAgentData' => self::ACCESS_ALLOW,
+			),
+		),
+		'toolRoot'          => array(
+			'_description' => 'A user with shell access to the servers running the tool',
+			'_editableBy'  => array('toolRoot'),
+			'_childRoles'  => array(
+				'admin',
+				'checkuser',
+			),
+		),
+		'botCreation'       => array(
+			'_description'    => 'A user allowed to use the bot to perform account creations',
+			'_editableBy'     => array('admin', 'toolRoot'),
+			'_childRoles'     => array(),
+			'RequestCreation' => array(
+				User::CREATION_BOT => self::ACCESS_ALLOW,
+			),
+		),
 
-        // Child roles go below this point
-        'publicStats'       => array(
-            '_hidden'               => true,
-            StatsUsers::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'detail'   => self::ACCESS_ALLOW,
-            ),
-            StatsTopCreators::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'internalStats'     => array(
-            '_hidden'                    => true,
-            StatsMain::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsFastCloses::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsInactiveUsers::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsMonthlyStats::class     => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsReservedRequests::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsTemplateStats::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'requestAdminTools' => array(
-            '_hidden'                   => true,
-            PageBan::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'set'      => self::ACCESS_ALLOW,
-                'remove'   => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class      => array(
-                'editOthers' => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class => array(
-                'force' => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class      => array(
-                'skipCcMailingList' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'               => array(
-                'reopenOldRequest'      => self::ACCESS_ALLOW,
-                'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
-                'alwaysSeeHash'         => self::ACCESS_ALLOW,
-                'seeRestrictedComments' => self::ACCESS_ALLOW,
-            ),
-        ),
-    );
-    /** @var array
-     * List of roles which are *exempt* from the identification requirements
-     *
-     * Think twice about adding roles to this list.
-     *
-     * @category Security-Critical
-     */
-    private $identificationExempt = array('public', 'loggedIn');
+		// Child roles go below this point
+		'publicStats'       => array(
+			'_hidden'               => true,
+			StatsUsers::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'detail'   => self::ACCESS_ALLOW,
+			),
+			StatsTopCreators::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'internalStats'     => array(
+			'_hidden'                    => true,
+			StatsMain::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsFastCloses::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsInactiveUsers::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsMonthlyStats::class     => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsReservedRequests::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsTemplateStats::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'requestAdminTools' => array(
+			'_hidden'                   => true,
+			PageBan::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'set'      => self::ACCESS_ALLOW,
+				'remove'   => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class      => array(
+				'editOthers' => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class => array(
+				'force' => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class      => array(
+				'skipCcMailingList' => self::ACCESS_ALLOW,
+			),
+			'RequestData'               => array(
+				'reopenOldRequest'      => self::ACCESS_ALLOW,
+				'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
+				'alwaysSeeHash'         => self::ACCESS_ALLOW,
+				'seeRestrictedComments' => self::ACCESS_ALLOW,
+			),
+		),
+	);
+	/** @var array
+	 * List of roles which are *exempt* from the identification requirements
+	 *
+	 * Think twice about adding roles to this list.
+	 *
+	 * @category Security-Critical
+	 */
+	private $identificationExempt = array('public', 'loggedIn');
 
-    /**
-     * RoleConfiguration constructor.
-     *
-     * @param array $roleConfig           Set to non-null to override the default configuration.
-     * @param array $identificationExempt Set to non-null to override the default configuration.
-     */
-    public function __construct(array $roleConfig = null, array $identificationExempt = null)
-    {
-        if ($roleConfig !== null) {
-            $this->roleConfig = $roleConfig;
-        }
+	/**
+	 * RoleConfiguration constructor.
+	 *
+	 * @param array $roleConfig           Set to non-null to override the default configuration.
+	 * @param array $identificationExempt Set to non-null to override the default configuration.
+	 */
+	public function __construct(array $roleConfig = null, array $identificationExempt = null)
+	{
+		if ($roleConfig !== null) {
+			$this->roleConfig = $roleConfig;
+		}
 
-        if ($identificationExempt !== null) {
-            $this->identificationExempt = $identificationExempt;
-        }
-    }
+		if ($identificationExempt !== null) {
+			$this->identificationExempt = $identificationExempt;
+		}
+	}
 
-    /**
-     * @param array $roles The roles to check
-     *
-     * @return array
-     */
-    public function getApplicableRoles(array $roles)
-    {
-        $available = array();
+	/**
+	 * @param array $roles The roles to check
+	 *
+	 * @return array
+	 */
+	public function getApplicableRoles(array $roles)
+	{
+		$available = array();
 
-        foreach ($roles as $role) {
-            if (!isset($this->roleConfig[$role])) {
-                // wat
-                continue;
-            }
+		foreach ($roles as $role) {
+			if (!isset($this->roleConfig[$role])) {
+				// wat
+				continue;
+			}
 
-            $available[$role] = $this->roleConfig[$role];
+			$available[$role] = $this->roleConfig[$role];
 
-            if (isset($available[$role]['_childRoles'])) {
-                $childRoles = self::getApplicableRoles($available[$role]['_childRoles']);
-                $available = array_merge($available, $childRoles);
+			if (isset($available[$role]['_childRoles'])) {
+				$childRoles = self::getApplicableRoles($available[$role]['_childRoles']);
+				$available = array_merge($available, $childRoles);
 
-                unset($available[$role]['_childRoles']);
-            }
+				unset($available[$role]['_childRoles']);
+			}
 
-            foreach (array('_hidden', '_editableBy', '_description') as $item) {
-                if (isset($available[$role][$item])) {
-                    unset($available[$role][$item]);
-                }
-            }
-        }
+			foreach (array('_hidden', '_editableBy', '_description') as $item) {
+				if (isset($available[$role][$item])) {
+					unset($available[$role][$item]);
+				}
+			}
+		}
 
-        return $available;
-    }
+		return $available;
+	}
 
-    public function getAvailableRoles()
-    {
-        $possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn'));
+	public function getAvailableRoles()
+	{
+		$possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn'));
 
-        $actual = array();
+		$actual = array();
 
-        foreach ($possible as $role) {
-            if (!isset($this->roleConfig[$role]['_hidden'])) {
-                $actual[$role] = array(
-                    'description' => $this->roleConfig[$role]['_description'],
-                    'editableBy'  => $this->roleConfig[$role]['_editableBy'],
-                );
-            }
-        }
+		foreach ($possible as $role) {
+			if (!isset($this->roleConfig[$role]['_hidden'])) {
+				$actual[$role] = array(
+					'description' => $this->roleConfig[$role]['_description'],
+					'editableBy'  => $this->roleConfig[$role]['_editableBy'],
+				);
+			}
+		}
 
-        return $actual;
-    }
+		return $actual;
+	}
 
-    /**
-     * @param string $role
-     *
-     * @return bool
-     */
-    public function roleNeedsIdentification($role)
-    {
-        if (in_array($role, $this->identificationExempt)) {
-            return false;
-        }
+	/**
+	 * @param string $role
+	 *
+	 * @return bool
+	 */
+	public function roleNeedsIdentification($role)
+	{
+		if (in_array($role, $this->identificationExempt)) {
+			return false;
+		}
 
-        return true;
-    }
+		return true;
+	}
 }

includes/Security/CredentialProviders/ICredentialProvider.php

Indentation +15 added lines, -15 removed lines

@@ -12,20 +12,20 @@
 
 interface ICredentialProvider
 {
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     */
-    public function authenticate(User $user, $data);
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 */
+	public function authenticate(User $user, $data);
 
-    /**
-     * @param User $user The user the credential belongs to
-     * @param int $factor The factor this credential provides
-     * @param string $data
-     */
-    public function setCredential(User $user, $factor, $data);
+	/**
+	 * @param User $user The user the credential belongs to
+	 * @param int $factor The factor this credential provides
+	 * @param string $data
+	 */
+	public function setCredential(User $user, $factor, $data);
 }
\ No newline at end of file

includes/Security/CredentialProviders/PasswordCredentialProvider.php

Indentation +46 added lines, -46 removed lines

@@ -14,50 +14,50 @@
 
 class PasswordCredentialProvider extends CredentialProviderBase
 {
-    const PASSWORD_COST = 10;
-
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
-    {
-        parent::__construct($database, $configuration, 'password');
-    }
-
-    public function authenticate(User $user, $data)
-    {
-        $storedData = $this->getCredentialData($user->getId());
-        if($storedData === null)
-        {
-            // No available credential matching these parameters
-            return false;
-        }
-
-        if($storedData->getVersion() !== 2) {
-            // Non-2 versions are not supported.
-            return false;
-        }
-
-        if(password_verify($data, $storedData->getData())) {
-            if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))){
-                $this->setCredential($user, $storedData->getFactor(), $data);
-            }
-
-            return true;
-        }
-
-        return false;
-    }
-
-    public function setCredential(User $user, $factor, $password)
-    {
-        $storedData = $this->getCredentialData($user->getId());
-
-        if($storedData === null){
-            $storedData = $this->createNewCredential($user);
-        }
-
-        $storedData->setData(password_hash($password, PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST)));
-        $storedData->setFactor($factor);
-        $storedData->setVersion(2);
-
-        $storedData->save();
-    }
+	const PASSWORD_COST = 10;
+
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
+	{
+		parent::__construct($database, $configuration, 'password');
+	}
+
+	public function authenticate(User $user, $data)
+	{
+		$storedData = $this->getCredentialData($user->getId());
+		if($storedData === null)
+		{
+			// No available credential matching these parameters
+			return false;
+		}
+
+		if($storedData->getVersion() !== 2) {
+			// Non-2 versions are not supported.
+			return false;
+		}
+
+		if(password_verify($data, $storedData->getData())) {
+			if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))){
+				$this->setCredential($user, $storedData->getFactor(), $data);
+			}
+
+			return true;
+		}
+
+		return false;
+	}
+
+	public function setCredential(User $user, $factor, $password)
+	{
+		$storedData = $this->getCredentialData($user->getId());
+
+		if($storedData === null){
+			$storedData = $this->createNewCredential($user);
+		}
+
+		$storedData->setData(password_hash($password, PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST)));
+		$storedData->setFactor($factor);
+		$storedData->setVersion(2);
+
+		$storedData->save();
+	}
 }
\ No newline at end of file

Spacing +5 added lines, -5 removed lines

@@ -24,19 +24,19 @@ 
     public function authenticate(User $user, $data)
     {
         $storedData = $this->getCredentialData($user->getId());
-        if($storedData === null)
+        if ($storedData === null)
         {
             // No available credential matching these parameters
             return false;
         }
 
-        if($storedData->getVersion() !== 2) {
+        if ($storedData->getVersion() !== 2) {
             // Non-2 versions are not supported.
             return false;
         }
 
-        if(password_verify($data, $storedData->getData())) {
-            if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))){
+        if (password_verify($data, $storedData->getData())) {
+            if (password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))) {
                 $this->setCredential($user, $storedData->getFactor(), $data);
             }
 
@@ -50,7 +50,7 @@ 
     {
         $storedData = $this->getCredentialData($user->getId());
 
-        if($storedData === null){
+        if ($storedData === null) {
             $storedData = $this->createNewCredential($user);
         }
 

Braces +3 added lines, -4 removed lines

@@ -24,8 +24,7 @@ 
     public function authenticate(User $user, $data)
     {
         $storedData = $this->getCredentialData($user->getId());
-        if($storedData === null)
-        {
+        if($storedData === null) {
             // No available credential matching these parameters
             return false;
         }
@@ -36,7 +35,7 @@ 
         }
 
         if(password_verify($data, $storedData->getData())) {
-            if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))){
+            if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))) {
                 $this->setCredential($user, $storedData->getFactor(), $data);
             }
 
@@ -50,7 +49,7 @@ 
     {
         $storedData = $this->getCredentialData($user->getId());
 
-        if($storedData === null){
+        if($storedData === null) {
             $storedData = $this->createNewCredential($user);
         }
 

includes/Security/CredentialProviders/CredentialProviderBase.php

Indentation +69 added lines, -69 removed lines

@@ -15,85 +15,85 @@
 
 abstract class CredentialProviderBase implements ICredentialProvider
 {
-    /**
-     * @var PdoDatabase
-     */
-    private $database;
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
-    /** @var string */
-    private $type;
+	/**
+	 * @var PdoDatabase
+	 */
+	private $database;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
+	/** @var string */
+	private $type;
 
-    /**
-     * CredentialProviderBase constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $configuration
-     * @param string            $type
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration, $type)
-    {
-        $this->database = $database;
-        $this->configuration = $configuration;
-        $this->type = $type;
-    }
+	/**
+	 * CredentialProviderBase constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $configuration
+	 * @param string            $type
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration, $type)
+	{
+		$this->database = $database;
+		$this->configuration = $configuration;
+		$this->type = $type;
+	}
 
-    /**
-     * @param int $userId
-     *
-     * @return Credential
-     */
-    protected function getCredentialData($userId)
-    {
-        $sql = 'SELECT * FROM credential WHERE type = :t AND user = :u AND disabled = 0';
+	/**
+	 * @param int $userId
+	 *
+	 * @return Credential
+	 */
+	protected function getCredentialData($userId)
+	{
+		$sql = 'SELECT * FROM credential WHERE type = :t AND user = :u AND disabled = 0';
 
-        $statement = $this->database->prepare($sql);
-        $statement->execute(array(':u' => $userId, ':t' => $this->type));
+		$statement = $this->database->prepare($sql);
+		$statement->execute(array(':u' => $userId, ':t' => $this->type));
 
-        /** @var Credential $obj */
-        $obj = $statement->fetchObject(Credential::class);
+		/** @var Credential $obj */
+		$obj = $statement->fetchObject(Credential::class);
 
-        if ($obj === false) {
-            return null;
-        }
+		if ($obj === false) {
+			return null;
+		}
 
-        $obj->setDatabase($this->database);
+		$obj->setDatabase($this->database);
 
-        $statement->closeCursor();
+		$statement->closeCursor();
 
-        return $obj;
-    }
+		return $obj;
+	}
 
-    /**
-     * @return PdoDatabase
-     */
-    public function getDatabase()
-    {
-        return $this->database;
-    }
+	/**
+	 * @return PdoDatabase
+	 */
+	public function getDatabase()
+	{
+		return $this->database;
+	}
 
-    /**
-     * @return SiteConfiguration
-     */
-    public function getConfiguration()
-    {
-        return $this->configuration;
-    }
+	/**
+	 * @return SiteConfiguration
+	 */
+	public function getConfiguration()
+	{
+		return $this->configuration;
+	}
 
-    /**
-     * @param User $user
-     *
-     * @return Credential
-     */
-    protected function createNewCredential(User $user)
-    {
-        $credential = new Credential();
-        $credential->setDatabase($this->getDatabase());
-        $credential->setUserId($user->getId());
-        $credential->setType($this->type);
+	/**
+	 * @param User $user
+	 *
+	 * @return Credential
+	 */
+	protected function createNewCredential(User $user)
+	{
+		$credential = new Credential();
+		$credential->setDatabase($this->getDatabase());
+		$credential->setUserId($user->getId());
+		$credential->setType($this->type);
 
-        return $credential;
-    }
+		return $credential;
+	}
 }
\ No newline at end of file

includes/API/Actions/StatsAction.php

Indentation +44 added lines, -44 removed lines

@@ -20,58 +20,58 @@
  */
 class StatsAction extends ApiPageBase implements IApiAction
 {
-    /**
-     * The target user
-     * @var User $user
-     */
-    private $user;
+	/**
+	 * The target user
+	 * @var User $user
+	 */
+	private $user;
 
-    /**
-     * Summary of execute
-     *
-     * @param \DOMElement $apiDocument
-     *
-     * @return \DOMElement
-     * @throws ApiException
-     * @throws \Exception
-     */
-    public function executeApiAction(\DOMElement $apiDocument)
-    {
-        $username = WebRequest::getString('user');
-        $wikiusername = WebRequest::getString('wikiuser');
+	/**
+	 * Summary of execute
+	 *
+	 * @param \DOMElement $apiDocument
+	 *
+	 * @return \DOMElement
+	 * @throws ApiException
+	 * @throws \Exception
+	 */
+	public function executeApiAction(\DOMElement $apiDocument)
+	{
+		$username = WebRequest::getString('user');
+		$wikiusername = WebRequest::getString('wikiuser');
 
-        if ($username === null && $wikiusername === null) {
-            throw new ApiException("Please specify a username using either user or wikiuser parameters.");
-        }
+		if ($username === null && $wikiusername === null) {
+			throw new ApiException("Please specify a username using either user or wikiuser parameters.");
+		}
 
-        $userElement = $this->document->createElement("user");
-        $apiDocument->appendChild($userElement);
+		$userElement = $this->document->createElement("user");
+		$apiDocument->appendChild($userElement);
 
-        if ($username !== null) {
-            $user = User::getByUsername($username, $this->getDatabase());
-        }
-        else {
-            $user = User::getByOnWikiUsername($wikiusername, $this->getDatabase());
-        }
+		if ($username !== null) {
+			$user = User::getByUsername($username, $this->getDatabase());
+		}
+		else {
+			$user = User::getByOnWikiUsername($wikiusername, $this->getDatabase());
+		}
 
-        if ($user === false) {
-            $userElement->setAttribute("missing", "true");
+		if ($user === false) {
+			$userElement->setAttribute("missing", "true");
 
-            return $apiDocument;
-        }
+			return $apiDocument;
+		}
 
-        $this->user = $user;
+		$this->user = $user;
 
-        $oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(),
-            $this->getSiteConfiguration());
+		$oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(),
+			$this->getSiteConfiguration());
 
-        $userElement->setAttribute("username", $this->user->getUsername());
-        $userElement->setAttribute("status", $this->user->getStatus());
-        $userElement->setAttribute("lastactive", $this->user->getLastActive());
-        $userElement->setAttribute("welcome_template", $this->user->getWelcomeTemplate());
-        $userElement->setAttribute("onwikiname", $this->user->getOnWikiName());
-        $userElement->setAttribute("oauth", $oauth->isFullyLinked() ? "true" : "false");
+		$userElement->setAttribute("username", $this->user->getUsername());
+		$userElement->setAttribute("status", $this->user->getStatus());
+		$userElement->setAttribute("lastactive", $this->user->getLastActive());
+		$userElement->setAttribute("welcome_template", $this->user->getWelcomeTemplate());
+		$userElement->setAttribute("onwikiname", $this->user->getOnWikiName());
+		$userElement->setAttribute("oauth", $oauth->isFullyLinked() ? "true" : "false");
 
-        return $apiDocument;
-    }
+		return $apiDocument;
+	}
 }

includes/Helpers/Interfaces/IOAuthProtocolHelper.php

Indentation +44 added lines, -44 removed lines

@@ -19,52 +19,52 @@
 
 interface IOAuthProtocolHelper
 {
-    /**
-     * @return stdClass
-     *
-     * @throws Exception
-     * @throws CurlException
-     */
-    public function getRequestToken();
+	/**
+	 * @return stdClass
+	 *
+	 * @throws Exception
+	 * @throws CurlException
+	 */
+	public function getRequestToken();
 
-    /**
-     * @param string $requestToken
-     *
-     * @return string
-     */
-    public function getAuthoriseUrl($requestToken);
+	/**
+	 * @param string $requestToken
+	 *
+	 * @return string
+	 */
+	public function getAuthoriseUrl($requestToken);
 
-    /**
-     * @param string $oauthRequestToken
-     * @param string $oauthRequestSecret
-     * @param string $oauthVerifier
-     *
-     * @return stdClass
-     * @throws CurlException
-     * @throws Exception
-     */
-    public function callbackCompleted($oauthRequestToken, $oauthRequestSecret, $oauthVerifier);
+	/**
+	 * @param string $oauthRequestToken
+	 * @param string $oauthRequestSecret
+	 * @param string $oauthVerifier
+	 *
+	 * @return stdClass
+	 * @throws CurlException
+	 * @throws Exception
+	 */
+	public function callbackCompleted($oauthRequestToken, $oauthRequestSecret, $oauthVerifier);
 
-    /**
-     * @param string $oauthAccessToken
-     * @param string $oauthAccessSecret
-     *
-     * @return stdClass
-     * @throws CurlException
-     * @throws Exception
-     */
-    public function getIdentityTicket($oauthAccessToken, $oauthAccessSecret);
+	/**
+	 * @param string $oauthAccessToken
+	 * @param string $oauthAccessSecret
+	 *
+	 * @return stdClass
+	 * @throws CurlException
+	 * @throws Exception
+	 */
+	public function getIdentityTicket($oauthAccessToken, $oauthAccessSecret);
 
-    /**
-     * @param array  $apiParams    array of parameters to send to the API
-     * @param string $accessToken  user's access token
-     * @param string $accessSecret user's secret
-     * @param string $method       HTTP method
-     *
-     * @return stdClass
-     * @throws ApplicationLogicException
-     * @throws CurlException
-     * @throws Exception
-     */
-    public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET');
+	/**
+	 * @param array  $apiParams    array of parameters to send to the API
+	 * @param string $accessToken  user's access token
+	 * @param string $accessSecret user's secret
+	 * @param string $method       HTTP method
+	 *
+	 * @return stdClass
+	 * @throws ApplicationLogicException
+	 * @throws CurlException
+	 * @throws Exception
+	 */
+	public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET');
 }
\ No newline at end of file

includes/Helpers/HttpHelper.php

Indentation +105 added lines, -105 removed lines

@@ -12,109 +12,109 @@
 
 class HttpHelper
 {
-    private $curlHandle;
-
-    /**
-     * HttpHelper constructor.
-     *
-     * @param string  $userAgent
-     * @param boolean $disableVerifyPeer
-     * @param string  $cookieJar
-     */
-    public function __construct($userAgent, $disableVerifyPeer, $cookieJar = null)
-    {
-        $this->curlHandle = curl_init();
-
-        curl_setopt($this->curlHandle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($this->curlHandle, CURLOPT_USERAGENT, $userAgent);
-        curl_setopt($this->curlHandle, CURLOPT_FAILONERROR, true);
-
-        if ($disableVerifyPeer) {
-            curl_setopt($this->curlHandle, CURLOPT_SSL_VERIFYPEER, false);
-        }
-
-        if($cookieJar !== null) {
-            curl_setopt($this->curlHandle, CURLOPT_COOKIEFILE, $cookieJar);
-            curl_setopt($this->curlHandle, CURLOPT_COOKIEJAR, $cookieJar);
-        }
-    }
-
-    public function __destruct()
-    {
-        curl_close($this->curlHandle);
-    }
-
-    /**
-     * Fetches the content of a URL, with an optional parameter set.
-     *
-     * @param string     $url        The URL to fetch.
-     * @param null|array $parameters Key/value pair of GET parameters to add to the request.
-     *                               Null lets you handle it yourself.
-     *
-     * @param array      $headers
-     *
-     * @return string
-     * @throws CurlException
-     */
-    public function get($url, $parameters = null, $headers = array())
-    {
-        if ($parameters !== null && is_array($parameters)) {
-            $getString = '?' . http_build_query($parameters);
-            $url .= $getString;
-        }
-
-        curl_setopt($this->curlHandle, CURLOPT_URL, $url);
-
-        // Make sure we're doing a GET
-        curl_setopt($this->curlHandle, CURLOPT_POST, false);
-
-        curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
-
-        $result = curl_exec($this->curlHandle);
-
-        if ($result === false) {
-            $error = curl_error($this->curlHandle);
-            throw new CurlException('Remote request failed with error ' . $error);
-        }
-
-        return $result;
-    }
-
-    /**
-     * Posts data to a URL
-     *
-     * @param string $url        The URL to fetch.
-     * @param array  $parameters Key/value pair of POST parameters to add to the request.
-     * @param array  $headers
-     *
-     * @return string
-     * @throws CurlException
-     */
-    public function post($url, $parameters, $headers = array())
-    {
-        curl_setopt($this->curlHandle, CURLOPT_URL, $url);
-
-        // Make sure we're doing a POST
-        curl_setopt($this->curlHandle, CURLOPT_POST, true);
-        curl_setopt($this->curlHandle, CURLOPT_POSTFIELDS, http_build_query($parameters));
-
-        curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
-
-        $result = curl_exec($this->curlHandle);
-
-        if ($result === false) {
-            $error = curl_error($this->curlHandle);
-            throw new CurlException('Remote request failed with error ' . $error);
-        }
-
-        return $result;
-    }
-
-    /**
-     * @return string
-     */
-    public function getError()
-    {
-        return curl_error($this->curlHandle);
-    }
+	private $curlHandle;
+
+	/**
+	 * HttpHelper constructor.
+	 *
+	 * @param string  $userAgent
+	 * @param boolean $disableVerifyPeer
+	 * @param string  $cookieJar
+	 */
+	public function __construct($userAgent, $disableVerifyPeer, $cookieJar = null)
+	{
+		$this->curlHandle = curl_init();
+
+		curl_setopt($this->curlHandle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($this->curlHandle, CURLOPT_USERAGENT, $userAgent);
+		curl_setopt($this->curlHandle, CURLOPT_FAILONERROR, true);
+
+		if ($disableVerifyPeer) {
+			curl_setopt($this->curlHandle, CURLOPT_SSL_VERIFYPEER, false);
+		}
+
+		if($cookieJar !== null) {
+			curl_setopt($this->curlHandle, CURLOPT_COOKIEFILE, $cookieJar);
+			curl_setopt($this->curlHandle, CURLOPT_COOKIEJAR, $cookieJar);
+		}
+	}
+
+	public function __destruct()
+	{
+		curl_close($this->curlHandle);
+	}
+
+	/**
+	 * Fetches the content of a URL, with an optional parameter set.
+	 *
+	 * @param string     $url        The URL to fetch.
+	 * @param null|array $parameters Key/value pair of GET parameters to add to the request.
+	 *                               Null lets you handle it yourself.
+	 *
+	 * @param array      $headers
+	 *
+	 * @return string
+	 * @throws CurlException
+	 */
+	public function get($url, $parameters = null, $headers = array())
+	{
+		if ($parameters !== null && is_array($parameters)) {
+			$getString = '?' . http_build_query($parameters);
+			$url .= $getString;
+		}
+
+		curl_setopt($this->curlHandle, CURLOPT_URL, $url);
+
+		// Make sure we're doing a GET
+		curl_setopt($this->curlHandle, CURLOPT_POST, false);
+
+		curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
+
+		$result = curl_exec($this->curlHandle);
+
+		if ($result === false) {
+			$error = curl_error($this->curlHandle);
+			throw new CurlException('Remote request failed with error ' . $error);
+		}
+
+		return $result;
+	}
+
+	/**
+	 * Posts data to a URL
+	 *
+	 * @param string $url        The URL to fetch.
+	 * @param array  $parameters Key/value pair of POST parameters to add to the request.
+	 * @param array  $headers
+	 *
+	 * @return string
+	 * @throws CurlException
+	 */
+	public function post($url, $parameters, $headers = array())
+	{
+		curl_setopt($this->curlHandle, CURLOPT_URL, $url);
+
+		// Make sure we're doing a POST
+		curl_setopt($this->curlHandle, CURLOPT_POST, true);
+		curl_setopt($this->curlHandle, CURLOPT_POSTFIELDS, http_build_query($parameters));
+
+		curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
+
+		$result = curl_exec($this->curlHandle);
+
+		if ($result === false) {
+			$error = curl_error($this->curlHandle);
+			throw new CurlException('Remote request failed with error ' . $error);
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getError()
+	{
+		return curl_error($this->curlHandle);
+	}
 }
\ No newline at end of file

Spacing +4 added lines, -4 removed lines

@@ -33,7 +33,7 @@ 
             curl_setopt($this->curlHandle, CURLOPT_SSL_VERIFYPEER, false);
         }
 
-        if($cookieJar !== null) {
+        if ($cookieJar !== null) {
             curl_setopt($this->curlHandle, CURLOPT_COOKIEFILE, $cookieJar);
             curl_setopt($this->curlHandle, CURLOPT_COOKIEJAR, $cookieJar);
         }
@@ -59,7 +59,7 @@ 
     public function get($url, $parameters = null, $headers = array())
     {
         if ($parameters !== null && is_array($parameters)) {
-            $getString = '?' . http_build_query($parameters);
+            $getString = '?'.http_build_query($parameters);
             $url .= $getString;
         }
 
@@ -74,7 +74,7 @@ 
 
         if ($result === false) {
             $error = curl_error($this->curlHandle);
-            throw new CurlException('Remote request failed with error ' . $error);
+            throw new CurlException('Remote request failed with error '.$error);
         }
 
         return $result;
@@ -104,7 +104,7 @@ 
 
         if ($result === false) {
             $error = curl_error($this->curlHandle);
-            throw new CurlException('Remote request failed with error ' . $error);
+            throw new CurlException('Remote request failed with error '.$error);
         }
 
         return $result;

includes/Helpers/MediaWikiHelper.php

Braces +2 added lines, -1 removed lines

@@ -241,7 +241,8 @@
      * @param string $username
      * @return bool
      */
-    public function checkAccountExists($username) {
+    public function checkAccountExists($username)
+    {
         $parameters = array(
             'action'  => 'query',
             'list'    => 'users',

Indentation +241 added lines, -241 removed lines

@@ -15,245 +15,245 @@
 
 class MediaWikiHelper
 {
-    /**
-     * @var IMediaWikiClient
-     */
-    private $mediaWikiClient;
-    /**
-     * @var SiteConfiguration
-     */
-    private $siteConfiguration;
-
-    /**
-     * MediaWikiHelper constructor.
-     *
-     * @param IMediaWikiClient  $mediaWikiClient
-     * @param SiteConfiguration $siteConfiguration
-     */
-    public function __construct(IMediaWikiClient $mediaWikiClient, SiteConfiguration $siteConfiguration)
-    {
-        $this->mediaWikiClient = $mediaWikiClient;
-        $this->siteConfiguration = $siteConfiguration;
-    }
-
-    /**
-     * @todo handle override antispoof and titleblacklist issues
-     *
-     * @param string $username
-     * @param string $emailAddress
-     * @param string $reason
-     *
-     * @throws Exception
-     * @throws MediaWikiApiException
-     */
-    public function createAccount($username, $emailAddress, $reason)
-    {
-        // get token
-        $tokenParams = array(
-            'action' => 'query',
-            'meta'   => 'tokens',
-            'type'   => 'createaccount',
-        );
-
-        $response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
-
-        if (isset($response->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
-        }
-
-        $token = $response->query->tokens->createaccounttoken;
-
-        $callback = $this->siteConfiguration->getBaseUrl() . '/internal.php/oauth/createCallback';
-
-        $checkboxFields = array();
-        $requiredFields = array();
-        $this->getCreationFieldData($requiredFields, $checkboxFields);
-
-        $apiCallData = array(
-            'action'              => 'createaccount',
-            'createreturnurl'     => $callback,
-            'createtoken'         => $token,
-            'createmessageformat' => 'html',
-        );
-
-        $createParams = array_fill_keys($requiredFields, '') + $apiCallData;
-
-        $createParams['username'] = $username;
-        $createParams['mailpassword'] = true;
-        $createParams['email'] = $emailAddress;
-        $createParams['reason'] = $reason;
-
-        $createResponse = $this->mediaWikiClient->doApiCall($createParams, 'POST');
-
-        if (isset($createResponse->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
-        }
-
-        if (!isset($createResponse->createaccount) || !isset($createResponse->createaccount->status)) {
-            throw new MediaWikiApiException('Unknown error creating account');
-        }
-
-        if ($createResponse->createaccount->status === 'FAIL') {
-            throw new MediaWikiApiException($createResponse->createaccount->message);
-        }
-
-        if ($createResponse->createaccount->status === 'PASS') {
-            // success!
-            return;
-        }
-
-        throw new Exception('API result reported status of ' . $createResponse->createaccount->status);
-    }
-
-    /**
-     * @param string $username
-     * @param string $title
-     * @param        $summary
-     * @param string $message
-     * @param bool   $createOnly
-     *
-     * @throws MediaWikiApiException
-     */
-    public function addTalkPageMessage($username, $title, $summary, $message, $createOnly = true)
-    {
-        // get token
-        $tokenParams = array(
-            'action' => 'query',
-            'meta'   => 'tokens',
-            'type'   => 'csrf',
-        );
-
-        $response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
-
-        if (isset($response->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
-        }
-
-        $token = $response->query->tokens->csrftoken;
-
-        if ($token === null) {
-            throw new MediaWikiApiException('Edit token could not be acquired');
-        }
-
-        $editParameters = array(
-            'action'       => 'edit',
-            'title'        => 'User talk:' . $username,
-            'section'      => 'new',
-            'sectiontitle' => $title,
-            'summary'      => $summary,
-            'text'         => $message,
-            'token'        => $token,
-        );
-
-        if ($createOnly) {
-            $editParameters['createonly'] = true;
-        }
-
-        $response = $this->mediaWikiClient->doApiCall($editParameters, 'POST');
-
-        if (!isset($response->edit)) {
-            if (isset($response->error)) {
-                throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
-            }
-
-            throw new MediaWikiApiException('Unknown error encountered during editing.');
-        }
-
-        $editResponse = $response->edit;
-        if ($editResponse->result === "Success") {
-            return;
-        }
-
-        throw new MediaWikiApiException('Edit status unsuccessful: ' . $editResponse->result);
-    }
-
-    public function getCreationFieldData(&$requiredFields, &$checkboxFields)
-    {
-        // get token
-        $params = array(
-            'action'         => 'query',
-            'meta'           => 'authmanagerinfo',
-            'amirequestsfor' => 'create',
-        );
-
-        $response = $this->mediaWikiClient->doApiCall($params, 'GET');
-
-        if (isset($response->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
-        }
-
-        $requests = $response->query->authmanagerinfo->requests;
-
-        // We don't want to deal with these providers ever.
-        $discardList = array(
-            // Requires a username and password
-            'MediaWiki\\Auth\\PasswordAuthenticationRequest',
-        );
-
-        // We require these providers to function
-        $requireList = array(
-            'MediaWiki\\Auth\\TemporaryPasswordAuthenticationRequest',
-            'MediaWiki\\Auth\\UsernameAuthenticationRequest',
-            'MediaWiki\\Auth\\UserDataAuthenticationRequest',
-            'MediaWiki\\Auth\\CreationReasonAuthenticationRequest',
-        );
-
-        $requiredFields = array();
-        // Keep checkbox fields separate, since "required" actually means optional as absent == false.
-        $checkboxFields = array();
-
-        foreach ($requests as $req) {
-            // Immediately discard anything that is on the discard list.
-            if (in_array($req->id, $discardList)) {
-                continue;
-            }
-
-            $required = false;
-
-            if ($req->required === 'primary-required' && !in_array($req->id, $requireList)) {
-                // Only want one.
-                continue;
-            }
-
-            if (in_array($req->id, $requireList)) {
-                unset($requireList[$req->id]);
-                $required = true;
-            }
-
-            if ($req->required === 'required') {
-                $required = true;
-            }
-
-            if ($required) {
-                foreach ($req->fields as $name => $data) {
-                    if ($data->type === 'checkbox') {
-                        $checkboxFields[] = $name;
-                    }
-                    else {
-                        $requiredFields[] = $name;
-                    }
-                }
-            }
-        }
-    }
-
-    /**
-     * @param string $username
-     * @return bool
-     */
-    public function checkAccountExists($username) {
-        $parameters = array(
-            'action'  => 'query',
-            'list'    => 'users',
-            'format'  => 'php',
-            'ususers' => $username,
-        );
-
-        $apiResult = $this->mediaWikiClient->doApiCall($parameters, 'GET');
-
-        $entry = $apiResult->query->users[0];
-        $exists = !isset($entry->missing);
-
-        return $exists;
-    }
+	/**
+	 * @var IMediaWikiClient
+	 */
+	private $mediaWikiClient;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $siteConfiguration;
+
+	/**
+	 * MediaWikiHelper constructor.
+	 *
+	 * @param IMediaWikiClient  $mediaWikiClient
+	 * @param SiteConfiguration $siteConfiguration
+	 */
+	public function __construct(IMediaWikiClient $mediaWikiClient, SiteConfiguration $siteConfiguration)
+	{
+		$this->mediaWikiClient = $mediaWikiClient;
+		$this->siteConfiguration = $siteConfiguration;
+	}
+
+	/**
+	 * @todo handle override antispoof and titleblacklist issues
+	 *
+	 * @param string $username
+	 * @param string $emailAddress
+	 * @param string $reason
+	 *
+	 * @throws Exception
+	 * @throws MediaWikiApiException
+	 */
+	public function createAccount($username, $emailAddress, $reason)
+	{
+		// get token
+		$tokenParams = array(
+			'action' => 'query',
+			'meta'   => 'tokens',
+			'type'   => 'createaccount',
+		);
+
+		$response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
+
+		if (isset($response->error)) {
+			throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+		}
+
+		$token = $response->query->tokens->createaccounttoken;
+
+		$callback = $this->siteConfiguration->getBaseUrl() . '/internal.php/oauth/createCallback';
+
+		$checkboxFields = array();
+		$requiredFields = array();
+		$this->getCreationFieldData($requiredFields, $checkboxFields);
+
+		$apiCallData = array(
+			'action'              => 'createaccount',
+			'createreturnurl'     => $callback,
+			'createtoken'         => $token,
+			'createmessageformat' => 'html',
+		);
+
+		$createParams = array_fill_keys($requiredFields, '') + $apiCallData;
+
+		$createParams['username'] = $username;
+		$createParams['mailpassword'] = true;
+		$createParams['email'] = $emailAddress;
+		$createParams['reason'] = $reason;
+
+		$createResponse = $this->mediaWikiClient->doApiCall($createParams, 'POST');
+
+		if (isset($createResponse->error)) {
+			throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+		}
+
+		if (!isset($createResponse->createaccount) || !isset($createResponse->createaccount->status)) {
+			throw new MediaWikiApiException('Unknown error creating account');
+		}
+
+		if ($createResponse->createaccount->status === 'FAIL') {
+			throw new MediaWikiApiException($createResponse->createaccount->message);
+		}
+
+		if ($createResponse->createaccount->status === 'PASS') {
+			// success!
+			return;
+		}
+
+		throw new Exception('API result reported status of ' . $createResponse->createaccount->status);
+	}
+
+	/**
+	 * @param string $username
+	 * @param string $title
+	 * @param        $summary
+	 * @param string $message
+	 * @param bool   $createOnly
+	 *
+	 * @throws MediaWikiApiException
+	 */
+	public function addTalkPageMessage($username, $title, $summary, $message, $createOnly = true)
+	{
+		// get token
+		$tokenParams = array(
+			'action' => 'query',
+			'meta'   => 'tokens',
+			'type'   => 'csrf',
+		);
+
+		$response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
+
+		if (isset($response->error)) {
+			throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+		}
+
+		$token = $response->query->tokens->csrftoken;
+
+		if ($token === null) {
+			throw new MediaWikiApiException('Edit token could not be acquired');
+		}
+
+		$editParameters = array(
+			'action'       => 'edit',
+			'title'        => 'User talk:' . $username,
+			'section'      => 'new',
+			'sectiontitle' => $title,
+			'summary'      => $summary,
+			'text'         => $message,
+			'token'        => $token,
+		);
+
+		if ($createOnly) {
+			$editParameters['createonly'] = true;
+		}
+
+		$response = $this->mediaWikiClient->doApiCall($editParameters, 'POST');
+
+		if (!isset($response->edit)) {
+			if (isset($response->error)) {
+				throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+			}
+
+			throw new MediaWikiApiException('Unknown error encountered during editing.');
+		}
+
+		$editResponse = $response->edit;
+		if ($editResponse->result === "Success") {
+			return;
+		}
+
+		throw new MediaWikiApiException('Edit status unsuccessful: ' . $editResponse->result);
+	}
+
+	public function getCreationFieldData(&$requiredFields, &$checkboxFields)
+	{
+		// get token
+		$params = array(
+			'action'         => 'query',
+			'meta'           => 'authmanagerinfo',
+			'amirequestsfor' => 'create',
+		);
+
+		$response = $this->mediaWikiClient->doApiCall($params, 'GET');
+
+		if (isset($response->error)) {
+			throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+		}
+
+		$requests = $response->query->authmanagerinfo->requests;
+
+		// We don't want to deal with these providers ever.
+		$discardList = array(
+			// Requires a username and password
+			'MediaWiki\\Auth\\PasswordAuthenticationRequest',
+		);
+
+		// We require these providers to function
+		$requireList = array(
+			'MediaWiki\\Auth\\TemporaryPasswordAuthenticationRequest',
+			'MediaWiki\\Auth\\UsernameAuthenticationRequest',
+			'MediaWiki\\Auth\\UserDataAuthenticationRequest',
+			'MediaWiki\\Auth\\CreationReasonAuthenticationRequest',
+		);
+
+		$requiredFields = array();
+		// Keep checkbox fields separate, since "required" actually means optional as absent == false.
+		$checkboxFields = array();
+
+		foreach ($requests as $req) {
+			// Immediately discard anything that is on the discard list.
+			if (in_array($req->id, $discardList)) {
+				continue;
+			}
+
+			$required = false;
+
+			if ($req->required === 'primary-required' && !in_array($req->id, $requireList)) {
+				// Only want one.
+				continue;
+			}
+
+			if (in_array($req->id, $requireList)) {
+				unset($requireList[$req->id]);
+				$required = true;
+			}
+
+			if ($req->required === 'required') {
+				$required = true;
+			}
+
+			if ($required) {
+				foreach ($req->fields as $name => $data) {
+					if ($data->type === 'checkbox') {
+						$checkboxFields[] = $name;
+					}
+					else {
+						$requiredFields[] = $name;
+					}
+				}
+			}
+		}
+	}
+
+	/**
+	 * @param string $username
+	 * @return bool
+	 */
+	public function checkAccountExists($username) {
+		$parameters = array(
+			'action'  => 'query',
+			'list'    => 'users',
+			'format'  => 'php',
+			'ususers' => $username,
+		);
+
+		$apiResult = $this->mediaWikiClient->doApiCall($parameters, 'GET');
+
+		$entry = $apiResult->query->users[0];
+		$exists = !isset($entry->missing);
+
+		return $exists;
+	}
 }

Spacing +9 added lines, -9 removed lines

@@ -58,12 +58,12 @@ 
         $response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
 
         if (isset($response->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+            throw new MediaWikiApiException($response->error->code.': '.$response->error->info);
         }
 
         $token = $response->query->tokens->createaccounttoken;
 
-        $callback = $this->siteConfiguration->getBaseUrl() . '/internal.php/oauth/createCallback';
+        $callback = $this->siteConfiguration->getBaseUrl().'/internal.php/oauth/createCallback';
 
         $checkboxFields = array();
         $requiredFields = array();
@@ -86,7 +86,7 @@ 
         $createResponse = $this->mediaWikiClient->doApiCall($createParams, 'POST');
 
         if (isset($createResponse->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+            throw new MediaWikiApiException($response->error->code.': '.$response->error->info);
         }
 
         if (!isset($createResponse->createaccount) || !isset($createResponse->createaccount->status)) {
@@ -102,7 +102,7 @@ 
             return;
         }
 
-        throw new Exception('API result reported status of ' . $createResponse->createaccount->status);
+        throw new Exception('API result reported status of '.$createResponse->createaccount->status);
     }
 
     /**
@@ -126,7 +126,7 @@ 
         $response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
 
         if (isset($response->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+            throw new MediaWikiApiException($response->error->code.': '.$response->error->info);
         }
 
         $token = $response->query->tokens->csrftoken;
@@ -137,7 +137,7 @@ 
 
         $editParameters = array(
             'action'       => 'edit',
-            'title'        => 'User talk:' . $username,
+            'title'        => 'User talk:'.$username,
             'section'      => 'new',
             'sectiontitle' => $title,
             'summary'      => $summary,
@@ -153,7 +153,7 @@ 
 
         if (!isset($response->edit)) {
             if (isset($response->error)) {
-                throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+                throw new MediaWikiApiException($response->error->code.': '.$response->error->info);
             }
 
             throw new MediaWikiApiException('Unknown error encountered during editing.');
@@ -164,7 +164,7 @@ 
             return;
         }
 
-        throw new MediaWikiApiException('Edit status unsuccessful: ' . $editResponse->result);
+        throw new MediaWikiApiException('Edit status unsuccessful: '.$editResponse->result);
     }
 
     public function getCreationFieldData(&$requiredFields, &$checkboxFields)
@@ -179,7 +179,7 @@ 
         $response = $this->mediaWikiClient->doApiCall($params, 'GET');
 
         if (isset($response->error)) {
-            throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
+            throw new MediaWikiApiException($response->error->code.': '.$response->error->info);
         }
 
         $requests = $response->query->authmanagerinfo->requests;