enwikipedia-acc / waca

includes/Tasks/InternalPageBase.php

Indentation +224 added lines, -224 removed lines

@@ -23,228 +23,228 @@
 
 abstract class InternalPageBase extends PageBase
 {
-    use NavigationMenuAccessControl;
-
-    /** @var IdentificationVerifier */
-    private $identificationVerifier;
-    /** @var ITypeAheadHelper */
-    private $typeAheadHelper;
-    /** @var SecurityManager */
-    private $securityManager;
-    /** @var IBlacklistHelper */
-    private $blacklistHelper;
-
-    /**
-     * @return ITypeAheadHelper
-     */
-    public function getTypeAheadHelper()
-    {
-        return $this->typeAheadHelper;
-    }
-
-    /**
-     * Sets up the internal IdentificationVerifier instance.  Intended to be called from WebStart::setupHelpers().
-     *
-     * @param IdentificationVerifier $identificationVerifier
-     *
-     * @return void
-     */
-    public function setIdentificationVerifier(IdentificationVerifier $identificationVerifier)
-    {
-        $this->identificationVerifier = $identificationVerifier;
-    }
-
-    /**
-     * @param ITypeAheadHelper $typeAheadHelper
-     */
-    public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
-    {
-        $this->typeAheadHelper = $typeAheadHelper;
-    }
-
-    /**
-     * Runs the page code
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    final public function execute()
-    {
-        if ($this->getRouteName() === null) {
-            throw new Exception("Request is unrouted.");
-        }
-
-        if ($this->getSiteConfiguration() === null) {
-            throw new Exception("Page has no configuration!");
-        }
-
-        $this->setupPage();
-
-        $this->touchUserLastActive();
-
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        // Hey, this is also a security barrier, in addition to the below. Separated out for readability.
-        if (!$this->isProtectedPage()) {
-            // This page is /not/ a protected page, as such we can just run it.
-            $this->runPage();
-
-            return;
-        }
-
-        // Security barrier.
-        //
-        // This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
-        // away for us
-        $securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
-        if ($securityResult === SecurityManager::ALLOWED) {
-            // We're allowed to run the page, so let's run it.
-            $this->runPage();
-        }
-        else {
-            $this->handleAccessDenied($securityResult);
-
-            // Send the headers
-            $this->sendResponseHeaders();
-        }
-    }
-
-    /**
-     * Performs final tasks needed before rendering the page.
-     */
-    final public function finalisePage()
-    {
-        parent::finalisePage();
-
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        if ($this->barrierTest('viewSiteNotice', User::getCurrent($database), 'GlobalInfo')) {
-            $siteNoticeText = SiteNotice::get($this->getDatabase());
-            $this->assign('siteNoticeText', $siteNoticeText);
-        }
-
-        if ($this->barrierTest('viewOnlineUsers', User::getCurrent($database), 'GlobalInfo')) {
-            $sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
-            $statement = $database->query($sql);
-            $activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
-            $this->assign('onlineusers', $activeUsers);
-        }
-
-        $this->setupNavMenuAccess($currentUser);
-    }
-
-    /**
-     * Configures whether the page respects roles or not. You probably want this to return true.
-     *
-     * Set to false for public pages. You probably want this to return true.
-     *
-     * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
-     * on this page, so you probably want this to return true.
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    protected function isProtectedPage()
-    {
-        return true;
-    }
-
-    protected function handleAccessDenied($denyReason)
-    {
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        // Not allowed to access this resource.
-        // Firstly, let's check if we're even logged in.
-        if ($currentUser->isCommunityUser()) {
-            // Not logged in, redirect to login page
-            WebRequest::setPostLoginRedirect();
-            $this->redirect("login");
-
-            return;
-        }
-        else {
-            // Decide whether this was a rights failure, or an identification failure.
-
-            if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
-                // Not identified
-                throw new NotIdentifiedException($this->getSecurityManager());
-            }
-            elseif ($denyReason === SecurityManager::ERROR_DENIED) {
-                // Nope, plain old access denied
-                throw new AccessDeniedException($this->getSecurityManager());
-            }
-            else {
-                throw new Exception('Unknown response from security manager.');
-            }
-        }
-    }
-
-    /**
-     * Tests the security barrier for a specified action.
-     *
-     * Don't use within templates
-     *
-     * @param string      $action
-     *
-     * @param User        $user
-     * @param null|string $pageName
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    final public function barrierTest($action, User $user, $pageName = null)
-    {
-        $page = get_called_class();
-        if ($pageName !== null) {
-            $page = $pageName;
-        }
-
-        $securityResult = $this->getSecurityManager()->allows($page, $action, $user);
-
-        return $securityResult === SecurityManager::ALLOWED;
-    }
-
-    /**
-     * Updates the lastactive timestamp
-     */
-    private function touchUserLastActive()
-    {
-        if (WebRequest::getSessionUserId() !== null) {
-            $query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
-            $this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
-        }
-    }
-
-    /**
-     * @return SecurityManager
-     */
-    public function getSecurityManager()
-    {
-        return $this->securityManager;
-    }
-
-    /**
-     * @param SecurityManager $securityManager
-     */
-    public function setSecurityManager(SecurityManager $securityManager)
-    {
-        $this->securityManager = $securityManager;
-    }
-
-    /**
-     * @return IBlacklistHelper
-     */
-    public function getBlacklistHelper()
-    {
-        return $this->blacklistHelper;
-    }
-
-    /**
-     * @param IBlacklistHelper $blacklistHelper
-     */
-    public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
-    {
-        $this->blacklistHelper = $blacklistHelper;
-    }
+	use NavigationMenuAccessControl;
+
+	/** @var IdentificationVerifier */
+	private $identificationVerifier;
+	/** @var ITypeAheadHelper */
+	private $typeAheadHelper;
+	/** @var SecurityManager */
+	private $securityManager;
+	/** @var IBlacklistHelper */
+	private $blacklistHelper;
+
+	/**
+	 * @return ITypeAheadHelper
+	 */
+	public function getTypeAheadHelper()
+	{
+		return $this->typeAheadHelper;
+	}
+
+	/**
+	 * Sets up the internal IdentificationVerifier instance.  Intended to be called from WebStart::setupHelpers().
+	 *
+	 * @param IdentificationVerifier $identificationVerifier
+	 *
+	 * @return void
+	 */
+	public function setIdentificationVerifier(IdentificationVerifier $identificationVerifier)
+	{
+		$this->identificationVerifier = $identificationVerifier;
+	}
+
+	/**
+	 * @param ITypeAheadHelper $typeAheadHelper
+	 */
+	public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
+	{
+		$this->typeAheadHelper = $typeAheadHelper;
+	}
+
+	/**
+	 * Runs the page code
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	final public function execute()
+	{
+		if ($this->getRouteName() === null) {
+			throw new Exception("Request is unrouted.");
+		}
+
+		if ($this->getSiteConfiguration() === null) {
+			throw new Exception("Page has no configuration!");
+		}
+
+		$this->setupPage();
+
+		$this->touchUserLastActive();
+
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		// Hey, this is also a security barrier, in addition to the below. Separated out for readability.
+		if (!$this->isProtectedPage()) {
+			// This page is /not/ a protected page, as such we can just run it.
+			$this->runPage();
+
+			return;
+		}
+
+		// Security barrier.
+		//
+		// This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
+		// away for us
+		$securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
+		if ($securityResult === SecurityManager::ALLOWED) {
+			// We're allowed to run the page, so let's run it.
+			$this->runPage();
+		}
+		else {
+			$this->handleAccessDenied($securityResult);
+
+			// Send the headers
+			$this->sendResponseHeaders();
+		}
+	}
+
+	/**
+	 * Performs final tasks needed before rendering the page.
+	 */
+	final public function finalisePage()
+	{
+		parent::finalisePage();
+
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		if ($this->barrierTest('viewSiteNotice', User::getCurrent($database), 'GlobalInfo')) {
+			$siteNoticeText = SiteNotice::get($this->getDatabase());
+			$this->assign('siteNoticeText', $siteNoticeText);
+		}
+
+		if ($this->barrierTest('viewOnlineUsers', User::getCurrent($database), 'GlobalInfo')) {
+			$sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
+			$statement = $database->query($sql);
+			$activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
+			$this->assign('onlineusers', $activeUsers);
+		}
+
+		$this->setupNavMenuAccess($currentUser);
+	}
+
+	/**
+	 * Configures whether the page respects roles or not. You probably want this to return true.
+	 *
+	 * Set to false for public pages. You probably want this to return true.
+	 *
+	 * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
+	 * on this page, so you probably want this to return true.
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	protected function isProtectedPage()
+	{
+		return true;
+	}
+
+	protected function handleAccessDenied($denyReason)
+	{
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		// Not allowed to access this resource.
+		// Firstly, let's check if we're even logged in.
+		if ($currentUser->isCommunityUser()) {
+			// Not logged in, redirect to login page
+			WebRequest::setPostLoginRedirect();
+			$this->redirect("login");
+
+			return;
+		}
+		else {
+			// Decide whether this was a rights failure, or an identification failure.
+
+			if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
+				// Not identified
+				throw new NotIdentifiedException($this->getSecurityManager());
+			}
+			elseif ($denyReason === SecurityManager::ERROR_DENIED) {
+				// Nope, plain old access denied
+				throw new AccessDeniedException($this->getSecurityManager());
+			}
+			else {
+				throw new Exception('Unknown response from security manager.');
+			}
+		}
+	}
+
+	/**
+	 * Tests the security barrier for a specified action.
+	 *
+	 * Don't use within templates
+	 *
+	 * @param string      $action
+	 *
+	 * @param User        $user
+	 * @param null|string $pageName
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	final public function barrierTest($action, User $user, $pageName = null)
+	{
+		$page = get_called_class();
+		if ($pageName !== null) {
+			$page = $pageName;
+		}
+
+		$securityResult = $this->getSecurityManager()->allows($page, $action, $user);
+
+		return $securityResult === SecurityManager::ALLOWED;
+	}
+
+	/**
+	 * Updates the lastactive timestamp
+	 */
+	private function touchUserLastActive()
+	{
+		if (WebRequest::getSessionUserId() !== null) {
+			$query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
+			$this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
+		}
+	}
+
+	/**
+	 * @return SecurityManager
+	 */
+	public function getSecurityManager()
+	{
+		return $this->securityManager;
+	}
+
+	/**
+	 * @param SecurityManager $securityManager
+	 */
+	public function setSecurityManager(SecurityManager $securityManager)
+	{
+		$this->securityManager = $securityManager;
+	}
+
+	/**
+	 * @return IBlacklistHelper
+	 */
+	public function getBlacklistHelper()
+	{
+		return $this->blacklistHelper;
+	}
+
+	/**
+	 * @param IBlacklistHelper $blacklistHelper
+	 */
+	public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
+	{
+		$this->blacklistHelper = $blacklistHelper;
+	}
 }

includes/ConsoleTasks/RunJobQueueTask.php

Indentation +112 added lines, -112 removed lines

@@ -22,116 +22,116 @@
 
 class RunJobQueueTask extends ConsoleTaskBase
 {
-    private $taskList = array(
-        WelcomeUserTask::class,
-        BotCreationTask::class,
-        UserCreationTask::class
-    );
-
-    public function execute()
-    {
-        $database = $this->getDatabase();
-
-        // ensure we're running inside a tx here.
-        if (!$database->hasActiveTransaction()) {
-            $database->beginTransaction();
-        }
-
-        $sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
-        $statement = $database->prepare($sql);
-        $statement->execute(array(':status' => JobQueue::STATUS_READY, ':lim' => 10));
-        /** @var JobQueue[] $queuedJobs */
-        $queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
-
-        // mark all the jobs as running, and commit the txn so we're not holding onto long-running transactions.
-        // We'll re-lock the row when we get to it.
-        foreach ($queuedJobs as $job) {
-            $job->setDatabase($database);
-            $job->setStatus(JobQueue::STATUS_WAITING);
-            $job->setError(null);
-            $job->setAcknowledged(null);
-            $job->save();
-        }
-
-        $database->commit();
-
-        set_error_handler(array(RunJobQueueTask::class, 'errorHandler'), E_ALL);
-
-        foreach ($queuedJobs as $job) {
-            try {
-                $database->beginTransaction();
-                $job->setStatus(JobQueue::STATUS_RUNNING);
-                $job->save();
-                $database->commit();
-
-                $database->beginTransaction();
-
-                // re-lock the job
-                $job->setStatus(JobQueue::STATUS_RUNNING);
-                $job->save();
-
-                // validate we're allowed to run the requested task (whitelist)
-                if (!in_array($job->getTask(), $this->taskList)) {
-                    throw new ApplicationLogicException('Job task not registered');
-                }
-
-                // Create a task.
-                $taskName = $job->getTask();
-
-                if(!class_exists($taskName)) {
-                    throw new ApplicationLogicException('Job task does not exist');
-                }
-
-                /** @var BackgroundTaskBase $task */
-                $task = new $taskName;
-
-                $this->setupTask($task, $job);
-                $task->run();
-            }
-            catch (Exception $ex) {
-                $database->rollBack();
-                $database->beginTransaction();
-
-                /** @var JobQueue $job */
-                $job = JobQueue::getById($job->getId(), $database);
-                $job->setDatabase($database);
-                $job->setStatus(JobQueue::STATUS_FAILED);
-                $job->setError($ex->getMessage());
-                $job->setAcknowledged(0);
-                $job->save();
-
-                /** @var Request $request */
-                $request = Request::getById($job->getRequest(), $database);
-                if ($request === false) {
-                    $request = null;
-                }
-
-                Logger::backgroundJobIssue($this->getDatabase(), $job);
-
-                $database->commit();
-            }
-            finally {
-                $database->commit();
-            }
-        }
-    }
-
-    /**
-     * @param BackgroundTaskBase $task
-     * @param JobQueue           $job
-     */
-    private function setupTask(BackgroundTaskBase $task, JobQueue $job)
-    {
-        $task->setJob($job);
-        $task->setDatabase($this->getDatabase());
-        $task->setHttpHelper($this->getHttpHelper());
-        $task->setOauthProtocolHelper($this->getOAuthProtocolHelper());
-        $task->setEmailHelper($this->getEmailHelper());
-        $task->setSiteConfiguration($this->getSiteConfiguration());
-        $task->setNotificationHelper($this->getNotificationHelper());
-    }
-
-    public static function errorHandler($errno, $errstr, $errfile, $errline) {
-        throw new Exception($errfile . "@" . $errline . ": " . $errstr);
-    }
+	private $taskList = array(
+		WelcomeUserTask::class,
+		BotCreationTask::class,
+		UserCreationTask::class
+	);
+
+	public function execute()
+	{
+		$database = $this->getDatabase();
+
+		// ensure we're running inside a tx here.
+		if (!$database->hasActiveTransaction()) {
+			$database->beginTransaction();
+		}
+
+		$sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
+		$statement = $database->prepare($sql);
+		$statement->execute(array(':status' => JobQueue::STATUS_READY, ':lim' => 10));
+		/** @var JobQueue[] $queuedJobs */
+		$queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
+
+		// mark all the jobs as running, and commit the txn so we're not holding onto long-running transactions.
+		// We'll re-lock the row when we get to it.
+		foreach ($queuedJobs as $job) {
+			$job->setDatabase($database);
+			$job->setStatus(JobQueue::STATUS_WAITING);
+			$job->setError(null);
+			$job->setAcknowledged(null);
+			$job->save();
+		}
+
+		$database->commit();
+
+		set_error_handler(array(RunJobQueueTask::class, 'errorHandler'), E_ALL);
+
+		foreach ($queuedJobs as $job) {
+			try {
+				$database->beginTransaction();
+				$job->setStatus(JobQueue::STATUS_RUNNING);
+				$job->save();
+				$database->commit();
+
+				$database->beginTransaction();
+
+				// re-lock the job
+				$job->setStatus(JobQueue::STATUS_RUNNING);
+				$job->save();
+
+				// validate we're allowed to run the requested task (whitelist)
+				if (!in_array($job->getTask(), $this->taskList)) {
+					throw new ApplicationLogicException('Job task not registered');
+				}
+
+				// Create a task.
+				$taskName = $job->getTask();
+
+				if(!class_exists($taskName)) {
+					throw new ApplicationLogicException('Job task does not exist');
+				}
+
+				/** @var BackgroundTaskBase $task */
+				$task = new $taskName;
+
+				$this->setupTask($task, $job);
+				$task->run();
+			}
+			catch (Exception $ex) {
+				$database->rollBack();
+				$database->beginTransaction();
+
+				/** @var JobQueue $job */
+				$job = JobQueue::getById($job->getId(), $database);
+				$job->setDatabase($database);
+				$job->setStatus(JobQueue::STATUS_FAILED);
+				$job->setError($ex->getMessage());
+				$job->setAcknowledged(0);
+				$job->save();
+
+				/** @var Request $request */
+				$request = Request::getById($job->getRequest(), $database);
+				if ($request === false) {
+					$request = null;
+				}
+
+				Logger::backgroundJobIssue($this->getDatabase(), $job);
+
+				$database->commit();
+			}
+			finally {
+				$database->commit();
+			}
+		}
+	}
+
+	/**
+	 * @param BackgroundTaskBase $task
+	 * @param JobQueue           $job
+	 */
+	private function setupTask(BackgroundTaskBase $task, JobQueue $job)
+	{
+		$task->setJob($job);
+		$task->setDatabase($this->getDatabase());
+		$task->setHttpHelper($this->getHttpHelper());
+		$task->setOauthProtocolHelper($this->getOAuthProtocolHelper());
+		$task->setEmailHelper($this->getEmailHelper());
+		$task->setSiteConfiguration($this->getSiteConfiguration());
+		$task->setNotificationHelper($this->getNotificationHelper());
+	}
+
+	public static function errorHandler($errno, $errstr, $errfile, $errline) {
+		throw new Exception($errfile . "@" . $errline . ": " . $errstr);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -78,7 +78,7 @@ 
                 // Create a task.
                 $taskName = $job->getTask();
 
-                if(!class_exists($taskName)) {
+                if (!class_exists($taskName)) {
                     throw new ApplicationLogicException('Job task does not exist');
                 }
 
@@ -132,6 +132,6 @@ 
     }
 
     public static function errorHandler($errno, $errstr, $errfile, $errline) {
-        throw new Exception($errfile . "@" . $errline . ": " . $errstr);
+        throw new Exception($errfile."@".$errline.": ".$errstr);
     }
 }

Braces +2 added lines, -1 removed lines

@@ -131,7 +131,8 @@
         $task->setNotificationHelper($this->getNotificationHelper());
     }
 
-    public static function errorHandler($errno, $errstr, $errfile, $errline) {
+    public static function errorHandler($errno, $errstr, $errfile, $errline)
+    {
         throw new Exception($errfile . "@" . $errline . ": " . $errstr);
     }
 }

includes/API/Actions/JsTemplateConfirmsAction.php

Indentation +13 added lines, -13 removed lines

@@ -17,20 +17,20 @@
 
 class JsTemplateConfirmsAction extends JsonApiPageBase implements IJsonApiAction
 {
-    public function executeApiAction()
-    {
-        $this->getDatabase();
+	public function executeApiAction()
+	{
+		$this->getDatabase();
 
-        /** @var EmailTemplate[] $templates */
-        $templates = EmailTemplate::getAllActiveTemplates(null, $this->getDatabase());
+		/** @var EmailTemplate[] $templates */
+		$templates = EmailTemplate::getAllActiveTemplates(null, $this->getDatabase());
 
-        $dataset = [];
-        foreach ($templates as $tpl) {
-            if($tpl->getJsquestion() != "") {
-                $dataset[$tpl->getId()] = $tpl->getJsquestion();
-            }
-        }
+		$dataset = [];
+		foreach ($templates as $tpl) {
+			if($tpl->getJsquestion() != "") {
+				$dataset[$tpl->getId()] = $tpl->getJsquestion();
+			}
+		}
 
-        return $dataset;
-    }
+		return $dataset;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -26,7 +26,7 @@
 
         $dataset = [];
         foreach ($templates as $tpl) {
-            if($tpl->getJsquestion() != "") {
+            if ($tpl->getJsquestion() != "") {
                 $dataset[$tpl->getId()] = $tpl->getJsquestion();
             }
         }

includes/Pages/UserAuth/PagePreferences.php

Indentation +90 added lines, -90 removed lines

@@ -16,94 +16,94 @@
 
 class PagePreferences extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Preferences');
-
-        $enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth();
-        $database = $this->getDatabase();
-        $user = User::getCurrent($database);
-
-        // Dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $user->setWelcomeSig(WebRequest::postString('sig'));
-            $user->setEmailSig(WebRequest::postString('emailsig'));
-            $user->setAbortPref(WebRequest::postBoolean('abortpref') ? 1 : 0);
-            $this->setCreationMode($user);
-            $user->setSkin(WebRequest::postBoolean('skintype') ? 'alt' : 'main');
-
-            $email = WebRequest::postEmail('email');
-            if ($email !== null) {
-                $user->setEmail($email);
-            }
-
-            $user->save();
-            SessionAlert::success("Preferences updated!");
-
-            $this->redirect('');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('preferences/prefs.tpl');
-            $this->assign("enforceOAuth", $enforceOAuth);
-
-            $this->assign('canManualCreate',
-                $this->barrierTest(User::CREATION_MANUAL, $user, 'RequestCreation'));
-            $this->assign('canOauthCreate',
-                $this->barrierTest(User::CREATION_OAUTH, $user, 'RequestCreation'));
-            $this->assign('canBotCreate',
-                $this->barrierTest(User::CREATION_BOT, $user, 'RequestCreation'));
-
-            $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(),
-                $this->getSiteConfiguration());
-            $this->assign('oauth', $oauth);
-
-            $identity = null;
-            if ($oauth->isFullyLinked()) {
-                $identity = $oauth->getIdentity();
-            }
-
-            $this->assign('identity', $identity);
-            $this->assign('graceTime', $this->getSiteConfiguration()->getOauthIdentityGraceTime());
-        }
-    }
-
-    protected function refreshOAuth()
-    {
-        if (!WebRequest::wasPosted()) {
-            $this->redirect('preferences');
-
-            return;
-        }
-
-        $database = $this->getDatabase();
-        $oauth = new OAuthUserHelper(User::getCurrent($database), $database, $this->getOAuthProtocolHelper(),
-            $this->getSiteConfiguration());
-        if ($oauth->isFullyLinked()) {
-            $oauth->refreshIdentity();
-        }
-
-        $this->redirect('preferences');
-
-        return;
-    }
-
-    /**
-     * @param User $user
-     */
-    protected function setCreationMode(User $user)
-    {
-        // if the user is selecting a creation mode that they are not allowed, do nothing.
-        // this has the side effect of allowing them to keep a selected mode that either has been changed for them,
-        // or that they have kept from when they previously had certain access.
-        $creationMode = WebRequest::postInt('creationmode');
-        if ($this->barrierTest($creationMode, $user, 'RequestCreation')) {
-            $user->setCreationMode($creationMode);
-        }
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Preferences');
+
+		$enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth();
+		$database = $this->getDatabase();
+		$user = User::getCurrent($database);
+
+		// Dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$user->setWelcomeSig(WebRequest::postString('sig'));
+			$user->setEmailSig(WebRequest::postString('emailsig'));
+			$user->setAbortPref(WebRequest::postBoolean('abortpref') ? 1 : 0);
+			$this->setCreationMode($user);
+			$user->setSkin(WebRequest::postBoolean('skintype') ? 'alt' : 'main');
+
+			$email = WebRequest::postEmail('email');
+			if ($email !== null) {
+				$user->setEmail($email);
+			}
+
+			$user->save();
+			SessionAlert::success("Preferences updated!");
+
+			$this->redirect('');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('preferences/prefs.tpl');
+			$this->assign("enforceOAuth", $enforceOAuth);
+
+			$this->assign('canManualCreate',
+				$this->barrierTest(User::CREATION_MANUAL, $user, 'RequestCreation'));
+			$this->assign('canOauthCreate',
+				$this->barrierTest(User::CREATION_OAUTH, $user, 'RequestCreation'));
+			$this->assign('canBotCreate',
+				$this->barrierTest(User::CREATION_BOT, $user, 'RequestCreation'));
+
+			$oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(),
+				$this->getSiteConfiguration());
+			$this->assign('oauth', $oauth);
+
+			$identity = null;
+			if ($oauth->isFullyLinked()) {
+				$identity = $oauth->getIdentity();
+			}
+
+			$this->assign('identity', $identity);
+			$this->assign('graceTime', $this->getSiteConfiguration()->getOauthIdentityGraceTime());
+		}
+	}
+
+	protected function refreshOAuth()
+	{
+		if (!WebRequest::wasPosted()) {
+			$this->redirect('preferences');
+
+			return;
+		}
+
+		$database = $this->getDatabase();
+		$oauth = new OAuthUserHelper(User::getCurrent($database), $database, $this->getOAuthProtocolHelper(),
+			$this->getSiteConfiguration());
+		if ($oauth->isFullyLinked()) {
+			$oauth->refreshIdentity();
+		}
+
+		$this->redirect('preferences');
+
+		return;
+	}
+
+	/**
+	 * @param User $user
+	 */
+	protected function setCreationMode(User $user)
+	{
+		// if the user is selecting a creation mode that they are not allowed, do nothing.
+		// this has the side effect of allowing them to keep a selected mode that either has been changed for them,
+		// or that they have kept from when they previously had certain access.
+		$creationMode = WebRequest::postInt('creationmode');
+		if ($this->barrierTest($creationMode, $user, 'RequestCreation')) {
+			$user->setCreationMode($creationMode);
+		}
+	}
 }

includes/Pages/RequestAction/PageCustomClose.php

Indentation +274 added lines, -274 removed lines

@@ -24,278 +24,278 @@
 
 class PageCustomClose extends PageCloseRequest
 {
-    use RequestData;
-
-    protected function main()
-    {
-        $database = $this->getDatabase();
-
-        $request = $this->getRequest($database);
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        // Dual-mode page
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $this->doCustomClose($currentUser, $request, $database);
-
-            $this->redirect();
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->showCustomCloseForm($database, $request);
-        }
-    }
-
-    /**
-     * @param $database
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database)
-    {
-        $requestId = WebRequest::getInt('request');
-        if ($requestId === null) {
-            throw new ApplicationLogicException('Request ID not found');
-        }
-
-        /** @var Request $request */
-        $request = Request::getById($requestId, $database);
-
-        if ($request === false) {
-            throw new ApplicationLogicException('Request not found');
-        }
-
-        return $request;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate|null
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::getInt('template');
-        if ($templateId === null) {
-            return null;
-        }
-
-        /** @var EmailTemplate $template */
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !$template->getActive()) {
-            return null;
-        }
-
-        return $template;
-    }
-
-    /**
-     * @param $database
-     * @param $request
-     *
-     * @throws Exception
-     */
-    protected function showCustomCloseForm(PdoDatabase $database, Request $request)
-    {
-        $currentUser = User::getCurrent($database);
-        $config = $this->getSiteConfiguration();
-
-        $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
-        if (!$allowedPrivateData) {
-            // we probably shouldn't be showing the user this form if they're not allowed to access private data...
-            throw new AccessDeniedException($this->getSecurityManager());
-        }
-
-        $template = $this->getTemplate($database);
-
-        // Preload data
-        $this->assign('defaultAction', '');
-        $this->assign('preloadText', '');
-        $this->assign('preloadTitle', '');
-
-        if ($template !== null) {
-            $this->assign('defaultAction', $template->getDefaultAction());
-            $this->assign('preloadText', $template->getText());
-            $this->assign('preloadTitle', $template->getName());
-        }
-
-        // Static data
-        $this->assign('requeststates', $config->getRequestStates());
-
-        // request data
-        $this->assign('requestId', $request->getIp());
-        $this->assign('updateVersion', $request->getUpdateVersion());
-        $this->setupBasicData($request, $config);
-        $this->setupReservationDetails($request->getReserved(), $database, $currentUser);
-        $this->setupPrivateData($request, $currentUser, $this->getSiteConfiguration(), $database);
-
-        // IP location
-        $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $this->assign('iplocation', $this->getLocationProvider()->getIpLocation($trustedIp));
-
-        // Confirmations
-        $this->assign('confirmEmailAlreadySent', $this->checkEmailAlreadySent($request));
-
-        $this->assign('canSkipCcMailingList', $this->barrierTest('skipCcMailingList', $currentUser));
-
-        $this->assign('allowWelcomeSkip', false);
-        $this->assign('forceWelcomeSkip', false);
-
-        $oauth = new OAuthUserHelper($currentUser, $this->getDatabase(), $this->getOAuthProtocolHelper(), $config);
-
-        if ($currentUser->getWelcomeTemplate() != 0) {
-            $this->assign('allowWelcomeSkip', true);
-
-            if (!$oauth->canWelcome()) {
-                $this->assign('forceWelcomeSkip', true);
-            }
-        }
-
-
-        // template
-        $this->setTemplate('custom-close.tpl');
-    }
-
-    /**
-     * @param User        $currentUser
-     * @param Request     $request
-     * @param PdoDatabase $database
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function doCustomClose(User $currentUser, Request $request, PdoDatabase $database)
-    {
-        $messageBody = WebRequest::postString('msgbody');
-        if ($messageBody === null || trim($messageBody) === '') {
-            throw new ApplicationLogicException('Message body cannot be blank');
-        }
-
-        $ccMailingList = true;
-        if ($this->barrierTest('skipCcMailingList', $currentUser)) {
-            $ccMailingList = WebRequest::postBoolean('ccMailingList');
-        }
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        if (!(WebRequest::postBoolean('confirmEmailAlreadySent'))
-        ) {
-            throw new ApplicationLogicException('Not all confirmations checked');
-        }
-
-        $action = WebRequest::postString('action');
-        $availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
-
-        if ($action === EmailTemplate::CREATED || $action === EmailTemplate::NOT_CREATED) {
-            // Close request
-            $this->closeRequest($request, $database, $action, $messageBody);
-
-            $this->processWelcome($action);
-
-            // Send the mail after the save, since save can be rolled back
-            $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-        }
-        else {
-            if (array_key_exists($action, $availableRequestStates)) {
-                // Defer to other state
-                $this->deferRequest($request, $database, $action, $availableRequestStates, $messageBody);
-
-                // Send the mail after the save, since save can be rolled back
-                $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-            }
-            else {
-                $request->setReserved(null);
-                $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-                $request->save();
-
-                // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
-                // and be rolled back.
-
-                // Send mail
-                $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-
-                Logger::sentMail($database, $request, $messageBody);
-                Logger::unreserve($database, $request);
-
-                $this->getNotificationHelper()->sentMail($request);
-                SessionAlert::success("Sent mail to Request {$request->getId()}");
-            }
-        }
-    }
-
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     * @param string      $action
-     * @param string      $messageBody
-     *
-     * @throws Exception
-     * @throws OptimisticLockFailedException
-     */
-    protected function closeRequest(Request $request, PdoDatabase $database, $action, $messageBody)
-    {
-        $request->setStatus('Closed');
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
-        // be rolled back.
-
-        if ($action == EmailTemplate::CREATED) {
-            $logCloseType = 'custom-y';
-            $notificationCloseType = "Custom, Created";
-        }
-        else {
-            $logCloseType = 'custom-n';
-            $notificationCloseType = "Custom, Not Created";
-        }
-
-        Logger::closeRequest($database, $request, $logCloseType, $messageBody);
-        $this->getNotificationHelper()->requestClosed($request, $notificationCloseType);
-
-        $requestName = htmlentities($request->getName(), ENT_COMPAT, 'UTF-8');
-        SessionAlert::success("Request {$request->getId()} ({$requestName}) closed as {$notificationCloseType}.");
-    }
-
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     * @param string      $action
-     * @param             $availableRequestStates
-     * @param string      $messageBody
-     *
-     * @throws Exception
-     * @throws OptimisticLockFailedException
-     */
-    protected function deferRequest(
-        Request $request,
-        PdoDatabase $database,
-        $action,
-        $availableRequestStates,
-        $messageBody
-    ) {
-        $request->setStatus($action);
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
-        // and be rolled back.
-
-        $deferToLog = $availableRequestStates[$action]['defertolog'];
-        Logger::sentMail($database, $request, $messageBody);
-        Logger::deferRequest($database, $request, $deferToLog);
-
-        $this->getNotificationHelper()->requestDeferredWithMail($request);
-
-        $deferTo = $availableRequestStates[$action]['deferto'];
-        SessionAlert::success("Request {$request->getId()} deferred to $deferTo, sending an email.");
-    }
+	use RequestData;
+
+	protected function main()
+	{
+		$database = $this->getDatabase();
+
+		$request = $this->getRequest($database);
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		// Dual-mode page
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$this->doCustomClose($currentUser, $request, $database);
+
+			$this->redirect();
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->showCustomCloseForm($database, $request);
+		}
+	}
+
+	/**
+	 * @param $database
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database)
+	{
+		$requestId = WebRequest::getInt('request');
+		if ($requestId === null) {
+			throw new ApplicationLogicException('Request ID not found');
+		}
+
+		/** @var Request $request */
+		$request = Request::getById($requestId, $database);
+
+		if ($request === false) {
+			throw new ApplicationLogicException('Request not found');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate|null
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::getInt('template');
+		if ($templateId === null) {
+			return null;
+		}
+
+		/** @var EmailTemplate $template */
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !$template->getActive()) {
+			return null;
+		}
+
+		return $template;
+	}
+
+	/**
+	 * @param $database
+	 * @param $request
+	 *
+	 * @throws Exception
+	 */
+	protected function showCustomCloseForm(PdoDatabase $database, Request $request)
+	{
+		$currentUser = User::getCurrent($database);
+		$config = $this->getSiteConfiguration();
+
+		$allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
+		if (!$allowedPrivateData) {
+			// we probably shouldn't be showing the user this form if they're not allowed to access private data...
+			throw new AccessDeniedException($this->getSecurityManager());
+		}
+
+		$template = $this->getTemplate($database);
+
+		// Preload data
+		$this->assign('defaultAction', '');
+		$this->assign('preloadText', '');
+		$this->assign('preloadTitle', '');
+
+		if ($template !== null) {
+			$this->assign('defaultAction', $template->getDefaultAction());
+			$this->assign('preloadText', $template->getText());
+			$this->assign('preloadTitle', $template->getName());
+		}
+
+		// Static data
+		$this->assign('requeststates', $config->getRequestStates());
+
+		// request data
+		$this->assign('requestId', $request->getIp());
+		$this->assign('updateVersion', $request->getUpdateVersion());
+		$this->setupBasicData($request, $config);
+		$this->setupReservationDetails($request->getReserved(), $database, $currentUser);
+		$this->setupPrivateData($request, $currentUser, $this->getSiteConfiguration(), $database);
+
+		// IP location
+		$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$this->assign('iplocation', $this->getLocationProvider()->getIpLocation($trustedIp));
+
+		// Confirmations
+		$this->assign('confirmEmailAlreadySent', $this->checkEmailAlreadySent($request));
+
+		$this->assign('canSkipCcMailingList', $this->barrierTest('skipCcMailingList', $currentUser));
+
+		$this->assign('allowWelcomeSkip', false);
+		$this->assign('forceWelcomeSkip', false);
+
+		$oauth = new OAuthUserHelper($currentUser, $this->getDatabase(), $this->getOAuthProtocolHelper(), $config);
+
+		if ($currentUser->getWelcomeTemplate() != 0) {
+			$this->assign('allowWelcomeSkip', true);
+
+			if (!$oauth->canWelcome()) {
+				$this->assign('forceWelcomeSkip', true);
+			}
+		}
+
+
+		// template
+		$this->setTemplate('custom-close.tpl');
+	}
+
+	/**
+	 * @param User        $currentUser
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function doCustomClose(User $currentUser, Request $request, PdoDatabase $database)
+	{
+		$messageBody = WebRequest::postString('msgbody');
+		if ($messageBody === null || trim($messageBody) === '') {
+			throw new ApplicationLogicException('Message body cannot be blank');
+		}
+
+		$ccMailingList = true;
+		if ($this->barrierTest('skipCcMailingList', $currentUser)) {
+			$ccMailingList = WebRequest::postBoolean('ccMailingList');
+		}
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		if (!(WebRequest::postBoolean('confirmEmailAlreadySent'))
+		) {
+			throw new ApplicationLogicException('Not all confirmations checked');
+		}
+
+		$action = WebRequest::postString('action');
+		$availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
+
+		if ($action === EmailTemplate::CREATED || $action === EmailTemplate::NOT_CREATED) {
+			// Close request
+			$this->closeRequest($request, $database, $action, $messageBody);
+
+			$this->processWelcome($action);
+
+			// Send the mail after the save, since save can be rolled back
+			$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+		}
+		else {
+			if (array_key_exists($action, $availableRequestStates)) {
+				// Defer to other state
+				$this->deferRequest($request, $database, $action, $availableRequestStates, $messageBody);
+
+				// Send the mail after the save, since save can be rolled back
+				$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+			}
+			else {
+				$request->setReserved(null);
+				$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+				$request->save();
+
+				// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
+				// and be rolled back.
+
+				// Send mail
+				$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+
+				Logger::sentMail($database, $request, $messageBody);
+				Logger::unreserve($database, $request);
+
+				$this->getNotificationHelper()->sentMail($request);
+				SessionAlert::success("Sent mail to Request {$request->getId()}");
+			}
+		}
+	}
+
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 * @param string      $action
+	 * @param string      $messageBody
+	 *
+	 * @throws Exception
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function closeRequest(Request $request, PdoDatabase $database, $action, $messageBody)
+	{
+		$request->setStatus('Closed');
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
+		// be rolled back.
+
+		if ($action == EmailTemplate::CREATED) {
+			$logCloseType = 'custom-y';
+			$notificationCloseType = "Custom, Created";
+		}
+		else {
+			$logCloseType = 'custom-n';
+			$notificationCloseType = "Custom, Not Created";
+		}
+
+		Logger::closeRequest($database, $request, $logCloseType, $messageBody);
+		$this->getNotificationHelper()->requestClosed($request, $notificationCloseType);
+
+		$requestName = htmlentities($request->getName(), ENT_COMPAT, 'UTF-8');
+		SessionAlert::success("Request {$request->getId()} ({$requestName}) closed as {$notificationCloseType}.");
+	}
+
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 * @param string      $action
+	 * @param             $availableRequestStates
+	 * @param string      $messageBody
+	 *
+	 * @throws Exception
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function deferRequest(
+		Request $request,
+		PdoDatabase $database,
+		$action,
+		$availableRequestStates,
+		$messageBody
+	) {
+		$request->setStatus($action);
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
+		// and be rolled back.
+
+		$deferToLog = $availableRequestStates[$action]['defertolog'];
+		Logger::sentMail($database, $request, $messageBody);
+		Logger::deferRequest($database, $request, $deferToLog);
+
+		$this->getNotificationHelper()->requestDeferredWithMail($request);
+
+		$deferTo = $availableRequestStates[$action]['deferto'];
+		SessionAlert::success("Request {$request->getId()} deferred to $deferTo, sending an email.");
+	}
 }

includes/Pages/RequestAction/PageCloseRequest.php

Indentation +225 added lines, -225 removed lines

@@ -21,229 +21,229 @@
 
 class PageCloseRequest extends RequestActionBase
 {
-    protected function main()
-    {
-        $this->processClose();
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @throws ApplicationLogicException
-     */
-    final protected function processClose()
-    {
-        $this->checkPosted();
-        $database = $this->getDatabase();
-
-        $currentUser = User::getCurrent($database);
-        $template = $this->getTemplate($database);
-        $request = $this->getRequest($database);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        if ($this->confirmEmailAlreadySent($request, $template)) {
-            return;
-        }
-
-        if ($this->checkReserveProtect($request, $currentUser)) {
-            return;
-        }
-
-        if ($this->confirmAccountCreated($request, $template)) {
-            return;
-        }
-
-        // I think we're good here...
-        $request->setStatus('Closed');
-        $request->setReserved(null);
-
-        Logger::closeRequest($database, $request, $template->getId(), null);
-
-        $request->save();
-
-        $this->processWelcome($template->getDefaultAction());
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
-        // be rolled back.
-
-        $this->getNotificationHelper()->requestClosed($request, $template->getName());
-        $sanitisedTemplateName = htmlentities($template->getName(), ENT_COMPAT, 'UTF-8');
-        SessionAlert::success("Request {$request->getId()} has been closed as {$sanitisedTemplateName}");
-
-        $this->sendMail($request, $template->getText(), $currentUser, false);
-
-        $this->redirect();
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate
-     * @throws ApplicationLogicException
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::postInt('template');
-        if ($templateId === null) {
-            throw new ApplicationLogicException('No template specified');
-        }
-
-        /** @var EmailTemplate $template */
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !$template->getActive()) {
-            throw new ApplicationLogicException('Invalid or inactive template specified');
-        }
-
-        return $template;
-    }
-
-    /**
-     * @param Request       $request
-     * @param EmailTemplate $template
-     *
-     * @return bool
-     */
-    protected function confirmEmailAlreadySent(Request $request, EmailTemplate $template)
-    {
-        if ($this->checkEmailAlreadySent($request)) {
-            $this->showConfirmation($request, $template, 'close-confirmations/email-sent.tpl');
-
-            return true;
-        }
-
-        return false;
-    }
-
-    protected function checkEmailAlreadySent(Request $request)
-    {
-        if ($request->getEmailSent() && !WebRequest::postBoolean('emailSentOverride')) {
-            return true;
-        }
-
-        return false;
-    }
-
-    protected function checkReserveProtect(Request $request, User $currentUser)
-    {
-        $reservationId = $request->getReserved();
-
-        if ($reservationId !== 0 && $reservationId !== null) {
-            if ($currentUser->getId() !== $reservationId) {
-                SessionAlert::error("Request is reserved by someone else.");
-                $this->redirect('/viewRequest', null, ['id' => $request->getId()] );
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * @param Request       $request
-     * @param EmailTemplate $template
-     *
-     * @return bool
-     * @throws \Waca\Exceptions\CurlException
-     */
-    protected function confirmAccountCreated(Request $request, EmailTemplate $template)
-    {
-        if ($this->checkAccountCreated($request, $template)) {
-            $this->showConfirmation($request, $template, 'close-confirmations/account-created.tpl');
-
-            return true;
-        }
-
-        return false;
-    }
-
-    protected function checkAccountCreated(Request $request, EmailTemplate $template)
-    {
-        if ($template->getDefaultAction() === EmailTemplate::CREATED && !WebRequest::postBoolean('createOverride')) {
-            $parameters = array(
-                'action'  => 'query',
-                'list'    => 'users',
-                'format'  => 'php',
-                'ususers' => $request->getName(),
-            );
-
-            $content = $this->getHttpHelper()->get($this->getSiteConfiguration()->getMediawikiWebServiceEndpoint(),
-                $parameters);
-
-            $apiResult = unserialize($content);
-            $exists = !isset($apiResult['query']['users']['0']['missing']);
-
-            if (!$exists) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * @param Request $request
-     * @param string  $mailText
-     * @param User    $currentUser
-     * @param boolean $ccMailingList
-     */
-    protected function sendMail(Request $request, $mailText, User $currentUser, $ccMailingList)
-    {
-        $requestEmailHelper = new RequestEmailHelper($this->getEmailHelper());
-        $requestEmailHelper->sendMail($request, $mailText, $currentUser, $ccMailingList);
-
-        $request->setEmailSent(true);
-        $request->save();
-    }
-
-    /**
-     * @param Request       $request
-     * @param EmailTemplate $template
-     * @param string        $templateName
-     *
-     * @throws Exception
-     * @return void
-     */
-    protected function showConfirmation(Request $request, EmailTemplate $template, $templateName)
-    {
-        $this->assignCSRFToken();
-
-        $this->assign('request', $request->getId());
-        $this->assign('template', $template->getId());
-
-        $this->assign('updateversion', $request->getUpdateVersion());
-
-        $this->assign('emailSentOverride', WebRequest::postBoolean('emailSentOverride') ? 'true' : 'false');
-        $this->assign('reserveOverride', WebRequest::postBoolean('reserveOverride') ? 'true' : 'false');
-        $this->assign('createOverride', WebRequest::postBoolean('createOverride') ? 'true' : 'false');
-
-        $this->setTemplate($templateName);
-    }
-
-    /**
-     * @param string $action
-     *
-     * @throws ApplicationLogicException
-     */
-    final protected function processWelcome(string $action): void
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        if ($action !== EmailTemplate::CREATED) {
-            return;
-        }
-
-        if ($currentUser->getWelcomeTemplate() === null) {
-            return;
-        }
-
-        if (WebRequest::postBoolean('skipAutoWelcome')) {
-            return;
-        }
-
-        $this->enqueueWelcomeTask($this->getRequest($database), null, $currentUser, $database);
-    }
+	protected function main()
+	{
+		$this->processClose();
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @throws ApplicationLogicException
+	 */
+	final protected function processClose()
+	{
+		$this->checkPosted();
+		$database = $this->getDatabase();
+
+		$currentUser = User::getCurrent($database);
+		$template = $this->getTemplate($database);
+		$request = $this->getRequest($database);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		if ($this->confirmEmailAlreadySent($request, $template)) {
+			return;
+		}
+
+		if ($this->checkReserveProtect($request, $currentUser)) {
+			return;
+		}
+
+		if ($this->confirmAccountCreated($request, $template)) {
+			return;
+		}
+
+		// I think we're good here...
+		$request->setStatus('Closed');
+		$request->setReserved(null);
+
+		Logger::closeRequest($database, $request, $template->getId(), null);
+
+		$request->save();
+
+		$this->processWelcome($template->getDefaultAction());
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
+		// be rolled back.
+
+		$this->getNotificationHelper()->requestClosed($request, $template->getName());
+		$sanitisedTemplateName = htmlentities($template->getName(), ENT_COMPAT, 'UTF-8');
+		SessionAlert::success("Request {$request->getId()} has been closed as {$sanitisedTemplateName}");
+
+		$this->sendMail($request, $template->getText(), $currentUser, false);
+
+		$this->redirect();
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate
+	 * @throws ApplicationLogicException
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::postInt('template');
+		if ($templateId === null) {
+			throw new ApplicationLogicException('No template specified');
+		}
+
+		/** @var EmailTemplate $template */
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !$template->getActive()) {
+			throw new ApplicationLogicException('Invalid or inactive template specified');
+		}
+
+		return $template;
+	}
+
+	/**
+	 * @param Request       $request
+	 * @param EmailTemplate $template
+	 *
+	 * @return bool
+	 */
+	protected function confirmEmailAlreadySent(Request $request, EmailTemplate $template)
+	{
+		if ($this->checkEmailAlreadySent($request)) {
+			$this->showConfirmation($request, $template, 'close-confirmations/email-sent.tpl');
+
+			return true;
+		}
+
+		return false;
+	}
+
+	protected function checkEmailAlreadySent(Request $request)
+	{
+		if ($request->getEmailSent() && !WebRequest::postBoolean('emailSentOverride')) {
+			return true;
+		}
+
+		return false;
+	}
+
+	protected function checkReserveProtect(Request $request, User $currentUser)
+	{
+		$reservationId = $request->getReserved();
+
+		if ($reservationId !== 0 && $reservationId !== null) {
+			if ($currentUser->getId() !== $reservationId) {
+				SessionAlert::error("Request is reserved by someone else.");
+				$this->redirect('/viewRequest', null, ['id' => $request->getId()] );
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	 * @param Request       $request
+	 * @param EmailTemplate $template
+	 *
+	 * @return bool
+	 * @throws \Waca\Exceptions\CurlException
+	 */
+	protected function confirmAccountCreated(Request $request, EmailTemplate $template)
+	{
+		if ($this->checkAccountCreated($request, $template)) {
+			$this->showConfirmation($request, $template, 'close-confirmations/account-created.tpl');
+
+			return true;
+		}
+
+		return false;
+	}
+
+	protected function checkAccountCreated(Request $request, EmailTemplate $template)
+	{
+		if ($template->getDefaultAction() === EmailTemplate::CREATED && !WebRequest::postBoolean('createOverride')) {
+			$parameters = array(
+				'action'  => 'query',
+				'list'    => 'users',
+				'format'  => 'php',
+				'ususers' => $request->getName(),
+			);
+
+			$content = $this->getHttpHelper()->get($this->getSiteConfiguration()->getMediawikiWebServiceEndpoint(),
+				$parameters);
+
+			$apiResult = unserialize($content);
+			$exists = !isset($apiResult['query']['users']['0']['missing']);
+
+			if (!$exists) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	 * @param Request $request
+	 * @param string  $mailText
+	 * @param User    $currentUser
+	 * @param boolean $ccMailingList
+	 */
+	protected function sendMail(Request $request, $mailText, User $currentUser, $ccMailingList)
+	{
+		$requestEmailHelper = new RequestEmailHelper($this->getEmailHelper());
+		$requestEmailHelper->sendMail($request, $mailText, $currentUser, $ccMailingList);
+
+		$request->setEmailSent(true);
+		$request->save();
+	}
+
+	/**
+	 * @param Request       $request
+	 * @param EmailTemplate $template
+	 * @param string        $templateName
+	 *
+	 * @throws Exception
+	 * @return void
+	 */
+	protected function showConfirmation(Request $request, EmailTemplate $template, $templateName)
+	{
+		$this->assignCSRFToken();
+
+		$this->assign('request', $request->getId());
+		$this->assign('template', $template->getId());
+
+		$this->assign('updateversion', $request->getUpdateVersion());
+
+		$this->assign('emailSentOverride', WebRequest::postBoolean('emailSentOverride') ? 'true' : 'false');
+		$this->assign('reserveOverride', WebRequest::postBoolean('reserveOverride') ? 'true' : 'false');
+		$this->assign('createOverride', WebRequest::postBoolean('createOverride') ? 'true' : 'false');
+
+		$this->setTemplate($templateName);
+	}
+
+	/**
+	 * @param string $action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	final protected function processWelcome(string $action): void
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		if ($action !== EmailTemplate::CREATED) {
+			return;
+		}
+
+		if ($currentUser->getWelcomeTemplate() === null) {
+			return;
+		}
+
+		if (WebRequest::postBoolean('skipAutoWelcome')) {
+			return;
+		}
+
+		$this->enqueueWelcomeTask($this->getRequest($database), null, $currentUser, $database);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -133,7 +133,7 @@
         if ($reservationId !== 0 && $reservationId !== null) {
             if ($currentUser->getId() !== $reservationId) {
                 SessionAlert::error("Request is reserved by someone else.");
-                $this->redirect('/viewRequest', null, ['id' => $request->getId()] );
+                $this->redirect('/viewRequest', null, ['id' => $request->getId()]);
                 return true;
             }
         }

includes/Router/ApiRequestRouter.php

Indentation +42 added lines, -42 removed lines

@@ -22,49 +22,49 @@
 
 class ApiRequestRouter implements IRequestRouter
 {
-    /**
-     * @return string[]
-     */
-    public static function getActionList()
-    {
-        return array("count", "status", "stats", "help", "monitor");
-    }
+	/**
+	 * @return string[]
+	 */
+	public static function getActionList()
+	{
+		return array("count", "status", "stats", "help", "monitor");
+	}
 
-    /**
-     * @return IRoutedTask
-     * @throws Exception
-     */
-    public function route()
-    {
-        $requestAction = WebRequest::getString('action');
+	/**
+	 * @return IRoutedTask
+	 * @throws Exception
+	 */
+	public function route()
+	{
+		$requestAction = WebRequest::getString('action');
 
-        switch ($requestAction) {
-            case "count":
-                $result = new CountAction();
-                break;
-            case "status":
-                $result = new StatusAction();
-                break;
-            case "stats":
-                $result = new StatsAction();
-                break;
-            case "help":
-                $result = new HelpAction();
-                break;
-            case "monitor":
-                $result = new MonitorAction();
-                break;
-            case "users":
-                $result = new JsUsersAction();
-                break;
-            case "templates":
-                $result = new JsTemplateConfirmsAction();
-                break;
-            default:
-                $result = new UnknownAction();
-                break;
-        }
+		switch ($requestAction) {
+			case "count":
+				$result = new CountAction();
+				break;
+			case "status":
+				$result = new StatusAction();
+				break;
+			case "stats":
+				$result = new StatsAction();
+				break;
+			case "help":
+				$result = new HelpAction();
+				break;
+			case "monitor":
+				$result = new MonitorAction();
+				break;
+			case "users":
+				$result = new JsUsersAction();
+				break;
+			case "templates":
+				$result = new JsTemplateConfirmsAction();
+				break;
+			default:
+				$result = new UnknownAction();
+				break;
+		}
 
-        return $result;
-    }
+		return $result;
+	}
 }

includes/Security/ContentSecurityPolicyManager.php

Indentation +85 added lines, -85 removed lines

@@ -12,100 +12,100 @@
 
 class ContentSecurityPolicyManager
 {
-    private $policy = [
-        'default-src'     => [],
-        'script-src'      => ['self', 'nonce'],
-        'script-src-elem' => ['self', 'nonce'],
-        'script-src-attr' => [],
-        'connect-src'     => ['self'],
-        'style-src'       => ['self'],
-        'style-src-elem'  => ['self'],
-        'style-src-attr'  => [],
-        'img-src'         => ['self', 'data:', 'https://upload.wikimedia.org', 'https://accounts-dev.wmflabs.org/'],
-        'font-src'        => ['self'],
-        'form-action'     => ['self', 'oauth'],
-        'frame-ancestors' => [],
-    ];
-    private $nonce = null;
-    private $reportOnly = false;
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
+	private $policy = [
+		'default-src'     => [],
+		'script-src'      => ['self', 'nonce'],
+		'script-src-elem' => ['self', 'nonce'],
+		'script-src-attr' => [],
+		'connect-src'     => ['self'],
+		'style-src'       => ['self'],
+		'style-src-elem'  => ['self'],
+		'style-src-attr'  => [],
+		'img-src'         => ['self', 'data:', 'https://upload.wikimedia.org', 'https://accounts-dev.wmflabs.org/'],
+		'font-src'        => ['self'],
+		'form-action'     => ['self', 'oauth'],
+		'frame-ancestors' => [],
+	];
+	private $nonce = null;
+	private $reportOnly = false;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
 
-    /**
-     * ContentSecurityPolicyManager constructor.
-     *
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(SiteConfiguration $configuration)
-    {
-        $this->configuration = $configuration;
-    }
+	/**
+	 * ContentSecurityPolicyManager constructor.
+	 *
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(SiteConfiguration $configuration)
+	{
+		$this->configuration = $configuration;
+	}
 
-    public function getNonce()
-    {
-        if ($this->nonce === null) {
-            $this->nonce = base64_encode(openssl_random_pseudo_bytes(32));
-        }
+	public function getNonce()
+	{
+		if ($this->nonce === null) {
+			$this->nonce = base64_encode(openssl_random_pseudo_bytes(32));
+		}
 
-        return $this->nonce;
-    }
+		return $this->nonce;
+	}
 
-    public function getHeader(): string
-    {
-        $reportOnly = '';
-        if ($this->reportOnly) {
-            $reportOnly = '-Report-Only';
-        }
+	public function getHeader(): string
+	{
+		$reportOnly = '';
+		if ($this->reportOnly) {
+			$reportOnly = '-Report-Only';
+		}
 
-        $constructedPolicy = "Content-Security-Policy{$reportOnly}: ";
+		$constructedPolicy = "Content-Security-Policy{$reportOnly}: ";
 
-        foreach ($this->policy as $item => $values) {
-            $constructedPolicy .= $item . ' ';
-            $policyIsSet = false;
+		foreach ($this->policy as $item => $values) {
+			$constructedPolicy .= $item . ' ';
+			$policyIsSet = false;
 
-            if (count($values) > 0) {
-                foreach ($values as $value) {
-                    switch ($value) {
-                        case 'none':
-                        case 'self':
-                        case 'strict-dynamic':
-                            $policyIsSet = true;
-                            $constructedPolicy .= "'{$value}' ";
-                            break;
-                        case 'nonce':
-                            if ($this->nonce !== null) {
-                                $policyIsSet = true;
-                                $constructedPolicy .= "'nonce-{$this->nonce}' ";
-                            }
-                            break;
-                        case 'oauth':
-                            $policyIsSet = true;
-                            $constructedPolicy .= "{$this->configuration->getOauthMediaWikiCanonicalServer()} ";
-                            break;
-                        default:
-                            $policyIsSet = true;
-                            $constructedPolicy .= $value . ' ';
-                            break;
-                    }
-                }
+			if (count($values) > 0) {
+				foreach ($values as $value) {
+					switch ($value) {
+						case 'none':
+						case 'self':
+						case 'strict-dynamic':
+							$policyIsSet = true;
+							$constructedPolicy .= "'{$value}' ";
+							break;
+						case 'nonce':
+							if ($this->nonce !== null) {
+								$policyIsSet = true;
+								$constructedPolicy .= "'nonce-{$this->nonce}' ";
+							}
+							break;
+						case 'oauth':
+							$policyIsSet = true;
+							$constructedPolicy .= "{$this->configuration->getOauthMediaWikiCanonicalServer()} ";
+							break;
+						default:
+							$policyIsSet = true;
+							$constructedPolicy .= $value . ' ';
+							break;
+					}
+				}
 
-                if (!$policyIsSet) {
-                    $constructedPolicy .= "'none' ";
-                }
-            }
-            else {
-                $constructedPolicy .= "'none' ";
-            }
+				if (!$policyIsSet) {
+					$constructedPolicy .= "'none' ";
+				}
+			}
+			else {
+				$constructedPolicy .= "'none' ";
+			}
 
-            $constructedPolicy .= '; ';
-        }
+			$constructedPolicy .= '; ';
+		}
 
-        if ($this->configuration->getCspReportUri() !== null) {
-            $constructedPolicy .= 'report-uri ' . $this->configuration->getCspReportUri();
-        }
+		if ($this->configuration->getCspReportUri() !== null) {
+			$constructedPolicy .= 'report-uri ' . $this->configuration->getCspReportUri();
+		}
 
-        return $constructedPolicy;
-    }
+		return $constructedPolicy;
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -62,7 +62,7 @@ 
         $constructedPolicy = "Content-Security-Policy{$reportOnly}: ";
 
         foreach ($this->policy as $item => $values) {
-            $constructedPolicy .= $item . ' ';
+            $constructedPolicy .= $item.' ';
             $policyIsSet = false;
 
             if (count($values) > 0) {
@@ -86,7 +86,7 @@ 
                             break;
                         default:
                             $policyIsSet = true;
-                            $constructedPolicy .= $value . ' ';
+                            $constructedPolicy .= $value.' ';
                             break;
                     }
                 }
@@ -103,7 +103,7 @@ 
         }
 
         if ($this->configuration->getCspReportUri() !== null) {
-            $constructedPolicy .= 'report-uri ' . $this->configuration->getCspReportUri();
+            $constructedPolicy .= 'report-uri '.$this->configuration->getCspReportUri();
         }
 
         return $constructedPolicy;

includes/Security/RoleConfiguration.php

Indentation +360 added lines, -360 removed lines

@@ -47,391 +47,391 @@
 
 class RoleConfiguration
 {
-    const ACCESS_ALLOW = 1;
-    const ACCESS_DENY = -1;
-    const ACCESS_DEFAULT = 0;
-    const MAIN = 'main';
-    const ALL = '*';
-    /**
-     * A map of roles to rights
-     *
-     * For example:
-     *
-     * array(
-     *   'myrole' => array(
-     *       PageMyPage::class => array(
-     *           'edit' => self::ACCESS_ALLOW,
-     *           'create' => self::ACCESS_DENY,
-     *       )
-     *   )
-     * )
-     *
-     * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
-     * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
-     * be the expected result:
-     *
-     * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
-     * - (A,-,-) = A
-     * - (D,-,-) = D
-     * - (A,D,-) = D (deny takes precedence over allow)
-     * - (A,A,A) = A (repetition has no effect)
-     *
-     * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
-     *
-     * @var array
-     */
-    private $roleConfig = array(
-        'public'            => array(
-            /*
+	const ACCESS_ALLOW = 1;
+	const ACCESS_DENY = -1;
+	const ACCESS_DEFAULT = 0;
+	const MAIN = 'main';
+	const ALL = '*';
+	/**
+	 * A map of roles to rights
+	 *
+	 * For example:
+	 *
+	 * array(
+	 *   'myrole' => array(
+	 *       PageMyPage::class => array(
+	 *           'edit' => self::ACCESS_ALLOW,
+	 *           'create' => self::ACCESS_DENY,
+	 *       )
+	 *   )
+	 * )
+	 *
+	 * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
+	 * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
+	 * be the expected result:
+	 *
+	 * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
+	 * - (A,-,-) = A
+	 * - (D,-,-) = D
+	 * - (A,D,-) = D (deny takes precedence over allow)
+	 * - (A,A,A) = A (repetition has no effect)
+	 *
+	 * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
+	 *
+	 * @var array
+	 */
+	private $roleConfig = array(
+		'public'            => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED *OUT* USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'   => array(
-                'publicStats',
-            ),
-            PageTeam::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageXffDemo::class        => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-            )
-        ),
-        'loggedIn'          => array(
-            /*
+			'_childRoles'   => array(
+				'publicStats',
+			),
+			PageTeam::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageXffDemo::class        => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+			)
+		),
+		'loggedIn'          => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED IN USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'             => array(
-                'public',
-            ),
-            PagePreferences::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'refreshOAuth' => self::ACCESS_ALLOW,
-            ),
-            PageChangePassword::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageMultiFactor::class    => array(
-                self::MAIN          => self::ACCESS_ALLOW,
-                'scratch'           => self::ACCESS_ALLOW,
-                'enableYubikeyOtp'  => self::ACCESS_ALLOW,
-                'disableYubikeyOtp' => self::ACCESS_ALLOW,
-                'enableTotp'        => self::ACCESS_ALLOW,
-                'disableTotp'       => self::ACCESS_ALLOW,
-            ),
-            PageOAuth::class          => array(
-                'attach' => self::ACCESS_ALLOW,
-                'detach' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'user'              => array(
-            '_description'                       => 'A standard tool user.',
-            '_editableBy'                        => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'internalStats',
-            ),
-            PageMain::class                      => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBan::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEmailManagement::class           => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageExpandedRequestList::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageLog::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSearch::class                    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'select'   => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageViewRequest::class               => array(
-                self::MAIN       => self::ACCESS_ALLOW,
-                'seeAllRequests' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'                        => array(
-                'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
-                'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageComment::class                   => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCloseRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCreateRequest::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDeferRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDropRequest::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageReservation::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSendToUser::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class          => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageJobQueue::class                  => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-                'all'      => self::ACCESS_ALLOW,
-            ),
-            'RequestCreation'                    => array(
-                User::CREATION_MANUAL => self::ACCESS_ALLOW,
-            ),
-            'GlobalInfo'                         => array(
-                'viewSiteNotice' => self::ACCESS_ALLOW,
-                'viewOnlineUsers' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'admin'             => array(
-            '_description'                       => 'A tool administrator.',
-            '_editableBy'                        => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'user',
-                'requestAdminTools',
-            ),
-            PageEmailManagement::class           => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'create' => self::ACCESS_ALLOW,
-            ),
-            PageSiteNotice::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageUserManagement::class            => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-                'approve'   => self::ACCESS_ALLOW,
-                'decline'   => self::ACCESS_ALLOW,
-                'rename'    => self::ACCESS_ALLOW,
-                'editUser'  => self::ACCESS_ALLOW,
-                'suspend'   => self::ACCESS_ALLOW,
-                'editRoles' => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'delete' => self::ACCESS_ALLOW,
-                'add'    => self::ACCESS_ALLOW,
-            ),
-            PageJobQueue::class                  => array(
-                'acknowledge' => self::ACCESS_ALLOW,
-                'requeue'     => self::ACCESS_ALLOW,
-            ),
-        ),
-        'checkuser'         => array(
-            '_description'            => 'A user with CheckUser access',
-            '_editableBy'             => array('checkuser', 'toolRoot'),
-            '_childRoles'             => array(
-                'user',
-                'requestAdminTools',
-            ),
-            PageUserManagement::class => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-                'suspend'   => self::ACCESS_ALLOW,
-                'editRoles' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'             => array(
-                'seeUserAgentData' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'toolRoot'          => array(
-            '_description' => 'A user with shell access to the servers running the tool',
-            '_editableBy'  => array('toolRoot'),
-            '_childRoles'  => array(
-                'admin',
-            ),
-            PageMultiFactor::class => array(
-                'enableU2F'         => self::ACCESS_ALLOW,
-                'disableU2F'        => self::ACCESS_ALLOW,
-            )
-        ),
-        'botCreation'       => array(
-            '_description'    => 'A user allowed to use the bot to perform account creations',
-            '_editableBy'     => array('admin', 'toolRoot'),
-            '_childRoles'     => array(),
-            'RequestCreation' => array(
-                User::CREATION_BOT => self::ACCESS_ALLOW,
-            ),
-        ),
-        'oauthCreation'       => array(
-            '_description'    => 'A user allowed to use the OAuth to perform account creations',
-            '_editableBy'     => array('admin', 'toolRoot'),
-            '_childRoles'     => array(),
-            'RequestCreation'                    => array(
-                User::CREATION_OAUTH  => self::ACCESS_ALLOW,
-            ),
-        ),
+			'_childRoles'             => array(
+				'public',
+			),
+			PagePreferences::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'refreshOAuth' => self::ACCESS_ALLOW,
+			),
+			PageChangePassword::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageMultiFactor::class    => array(
+				self::MAIN          => self::ACCESS_ALLOW,
+				'scratch'           => self::ACCESS_ALLOW,
+				'enableYubikeyOtp'  => self::ACCESS_ALLOW,
+				'disableYubikeyOtp' => self::ACCESS_ALLOW,
+				'enableTotp'        => self::ACCESS_ALLOW,
+				'disableTotp'       => self::ACCESS_ALLOW,
+			),
+			PageOAuth::class          => array(
+				'attach' => self::ACCESS_ALLOW,
+				'detach' => self::ACCESS_ALLOW,
+			),
+		),
+		'user'              => array(
+			'_description'                       => 'A standard tool user.',
+			'_editableBy'                        => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'internalStats',
+			),
+			PageMain::class                      => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBan::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEmailManagement::class           => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageExpandedRequestList::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageLog::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSearch::class                    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'select'   => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageViewRequest::class               => array(
+				self::MAIN       => self::ACCESS_ALLOW,
+				'seeAllRequests' => self::ACCESS_ALLOW,
+			),
+			'RequestData'                        => array(
+				'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
+				'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageComment::class                   => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCloseRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCreateRequest::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDeferRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDropRequest::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageReservation::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSendToUser::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class          => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageJobQueue::class                  => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+				'all'      => self::ACCESS_ALLOW,
+			),
+			'RequestCreation'                    => array(
+				User::CREATION_MANUAL => self::ACCESS_ALLOW,
+			),
+			'GlobalInfo'                         => array(
+				'viewSiteNotice' => self::ACCESS_ALLOW,
+				'viewOnlineUsers' => self::ACCESS_ALLOW,
+			),
+		),
+		'admin'             => array(
+			'_description'                       => 'A tool administrator.',
+			'_editableBy'                        => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'user',
+				'requestAdminTools',
+			),
+			PageEmailManagement::class           => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'create' => self::ACCESS_ALLOW,
+			),
+			PageSiteNotice::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageUserManagement::class            => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+				'approve'   => self::ACCESS_ALLOW,
+				'decline'   => self::ACCESS_ALLOW,
+				'rename'    => self::ACCESS_ALLOW,
+				'editUser'  => self::ACCESS_ALLOW,
+				'suspend'   => self::ACCESS_ALLOW,
+				'editRoles' => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'delete' => self::ACCESS_ALLOW,
+				'add'    => self::ACCESS_ALLOW,
+			),
+			PageJobQueue::class                  => array(
+				'acknowledge' => self::ACCESS_ALLOW,
+				'requeue'     => self::ACCESS_ALLOW,
+			),
+		),
+		'checkuser'         => array(
+			'_description'            => 'A user with CheckUser access',
+			'_editableBy'             => array('checkuser', 'toolRoot'),
+			'_childRoles'             => array(
+				'user',
+				'requestAdminTools',
+			),
+			PageUserManagement::class => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+				'suspend'   => self::ACCESS_ALLOW,
+				'editRoles' => self::ACCESS_ALLOW,
+			),
+			'RequestData'             => array(
+				'seeUserAgentData' => self::ACCESS_ALLOW,
+			),
+		),
+		'toolRoot'          => array(
+			'_description' => 'A user with shell access to the servers running the tool',
+			'_editableBy'  => array('toolRoot'),
+			'_childRoles'  => array(
+				'admin',
+			),
+			PageMultiFactor::class => array(
+				'enableU2F'         => self::ACCESS_ALLOW,
+				'disableU2F'        => self::ACCESS_ALLOW,
+			)
+		),
+		'botCreation'       => array(
+			'_description'    => 'A user allowed to use the bot to perform account creations',
+			'_editableBy'     => array('admin', 'toolRoot'),
+			'_childRoles'     => array(),
+			'RequestCreation' => array(
+				User::CREATION_BOT => self::ACCESS_ALLOW,
+			),
+		),
+		'oauthCreation'       => array(
+			'_description'    => 'A user allowed to use the OAuth to perform account creations',
+			'_editableBy'     => array('admin', 'toolRoot'),
+			'_childRoles'     => array(),
+			'RequestCreation'                    => array(
+				User::CREATION_OAUTH  => self::ACCESS_ALLOW,
+			),
+		),
 
 
-        // Child roles go below this point
-        'publicStats'       => array(
-            '_hidden'               => true,
-            StatsUsers::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'detail'   => self::ACCESS_ALLOW,
-            ),
-            StatsTopCreators::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'internalStats'     => array(
-            '_hidden'                    => true,
-            StatsMain::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsFastCloses::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsInactiveUsers::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsMonthlyStats::class     => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsReservedRequests::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsTemplateStats::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'requestAdminTools' => array(
-            '_hidden'                   => true,
-            PageBan::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'set'      => self::ACCESS_ALLOW,
-                'remove'   => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class      => array(
-                'editOthers' => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class => array(
-                'force' => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class      => array(
-                'skipCcMailingList' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'               => array(
-                'reopenOldRequest'      => self::ACCESS_ALLOW,
-                'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
-                'alwaysSeeHash'         => self::ACCESS_ALLOW,
-                'seeRestrictedComments' => self::ACCESS_ALLOW,
-            ),
-        ),
-    );
-    /** @var array
-     * List of roles which are *exempt* from the identification requirements
-     *
-     * Think twice about adding roles to this list.
-     *
-     * @category Security-Critical
-     */
-    private $identificationExempt = array('public', 'loggedIn');
+		// Child roles go below this point
+		'publicStats'       => array(
+			'_hidden'               => true,
+			StatsUsers::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'detail'   => self::ACCESS_ALLOW,
+			),
+			StatsTopCreators::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'internalStats'     => array(
+			'_hidden'                    => true,
+			StatsMain::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsFastCloses::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsInactiveUsers::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsMonthlyStats::class     => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsReservedRequests::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsTemplateStats::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'requestAdminTools' => array(
+			'_hidden'                   => true,
+			PageBan::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'set'      => self::ACCESS_ALLOW,
+				'remove'   => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class      => array(
+				'editOthers' => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class => array(
+				'force' => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class      => array(
+				'skipCcMailingList' => self::ACCESS_ALLOW,
+			),
+			'RequestData'               => array(
+				'reopenOldRequest'      => self::ACCESS_ALLOW,
+				'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
+				'alwaysSeeHash'         => self::ACCESS_ALLOW,
+				'seeRestrictedComments' => self::ACCESS_ALLOW,
+			),
+		),
+	);
+	/** @var array
+	 * List of roles which are *exempt* from the identification requirements
+	 *
+	 * Think twice about adding roles to this list.
+	 *
+	 * @category Security-Critical
+	 */
+	private $identificationExempt = array('public', 'loggedIn');
 
-    /**
-     * RoleConfiguration constructor.
-     *
-     * @param array $roleConfig           Set to non-null to override the default configuration.
-     * @param array $identificationExempt Set to non-null to override the default configuration.
-     */
-    public function __construct(array $roleConfig = null, array $identificationExempt = null)
-    {
-        if ($roleConfig !== null) {
-            $this->roleConfig = $roleConfig;
-        }
+	/**
+	 * RoleConfiguration constructor.
+	 *
+	 * @param array $roleConfig           Set to non-null to override the default configuration.
+	 * @param array $identificationExempt Set to non-null to override the default configuration.
+	 */
+	public function __construct(array $roleConfig = null, array $identificationExempt = null)
+	{
+		if ($roleConfig !== null) {
+			$this->roleConfig = $roleConfig;
+		}
 
-        if ($identificationExempt !== null) {
-            $this->identificationExempt = $identificationExempt;
-        }
-    }
+		if ($identificationExempt !== null) {
+			$this->identificationExempt = $identificationExempt;
+		}
+	}
 
-    /**
-     * @param array $roles The roles to check
-     *
-     * @return array
-     */
-    public function getApplicableRoles(array $roles)
-    {
-        $available = array();
+	/**
+	 * @param array $roles The roles to check
+	 *
+	 * @return array
+	 */
+	public function getApplicableRoles(array $roles)
+	{
+		$available = array();
 
-        foreach ($roles as $role) {
-            if (!isset($this->roleConfig[$role])) {
-                // wat
-                continue;
-            }
+		foreach ($roles as $role) {
+			if (!isset($this->roleConfig[$role])) {
+				// wat
+				continue;
+			}
 
-            $available[$role] = $this->roleConfig[$role];
+			$available[$role] = $this->roleConfig[$role];
 
-            if (isset($available[$role]['_childRoles'])) {
-                $childRoles = self::getApplicableRoles($available[$role]['_childRoles']);
-                $available = array_merge($available, $childRoles);
+			if (isset($available[$role]['_childRoles'])) {
+				$childRoles = self::getApplicableRoles($available[$role]['_childRoles']);
+				$available = array_merge($available, $childRoles);
 
-                unset($available[$role]['_childRoles']);
-            }
+				unset($available[$role]['_childRoles']);
+			}
 
-            foreach (array('_hidden', '_editableBy', '_description') as $item) {
-                if (isset($available[$role][$item])) {
-                    unset($available[$role][$item]);
-                }
-            }
-        }
+			foreach (array('_hidden', '_editableBy', '_description') as $item) {
+				if (isset($available[$role][$item])) {
+					unset($available[$role][$item]);
+				}
+			}
+		}
 
-        return $available;
-    }
+		return $available;
+	}
 
-    public function getAvailableRoles()
-    {
-        $possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn'));
+	public function getAvailableRoles()
+	{
+		$possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn'));
 
-        $actual = array();
+		$actual = array();
 
-        foreach ($possible as $role) {
-            if (!isset($this->roleConfig[$role]['_hidden'])) {
-                $actual[$role] = array(
-                    'description' => $this->roleConfig[$role]['_description'],
-                    'editableBy'  => $this->roleConfig[$role]['_editableBy'],
-                );
-            }
-        }
+		foreach ($possible as $role) {
+			if (!isset($this->roleConfig[$role]['_hidden'])) {
+				$actual[$role] = array(
+					'description' => $this->roleConfig[$role]['_description'],
+					'editableBy'  => $this->roleConfig[$role]['_editableBy'],
+				);
+			}
+		}
 
-        return $actual;
-    }
+		return $actual;
+	}
 
-    /**
-     * @param string $role
-     *
-     * @return bool
-     */
-    public function roleNeedsIdentification($role)
-    {
-        if (in_array($role, $this->identificationExempt)) {
-            return false;
-        }
+	/**
+	 * @param string $role
+	 *
+	 * @return bool
+	 */
+	public function roleNeedsIdentification($role)
+	{
+		if (in_array($role, $this->identificationExempt)) {
+			return false;
+		}
 
-        return true;
-    }
+		return true;
+	}
 }