enwikipedia-acc / waca

smarty-plugins/modifier.relativedate.php

Indentation +62 added lines, -62 removed lines

@@ -16,73 +16,73 @@
  */
 function smarty_modifier_relativedate($input)
 {
-    $now = new DateTime();
+	$now = new DateTime();
 
-    if (gettype($input) === 'object'
-        && (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
-    ) {
-        $then = $input;
-    }
-    else {
-        try {
-            $then = new DateTime($input);
-        }
-        catch(Exception $ex) {
-            return $input;
-        }
-    }
+	if (gettype($input) === 'object'
+		&& (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
+	) {
+		$then = $input;
+	}
+	else {
+		try {
+			$then = new DateTime($input);
+		}
+		catch(Exception $ex) {
+			return $input;
+		}
+	}
 
-    $secs = $now->getTimestamp() - $then->getTimestamp();
+	$secs = $now->getTimestamp() - $then->getTimestamp();
 
-    $second = 1;
-    $minute = 60 * $second;
-    $minuteCut = 60 * $second;
-    $hour = 60 * $minute;
-    $hourCut = 90 * $minute;
-    $day = 24 * $hour;
-    $dayCut = 48 * $hour;
-    $week = 7 * $day;
-    $weekCut = 14 * $day;
-    $month = 30 * $day;
-    $monthCut = 60 * $day;
-    $year = 365 * $day;
-    $yearCut = $year * 2;
+	$second = 1;
+	$minute = 60 * $second;
+	$minuteCut = 60 * $second;
+	$hour = 60 * $minute;
+	$hourCut = 90 * $minute;
+	$day = 24 * $hour;
+	$dayCut = 48 * $hour;
+	$week = 7 * $day;
+	$weekCut = 14 * $day;
+	$month = 30 * $day;
+	$monthCut = 60 * $day;
+	$year = 365 * $day;
+	$yearCut = $year * 2;
 
-    $pluralise = true;
+	$pluralise = true;
 
-    if ($secs <= 10) {
-        $output = "just now";
-        $pluralise = false;
-    }
-    elseif ($secs > 10 && $secs < $minuteCut) {
-        $output = round($secs / $second) . " second";
-    }
-    elseif ($secs >= $minuteCut && $secs < $hourCut) {
-        $output = round($secs / $minute) . " minute";
-    }
-    elseif ($secs >= $hourCut && $secs < $dayCut) {
-        $output = round($secs / $hour) . " hour";
-    }
-    elseif ($secs >= $dayCut && $secs < $weekCut) {
-        $output = round($secs / $day) . " day";
-    }
-    elseif ($secs >= $weekCut && $secs < $monthCut) {
-        $output = round($secs / $week) . " week";
-    }
-    elseif ($secs >= $monthCut && $secs < $yearCut) {
-        $output = round($secs / $month) . " month";
-    }
-    elseif ($secs >= $yearCut && $secs < $year * 10) {
-        $output = round($secs / $year) . " year";
-    }
-    else {
-        $output = "a long time ago";
-        $pluralise = false;
-    }
+	if ($secs <= 10) {
+		$output = "just now";
+		$pluralise = false;
+	}
+	elseif ($secs > 10 && $secs < $minuteCut) {
+		$output = round($secs / $second) . " second";
+	}
+	elseif ($secs >= $minuteCut && $secs < $hourCut) {
+		$output = round($secs / $minute) . " minute";
+	}
+	elseif ($secs >= $hourCut && $secs < $dayCut) {
+		$output = round($secs / $hour) . " hour";
+	}
+	elseif ($secs >= $dayCut && $secs < $weekCut) {
+		$output = round($secs / $day) . " day";
+	}
+	elseif ($secs >= $weekCut && $secs < $monthCut) {
+		$output = round($secs / $week) . " week";
+	}
+	elseif ($secs >= $monthCut && $secs < $yearCut) {
+		$output = round($secs / $month) . " month";
+	}
+	elseif ($secs >= $yearCut && $secs < $year * 10) {
+		$output = round($secs / $year) . " year";
+	}
+	else {
+		$output = "a long time ago";
+		$pluralise = false;
+	}
 
-    if ($pluralise) {
-        $output = (substr($output, 0, 2) <> "1 ") ? $output . "s ago" : $output . " ago";
-    }
+	if ($pluralise) {
+		$output = (substr($output, 0, 2) <> "1 ") ? $output . "s ago" : $output . " ago";
+	}
 
-    return $output;
+	return $output;
 }

Spacing +9 added lines, -9 removed lines

@@ -27,7 +27,7 @@ 
         try {
             $then = new DateTime($input);
         }
-        catch(Exception $ex) {
+        catch (Exception $ex) {
             return $input;
         }
     }
@@ -55,25 +55,25 @@ 
         $pluralise = false;
     }
     elseif ($secs > 10 && $secs < $minuteCut) {
-        $output = round($secs / $second) . " second";
+        $output = round($secs / $second)." second";
     }
     elseif ($secs >= $minuteCut && $secs < $hourCut) {
-        $output = round($secs / $minute) . " minute";
+        $output = round($secs / $minute)." minute";
     }
     elseif ($secs >= $hourCut && $secs < $dayCut) {
-        $output = round($secs / $hour) . " hour";
+        $output = round($secs / $hour)." hour";
     }
     elseif ($secs >= $dayCut && $secs < $weekCut) {
-        $output = round($secs / $day) . " day";
+        $output = round($secs / $day)." day";
     }
     elseif ($secs >= $weekCut && $secs < $monthCut) {
-        $output = round($secs / $week) . " week";
+        $output = round($secs / $week)." week";
     }
     elseif ($secs >= $monthCut && $secs < $yearCut) {
-        $output = round($secs / $month) . " month";
+        $output = round($secs / $month)." month";
     }
     elseif ($secs >= $yearCut && $secs < $year * 10) {
-        $output = round($secs / $year) . " year";
+        $output = round($secs / $year)." year";
     }
     else {
         $output = "a long time ago";
@@ -81,7 +81,7 @@ 
     }
 
     if ($pluralise) {
-        $output = (substr($output, 0, 2) <> "1 ") ? $output . "s ago" : $output . " ago";
+        $output = (substr($output, 0, 2) <> "1 ") ? $output."s ago" : $output." ago";
     }
 
     return $output;

includes/DataObjects/User.php

Indentation +567 added lines, -567 removed lines

@@ -21,160 +21,160 @@ 
  */
 class User extends DataObject
 {
-    const STATUS_ACTIVE = 'Active';
-    const STATUS_SUSPENDED = 'Suspended';
-    const STATUS_DECLINED = 'Declined';
-    const STATUS_NEW = 'New';
-    const CREATION_MANUAL = 0;
-    const CREATION_OAUTH = 1;
-    const CREATION_BOT = 2;
-    private $username;
-    private $email;
-    private $status = self::STATUS_NEW;
-    private $onwikiname;
-    private $welcome_sig = "";
-    private $lastactive = "0000-00-00 00:00:00";
-    private $forcelogout = 0;
-    private $forceidentified = null;
-    private $welcome_template = 0;
-    private $abortpref = 0;
-    private $confirmationdiff = 0;
-    private $emailsig = "";
-    private $creationmode = 0;
-    private $skin = "main";
-    /** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
-    private static $currentUser;
-    #region Object load methods
-
-    /**
-     * Gets the currently logged in user
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User|CommunityUser
-     */
-    public static function getCurrent(PdoDatabase $database)
-    {
-        if (self::$currentUser === null) {
-            $sessionId = WebRequest::getSessionUserId();
-
-            if ($sessionId !== null) {
-                /** @var User $user */
-                $user = self::getById($sessionId, $database);
-
-                if ($user === false) {
-                    self::$currentUser = new CommunityUser();
-                }
-                else {
-                    self::$currentUser = $user;
-                }
-            }
-            else {
-                $anonymousCoward = new CommunityUser();
-
-                self::$currentUser = $anonymousCoward;
-            }
-        }
-
-        return self::$currentUser;
-    }
-
-    /**
-     * Gets a user by their user ID
-     *
-     * Pass -1 to get the community user.
-     *
-     * @param int|null    $id
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getById($id, PdoDatabase $database)
-    {
-        if ($id === null || $id == -1) {
-            return new CommunityUser();
-        }
-
-        /** @var User|false $user */
-        $user = parent::getById($id, $database);
-
-        return $user;
-    }
-
-    /**
-     * @return CommunityUser
-     */
-    public static function getCommunity()
-    {
-        return new CommunityUser();
-    }
-
-    /**
-     * Gets a user by their username
-     *
-     * @param  string      $username
-     * @param  PdoDatabase $database
-     *
-     * @return CommunityUser|User|false
-     */
-    public static function getByUsername($username, PdoDatabase $database)
-    {
-        global $communityUsername;
-        if ($username == $communityUsername) {
-            return new CommunityUser();
-        }
-
-        $statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets a user by their on-wiki username.
-     *
-     * @param string      $username
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getByOnWikiUsername($username, PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-
-            return $resultObject;
-        }
-
-        return false;
-    }
-
-    #endregion
-
-    /**
-     * Saves the current object
-     *
-     * @throws Exception
-     */
-    public function save()
-    {
-        if ($this->isNew()) {
-            // insert
-            $statement = $this->dbObject->prepare(<<<SQL
+	const STATUS_ACTIVE = 'Active';
+	const STATUS_SUSPENDED = 'Suspended';
+	const STATUS_DECLINED = 'Declined';
+	const STATUS_NEW = 'New';
+	const CREATION_MANUAL = 0;
+	const CREATION_OAUTH = 1;
+	const CREATION_BOT = 2;
+	private $username;
+	private $email;
+	private $status = self::STATUS_NEW;
+	private $onwikiname;
+	private $welcome_sig = "";
+	private $lastactive = "0000-00-00 00:00:00";
+	private $forcelogout = 0;
+	private $forceidentified = null;
+	private $welcome_template = 0;
+	private $abortpref = 0;
+	private $confirmationdiff = 0;
+	private $emailsig = "";
+	private $creationmode = 0;
+	private $skin = "main";
+	/** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
+	private static $currentUser;
+	#region Object load methods
+
+	/**
+	 * Gets the currently logged in user
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|CommunityUser
+	 */
+	public static function getCurrent(PdoDatabase $database)
+	{
+		if (self::$currentUser === null) {
+			$sessionId = WebRequest::getSessionUserId();
+
+			if ($sessionId !== null) {
+				/** @var User $user */
+				$user = self::getById($sessionId, $database);
+
+				if ($user === false) {
+					self::$currentUser = new CommunityUser();
+				}
+				else {
+					self::$currentUser = $user;
+				}
+			}
+			else {
+				$anonymousCoward = new CommunityUser();
+
+				self::$currentUser = $anonymousCoward;
+			}
+		}
+
+		return self::$currentUser;
+	}
+
+	/**
+	 * Gets a user by their user ID
+	 *
+	 * Pass -1 to get the community user.
+	 *
+	 * @param int|null    $id
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getById($id, PdoDatabase $database)
+	{
+		if ($id === null || $id == -1) {
+			return new CommunityUser();
+		}
+
+		/** @var User|false $user */
+		$user = parent::getById($id, $database);
+
+		return $user;
+	}
+
+	/**
+	 * @return CommunityUser
+	 */
+	public static function getCommunity()
+	{
+		return new CommunityUser();
+	}
+
+	/**
+	 * Gets a user by their username
+	 *
+	 * @param  string      $username
+	 * @param  PdoDatabase $database
+	 *
+	 * @return CommunityUser|User|false
+	 */
+	public static function getByUsername($username, PdoDatabase $database)
+	{
+		global $communityUsername;
+		if ($username == $communityUsername) {
+			return new CommunityUser();
+		}
+
+		$statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets a user by their on-wiki username.
+	 *
+	 * @param string      $username
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getByOnWikiUsername($username, PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+
+			return $resultObject;
+		}
+
+		return false;
+	}
+
+	#endregion
+
+	/**
+	 * Saves the current object
+	 *
+	 * @throws Exception
+	 */
+	public function save()
+	{
+		if ($this->isNew()) {
+			// insert
+			$statement = $this->dbObject->prepare(<<<SQL
 				INSERT INTO `user` ( 
 					username, email, status, onwikiname, welcome_sig, 
 					lastactive, forcelogout, forceidentified,
@@ -185,32 +185,32 @@ 
 					:welcome_template, :abortpref, :confirmationdiff, :emailsig, :creationmode, :skin
 				);
 SQL
-            );
-            $statement->bindValue(":username", $this->username);
-            $statement->bindValue(":email", $this->email);
-            $statement->bindValue(":status", $this->status);
-            $statement->bindValue(":onwikiname", $this->onwikiname);
-            $statement->bindValue(":welcome_sig", $this->welcome_sig);
-            $statement->bindValue(":lastactive", $this->lastactive);
-            $statement->bindValue(":forcelogout", $this->forcelogout);
-            $statement->bindValue(":forceidentified", $this->forceidentified);
-            $statement->bindValue(":welcome_template", $this->welcome_template);
-            $statement->bindValue(":abortpref", $this->abortpref);
-            $statement->bindValue(":confirmationdiff", $this->confirmationdiff);
-            $statement->bindValue(":emailsig", $this->emailsig);
-            $statement->bindValue(":creationmode", $this->creationmode);
-            $statement->bindValue(":skin", $this->skin);
-
-            if ($statement->execute()) {
-                $this->id = (int)$this->dbObject->lastInsertId();
-            }
-            else {
-                throw new Exception($statement->errorInfo());
-            }
-        }
-        else {
-            // update
-            $statement = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":username", $this->username);
+			$statement->bindValue(":email", $this->email);
+			$statement->bindValue(":status", $this->status);
+			$statement->bindValue(":onwikiname", $this->onwikiname);
+			$statement->bindValue(":welcome_sig", $this->welcome_sig);
+			$statement->bindValue(":lastactive", $this->lastactive);
+			$statement->bindValue(":forcelogout", $this->forcelogout);
+			$statement->bindValue(":forceidentified", $this->forceidentified);
+			$statement->bindValue(":welcome_template", $this->welcome_template);
+			$statement->bindValue(":abortpref", $this->abortpref);
+			$statement->bindValue(":confirmationdiff", $this->confirmationdiff);
+			$statement->bindValue(":emailsig", $this->emailsig);
+			$statement->bindValue(":creationmode", $this->creationmode);
+			$statement->bindValue(":skin", $this->skin);
+
+			if ($statement->execute()) {
+				$this->id = (int)$this->dbObject->lastInsertId();
+			}
+			else {
+				throw new Exception($statement->errorInfo());
+			}
+		}
+		else {
+			// update
+			$statement = $this->dbObject->prepare(<<<SQL
 				UPDATE `user` SET 
 					username = :username, email = :email, 
 					status = :status,
@@ -223,387 +223,387 @@ 
                     updateversion = updateversion + 1
 				WHERE id = :id AND updateversion = :updateversion;
 SQL
-            );
-            $statement->bindValue(":forceidentified", $this->forceidentified);
-
-            $statement->bindValue(':id', $this->id);
-            $statement->bindValue(':updateversion', $this->updateversion);
-
-            $statement->bindValue(':username', $this->username);
-            $statement->bindValue(':email', $this->email);
-            $statement->bindValue(':status', $this->status);
-            $statement->bindValue(':onwikiname', $this->onwikiname);
-            $statement->bindValue(':welcome_sig', $this->welcome_sig);
-            $statement->bindValue(':lastactive', $this->lastactive);
-            $statement->bindValue(':forcelogout', $this->forcelogout);
-            $statement->bindValue(':forceidentified', $this->forceidentified);
-            $statement->bindValue(':welcome_template', $this->welcome_template);
-            $statement->bindValue(':abortpref', $this->abortpref);
-            $statement->bindValue(':confirmationdiff', $this->confirmationdiff);
-            $statement->bindValue(':emailsig', $this->emailsig);
-            $statement->bindValue(':creationmode', $this->creationmode);
-            $statement->bindValue(':skin', $this->skin);
-
-            if (!$statement->execute()) {
-                throw new Exception($statement->errorInfo());
-            }
-
-            if ($statement->rowCount() !== 1) {
-                throw new OptimisticLockFailedException();
-            }
-
-            $this->updateversion++;
-        }
-    }
-
-    #region properties
-
-    /**
-     * Gets the tool username
-     * @return string
-     */
-    public function getUsername()
-    {
-        return $this->username;
-    }
-
-    /**
-     * Sets the tool username
-     *
-     * @param string $username
-     */
-    public function setUsername($username)
-    {
-        $this->username = $username;
-
-        // If this isn't a brand new user, then it's a rename, force the logout
-        if (!$this->isNew()) {
-            $this->forcelogout = 1;
-        }
-    }
-
-    /**
-     * Gets the user's email address
-     * @return string
-     */
-    public function getEmail()
-    {
-        return $this->email;
-    }
-
-    /**
-     * Sets the user's email address
-     *
-     * @param string $email
-     */
-    public function setEmail($email)
-    {
-        $this->email = $email;
-    }
-
-    /**
-     * Gets the status (User, Admin, Suspended, etc - excludes checkuser) of the user.
-     * @return string
-     */
-    public function getStatus()
-    {
-        return $this->status;
-    }
-
-    /**
-     * @param string $status
-     */
-    public function setStatus($status)
-    {
-        $this->status = $status;
-    }
-
-    /**
-     * Gets the user's on-wiki name
-     * @return string
-     */
-    public function getOnWikiName()
-    {
-        return $this->onwikiname;
-    }
-
-    /**
-     * Sets the user's on-wiki name
-     *
-     * This can have interesting side-effects with OAuth.
-     *
-     * @param string $onWikiName
-     */
-    public function setOnWikiName($onWikiName)
-    {
-        $this->onwikiname = $onWikiName;
-    }
-
-    /**
-     * Gets the welcome signature
-     * @return string
-     */
-    public function getWelcomeSig()
-    {
-        return $this->welcome_sig;
-    }
-
-    /**
-     * Sets the welcome signature
-     *
-     * @param string $welcomeSig
-     */
-    public function setWelcomeSig($welcomeSig)
-    {
-        $this->welcome_sig = $welcomeSig;
-    }
-
-    /**
-     * Gets the last activity date for the user
-     *
-     * @return string
-     * @todo This should probably return an instance of DateTime
-     */
-    public function getLastActive()
-    {
-        return $this->lastactive;
-    }
-
-    /**
-     * Gets the user's forced logout status
-     *
-     * @return bool
-     */
-    public function getForceLogout()
-    {
-        return $this->forcelogout == 1;
-    }
-
-    /**
-     * Sets the user's forced logout status
-     *
-     * @param bool $forceLogout
-     */
-    public function setForceLogout($forceLogout)
-    {
-        $this->forcelogout = $forceLogout ? 1 : 0;
-    }
-
-    /**
-     * Returns the ID of the welcome template used.
-     * @return int
-     */
-    public function getWelcomeTemplate()
-    {
-        return $this->welcome_template;
-    }
-
-    /**
-     * Sets the ID of the welcome template used.
-     *
-     * @param int $welcomeTemplate
-     */
-    public function setWelcomeTemplate($welcomeTemplate)
-    {
-        $this->welcome_template = $welcomeTemplate;
-    }
-
-    /**
-     * Gets the user's abort preference
-     * @todo this is badly named too! Also a bool that's actually an int.
-     * @return int
-     */
-    public function getAbortPref()
-    {
-        return $this->abortpref;
-    }
-
-    /**
-     * Sets the user's abort preference
-     * @todo rename, retype, and re-comment.
-     *
-     * @param int $abortPreference
-     */
-    public function setAbortPref($abortPreference)
-    {
-        $this->abortpref = $abortPreference;
-    }
-
-    /**
-     * Gets the user's confirmation diff. Unused if OAuth is in use.
-     * @return int the diff ID
-     */
-    public function getConfirmationDiff()
-    {
-        return $this->confirmationdiff;
-    }
-
-    /**
-     * Sets the user's confirmation diff.
-     *
-     * @param int $confirmationDiff
-     */
-    public function setConfirmationDiff($confirmationDiff)
-    {
-        $this->confirmationdiff = $confirmationDiff;
-    }
-
-    /**
-     * Gets the users' email signature used on outbound mail.
-     * @todo rename me!
-     * @return string
-     */
-    public function getEmailSig()
-    {
-        return $this->emailsig;
-    }
-
-    /**
-     * Sets the user's email signature for outbound mail.
-     *
-     * @param string $emailSignature
-     */
-    public function setEmailSig($emailSignature)
-    {
-        $this->emailsig = $emailSignature;
-    }
-
-    /**
-     * @return int
-     */
-    public function getCreationMode()
-    {
-        return $this->creationmode;
-    }
-
-    /**
-     * @param $creationMode int
-     */
-    public function setCreationMode($creationMode)
-    {
-        $this->creationmode = $creationMode;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getUseAlternateSkin()
-    {
-        return $this->skin === 'alt';
-    }
-
-    /**
-     * @return string
-     */
-    public function getSkin()
-    {
-        return $this->skin;
-    }
-
-    /**
-     * @param $skin string
-     */
-    public function setSkin($skin)
-    {
-        $this->skin = $skin;
-    }
-
-    #endregion
-
-    #region user access checks
-
-    public function isActive()
-    {
-        return $this->status == self::STATUS_ACTIVE;
-    }
-
-    /**
-     * Tests if the user is identified
-     *
-     * @param IdentificationVerifier $iv
-     *
-     * @return bool
-     * @todo     Figure out what on earth is going on with PDO's typecasting here.  Apparently, it returns string("0") for
-     *       the force-unidentified case, and int(1) for the identified case?!  This is quite ugly, but probably needed
-     *       to play it safe for now.
-     * @category Security-Critical
-     */
-    public function isIdentified(IdentificationVerifier $iv)
-    {
-        if ($this->forceidentified === 0 || $this->forceidentified === "0") {
-            // User forced to unidentified in the database.
-            return false;
-        }
-        elseif ($this->forceidentified === 1 || $this->forceidentified === "1") {
-            // User forced to identified in the database.
-            return true;
-        }
-        else {
-            // User not forced to any particular identified status; consult IdentificationVerifier
-            return $iv->isUserIdentified($this->getOnWikiName());
-        }
-    }
-
-    /**
-     * DO NOT USE FOR TESTING IDENTIFICATION STATUS.
-     *
-     * @return bool|null
-     */
-    public function getForceIdentified() {
-        return $this->forceidentified;
-    }
-
-    /**
-     * Tests if the user is suspended
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isSuspended()
-    {
-        return $this->status == self::STATUS_SUSPENDED;
-    }
-
-    /**
-     * Tests if the user is new
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isNewUser()
-    {
-        return $this->status == self::STATUS_NEW;
-    }
-
-    /**
-     * Tests if the user has been declined access to the tool
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isDeclined()
-    {
-        return $this->status == self::STATUS_DECLINED;
-    }
-
-    /**
-     * Tests if the user is the community user
-     *
-     * @todo     decide if this means logged out. I think it usually does.
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isCommunityUser()
-    {
-        return false;
-    }
-
-    #endregion 
-
-    /**
-     * Gets the approval date of the user
-     * @return DateTime|false
-     */
-    public function getApprovalDate()
-    {
-        $query = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":forceidentified", $this->forceidentified);
+
+			$statement->bindValue(':id', $this->id);
+			$statement->bindValue(':updateversion', $this->updateversion);
+
+			$statement->bindValue(':username', $this->username);
+			$statement->bindValue(':email', $this->email);
+			$statement->bindValue(':status', $this->status);
+			$statement->bindValue(':onwikiname', $this->onwikiname);
+			$statement->bindValue(':welcome_sig', $this->welcome_sig);
+			$statement->bindValue(':lastactive', $this->lastactive);
+			$statement->bindValue(':forcelogout', $this->forcelogout);
+			$statement->bindValue(':forceidentified', $this->forceidentified);
+			$statement->bindValue(':welcome_template', $this->welcome_template);
+			$statement->bindValue(':abortpref', $this->abortpref);
+			$statement->bindValue(':confirmationdiff', $this->confirmationdiff);
+			$statement->bindValue(':emailsig', $this->emailsig);
+			$statement->bindValue(':creationmode', $this->creationmode);
+			$statement->bindValue(':skin', $this->skin);
+
+			if (!$statement->execute()) {
+				throw new Exception($statement->errorInfo());
+			}
+
+			if ($statement->rowCount() !== 1) {
+				throw new OptimisticLockFailedException();
+			}
+
+			$this->updateversion++;
+		}
+	}
+
+	#region properties
+
+	/**
+	 * Gets the tool username
+	 * @return string
+	 */
+	public function getUsername()
+	{
+		return $this->username;
+	}
+
+	/**
+	 * Sets the tool username
+	 *
+	 * @param string $username
+	 */
+	public function setUsername($username)
+	{
+		$this->username = $username;
+
+		// If this isn't a brand new user, then it's a rename, force the logout
+		if (!$this->isNew()) {
+			$this->forcelogout = 1;
+		}
+	}
+
+	/**
+	 * Gets the user's email address
+	 * @return string
+	 */
+	public function getEmail()
+	{
+		return $this->email;
+	}
+
+	/**
+	 * Sets the user's email address
+	 *
+	 * @param string $email
+	 */
+	public function setEmail($email)
+	{
+		$this->email = $email;
+	}
+
+	/**
+	 * Gets the status (User, Admin, Suspended, etc - excludes checkuser) of the user.
+	 * @return string
+	 */
+	public function getStatus()
+	{
+		return $this->status;
+	}
+
+	/**
+	 * @param string $status
+	 */
+	public function setStatus($status)
+	{
+		$this->status = $status;
+	}
+
+	/**
+	 * Gets the user's on-wiki name
+	 * @return string
+	 */
+	public function getOnWikiName()
+	{
+		return $this->onwikiname;
+	}
+
+	/**
+	 * Sets the user's on-wiki name
+	 *
+	 * This can have interesting side-effects with OAuth.
+	 *
+	 * @param string $onWikiName
+	 */
+	public function setOnWikiName($onWikiName)
+	{
+		$this->onwikiname = $onWikiName;
+	}
+
+	/**
+	 * Gets the welcome signature
+	 * @return string
+	 */
+	public function getWelcomeSig()
+	{
+		return $this->welcome_sig;
+	}
+
+	/**
+	 * Sets the welcome signature
+	 *
+	 * @param string $welcomeSig
+	 */
+	public function setWelcomeSig($welcomeSig)
+	{
+		$this->welcome_sig = $welcomeSig;
+	}
+
+	/**
+	 * Gets the last activity date for the user
+	 *
+	 * @return string
+	 * @todo This should probably return an instance of DateTime
+	 */
+	public function getLastActive()
+	{
+		return $this->lastactive;
+	}
+
+	/**
+	 * Gets the user's forced logout status
+	 *
+	 * @return bool
+	 */
+	public function getForceLogout()
+	{
+		return $this->forcelogout == 1;
+	}
+
+	/**
+	 * Sets the user's forced logout status
+	 *
+	 * @param bool $forceLogout
+	 */
+	public function setForceLogout($forceLogout)
+	{
+		$this->forcelogout = $forceLogout ? 1 : 0;
+	}
+
+	/**
+	 * Returns the ID of the welcome template used.
+	 * @return int
+	 */
+	public function getWelcomeTemplate()
+	{
+		return $this->welcome_template;
+	}
+
+	/**
+	 * Sets the ID of the welcome template used.
+	 *
+	 * @param int $welcomeTemplate
+	 */
+	public function setWelcomeTemplate($welcomeTemplate)
+	{
+		$this->welcome_template = $welcomeTemplate;
+	}
+
+	/**
+	 * Gets the user's abort preference
+	 * @todo this is badly named too! Also a bool that's actually an int.
+	 * @return int
+	 */
+	public function getAbortPref()
+	{
+		return $this->abortpref;
+	}
+
+	/**
+	 * Sets the user's abort preference
+	 * @todo rename, retype, and re-comment.
+	 *
+	 * @param int $abortPreference
+	 */
+	public function setAbortPref($abortPreference)
+	{
+		$this->abortpref = $abortPreference;
+	}
+
+	/**
+	 * Gets the user's confirmation diff. Unused if OAuth is in use.
+	 * @return int the diff ID
+	 */
+	public function getConfirmationDiff()
+	{
+		return $this->confirmationdiff;
+	}
+
+	/**
+	 * Sets the user's confirmation diff.
+	 *
+	 * @param int $confirmationDiff
+	 */
+	public function setConfirmationDiff($confirmationDiff)
+	{
+		$this->confirmationdiff = $confirmationDiff;
+	}
+
+	/**
+	 * Gets the users' email signature used on outbound mail.
+	 * @todo rename me!
+	 * @return string
+	 */
+	public function getEmailSig()
+	{
+		return $this->emailsig;
+	}
+
+	/**
+	 * Sets the user's email signature for outbound mail.
+	 *
+	 * @param string $emailSignature
+	 */
+	public function setEmailSig($emailSignature)
+	{
+		$this->emailsig = $emailSignature;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getCreationMode()
+	{
+		return $this->creationmode;
+	}
+
+	/**
+	 * @param $creationMode int
+	 */
+	public function setCreationMode($creationMode)
+	{
+		$this->creationmode = $creationMode;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getUseAlternateSkin()
+	{
+		return $this->skin === 'alt';
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getSkin()
+	{
+		return $this->skin;
+	}
+
+	/**
+	 * @param $skin string
+	 */
+	public function setSkin($skin)
+	{
+		$this->skin = $skin;
+	}
+
+	#endregion
+
+	#region user access checks
+
+	public function isActive()
+	{
+		return $this->status == self::STATUS_ACTIVE;
+	}
+
+	/**
+	 * Tests if the user is identified
+	 *
+	 * @param IdentificationVerifier $iv
+	 *
+	 * @return bool
+	 * @todo     Figure out what on earth is going on with PDO's typecasting here.  Apparently, it returns string("0") for
+	 *       the force-unidentified case, and int(1) for the identified case?!  This is quite ugly, but probably needed
+	 *       to play it safe for now.
+	 * @category Security-Critical
+	 */
+	public function isIdentified(IdentificationVerifier $iv)
+	{
+		if ($this->forceidentified === 0 || $this->forceidentified === "0") {
+			// User forced to unidentified in the database.
+			return false;
+		}
+		elseif ($this->forceidentified === 1 || $this->forceidentified === "1") {
+			// User forced to identified in the database.
+			return true;
+		}
+		else {
+			// User not forced to any particular identified status; consult IdentificationVerifier
+			return $iv->isUserIdentified($this->getOnWikiName());
+		}
+	}
+
+	/**
+	 * DO NOT USE FOR TESTING IDENTIFICATION STATUS.
+	 *
+	 * @return bool|null
+	 */
+	public function getForceIdentified() {
+		return $this->forceidentified;
+	}
+
+	/**
+	 * Tests if the user is suspended
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isSuspended()
+	{
+		return $this->status == self::STATUS_SUSPENDED;
+	}
+
+	/**
+	 * Tests if the user is new
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isNewUser()
+	{
+		return $this->status == self::STATUS_NEW;
+	}
+
+	/**
+	 * Tests if the user has been declined access to the tool
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isDeclined()
+	{
+		return $this->status == self::STATUS_DECLINED;
+	}
+
+	/**
+	 * Tests if the user is the community user
+	 *
+	 * @todo     decide if this means logged out. I think it usually does.
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isCommunityUser()
+	{
+		return false;
+	}
+
+	#endregion 
+
+	/**
+	 * Gets the approval date of the user
+	 * @return DateTime|false
+	 */
+	public function getApprovalDate()
+	{
+		$query = $this->dbObject->prepare(<<<SQL
 			SELECT timestamp 
 			FROM log 
 			WHERE objectid = :userid
@@ -612,12 +612,12 @@ 
 			ORDER BY id DESC 
 			LIMIT 1;
 SQL
-        );
-        $query->execute(array(":userid" => $this->id));
+		);
+		$query->execute(array(":userid" => $this->id));
 
-        $data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
-        $query->closeCursor();
+		$data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
+		$query->closeCursor();
 
-        return $data;
-    }
+		return $data;
+	}
 }

Braces +2 added lines, -1 removed lines

@@ -549,7 +549,8 @@
      *
      * @return bool|null
      */
-    public function getForceIdentified() {
+    public function getForceIdentified()
+    {
         return $this->forceidentified;
     }
 

includes/Pages/Statistics/StatsUsers.php

Indentation +88 added lines, -88 removed lines

@@ -23,13 +23,13 @@ 
 
 class StatsUsers extends InternalPageBase
 {
-    public function main()
-    {
-        $this->setHtmlTitle('Users :: Statistics');
+	public function main()
+	{
+		$this->setHtmlTitle('Users :: Statistics');
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        $query = <<<SQL
+		$query = <<<SQL
 SELECT
     u.id
     , u.username
@@ -45,34 +45,34 @@ 
 WHERE u.status = 'Active'
 SQL;
 
-        $users = $database->query($query)->fetchAll(PDO::FETCH_ASSOC);
-        $this->assign('users', $users);
+		$users = $database->query($query)->fetchAll(PDO::FETCH_ASSOC);
+		$this->assign('users', $users);
 
-        $this->assign('statsPageTitle', 'Account Creation Tool users');
-        $this->setTemplate("statistics/users.tpl");
-    }
+		$this->assign('statsPageTitle', 'Account Creation Tool users');
+		$this->setTemplate("statistics/users.tpl");
+	}
 
-    /**
-     * Entry point for the detail action.
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function detail()
-    {
-        $userId = WebRequest::getInt('user');
-        if ($userId === null) {
-            throw new ApplicationLogicException("User not found");
-        }
+	/**
+	 * Entry point for the detail action.
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function detail()
+	{
+		$userId = WebRequest::getInt('user');
+		if ($userId === null) {
+			throw new ApplicationLogicException("User not found");
+		}
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        $user = User::getById($userId, $database);
-        if ($user == false) {
-            throw new ApplicationLogicException('User not found');
-        }
+		$user = User::getById($userId, $database);
+		if ($user == false) {
+			throw new ApplicationLogicException('User not found');
+		}
 
 
-        $activitySummary = $database->prepare(<<<SQL
+		$activitySummary = $database->prepare(<<<SQL
 SELECT COALESCE(closes.mail_desc, log.action) AS action, COUNT(*) AS count
 FROM log
 INNER JOIN user ON log.user = user.id
@@ -80,14 +80,14 @@ 
 WHERE user.username = :username
 GROUP BY action;
 SQL
-        );
-        $activitySummary->execute(array(":username" => $user->getUsername()));
-        $activitySummaryData = $activitySummary->fetchAll(PDO::FETCH_ASSOC);
+		);
+		$activitySummary->execute(array(":username" => $user->getUsername()));
+		$activitySummaryData = $activitySummary->fetchAll(PDO::FETCH_ASSOC);
 
-        $this->assign("user", $user);
-        $this->assign("activity", $activitySummaryData);
+		$this->assign("user", $user);
+		$this->assign("activity", $activitySummaryData);
 
-        $usersCreatedQuery = $database->prepare(<<<SQL
+		$usersCreatedQuery = $database->prepare(<<<SQL
 SELECT log.timestamp time, request.name name, request.id id
 FROM log
 INNER JOIN request ON (request.id = log.objectid AND log.objecttype = 'Request')
@@ -98,12 +98,12 @@ 
     AND (emailtemplate.oncreated = '1' OR log.action = 'Closed custom-y')
 ORDER BY log.timestamp;
 SQL
-        );
-        $usersCreatedQuery->execute(array(":username" => $user->getUsername()));
-        $usersCreated = $usersCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
-        $this->assign("created", $usersCreated);
+		);
+		$usersCreatedQuery->execute(array(":username" => $user->getUsername()));
+		$usersCreated = $usersCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
+		$this->assign("created", $usersCreated);
 
-        $usersNotCreatedQuery = $database->prepare(<<<SQL
+		$usersNotCreatedQuery = $database->prepare(<<<SQL
 SELECT log.timestamp time, request.name name, request.id id
 FROM log
 JOIN request ON request.id = log.objectid AND log.objecttype = 'Request'
@@ -114,54 +114,54 @@ 
     AND (emailtemplate.oncreated = '0' OR log.action = 'Closed custom-n' OR log.action = 'Closed 0')
 ORDER BY log.timestamp;
 SQL
-        );
-        $usersNotCreatedQuery->execute(array(":username" => $user->getUsername()));
-        $usersNotCreated = $usersNotCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
-        $this->assign("notcreated", $usersNotCreated);
-
-        /** @var Log[] $logs */
-        $logs = LogSearchHelper::get($database)
-            ->byObjectType('User')
-            ->byObjectId($user->getId())
-            ->getRecordCount($logCount)
-            ->fetch();
-
-        if ($logCount === 0) {
-            $this->assign('accountlog', array());
-        }
-        else {
-            list($users, $logData) = LogHelper::prepareLogsForTemplate($logs, $database, $this->getSiteConfiguration());
-
-            $this->assign("accountlog", $logData);
-            $this->assign("users", $users);
-        }
-
-        $currentUser = User::getCurrent($database);
-        $this->assign('canApprove', $this->barrierTest('approve', $currentUser, PageUserManagement::class));
-        $this->assign('canDecline', $this->barrierTest('decline', $currentUser, PageUserManagement::class));
-        $this->assign('canRename', $this->barrierTest('rename', $currentUser, PageUserManagement::class));
-        $this->assign('canEditUser', $this->barrierTest('editUser', $currentUser, PageUserManagement::class));
-        $this->assign('canSuspend', $this->barrierTest('suspend', $currentUser, PageUserManagement::class));
-        $this->assign('canEditRoles', $this->barrierTest('editRoles', $currentUser, PageUserManagement::class));
-
-        $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
-        $this->assign('oauth', $oauth);
-
-        if($user->getForceIdentified() === null) {
-            $idVerifier = new IdentificationVerifier($this->getHttpHelper(), $this->getSiteConfiguration(), $this->getDatabase());
-            $this->assign('identificationStatus', $idVerifier->isUserIdentified($user->getOnWikiName()) ? 'detected' : 'missing');
-        } else {
-            $this->assign('identificationStatus', $user->getForceIdentified() == 1 ? 'forced-on' : 'forced-off');
-        }
-
-        if ($oauth->isFullyLinked()) {
-            $this->assign('identity', $oauth->getIdentity(true));
-            $this->assign('identityExpired', $oauth->identityExpired());
-        }
-
-        $this->assign('statsPageTitle', 'Account Creation Tool users');
-
-        $this->setHtmlTitle('{$user->getUsername()|escape} :: Users :: Statistics');
-        $this->setTemplate("statistics/userdetail.tpl");
-    }
+		);
+		$usersNotCreatedQuery->execute(array(":username" => $user->getUsername()));
+		$usersNotCreated = $usersNotCreatedQuery->fetchAll(PDO::FETCH_ASSOC);
+		$this->assign("notcreated", $usersNotCreated);
+
+		/** @var Log[] $logs */
+		$logs = LogSearchHelper::get($database)
+			->byObjectType('User')
+			->byObjectId($user->getId())
+			->getRecordCount($logCount)
+			->fetch();
+
+		if ($logCount === 0) {
+			$this->assign('accountlog', array());
+		}
+		else {
+			list($users, $logData) = LogHelper::prepareLogsForTemplate($logs, $database, $this->getSiteConfiguration());
+
+			$this->assign("accountlog", $logData);
+			$this->assign("users", $users);
+		}
+
+		$currentUser = User::getCurrent($database);
+		$this->assign('canApprove', $this->barrierTest('approve', $currentUser, PageUserManagement::class));
+		$this->assign('canDecline', $this->barrierTest('decline', $currentUser, PageUserManagement::class));
+		$this->assign('canRename', $this->barrierTest('rename', $currentUser, PageUserManagement::class));
+		$this->assign('canEditUser', $this->barrierTest('editUser', $currentUser, PageUserManagement::class));
+		$this->assign('canSuspend', $this->barrierTest('suspend', $currentUser, PageUserManagement::class));
+		$this->assign('canEditRoles', $this->barrierTest('editRoles', $currentUser, PageUserManagement::class));
+
+		$oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
+		$this->assign('oauth', $oauth);
+
+		if($user->getForceIdentified() === null) {
+			$idVerifier = new IdentificationVerifier($this->getHttpHelper(), $this->getSiteConfiguration(), $this->getDatabase());
+			$this->assign('identificationStatus', $idVerifier->isUserIdentified($user->getOnWikiName()) ? 'detected' : 'missing');
+		} else {
+			$this->assign('identificationStatus', $user->getForceIdentified() == 1 ? 'forced-on' : 'forced-off');
+		}
+
+		if ($oauth->isFullyLinked()) {
+			$this->assign('identity', $oauth->getIdentity(true));
+			$this->assign('identityExpired', $oauth->identityExpired());
+		}
+
+		$this->assign('statsPageTitle', 'Account Creation Tool users');
+
+		$this->setHtmlTitle('{$user->getUsername()|escape} :: Users :: Statistics');
+		$this->setTemplate("statistics/userdetail.tpl");
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -147,7 +147,7 @@
         $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
         $this->assign('oauth', $oauth);
 
-        if($user->getForceIdentified() === null) {
+        if ($user->getForceIdentified() === null) {
             $idVerifier = new IdentificationVerifier($this->getHttpHelper(), $this->getSiteConfiguration(), $this->getDatabase());
             $this->assign('identificationStatus', $idVerifier->isUserIdentified($user->getOnWikiName()) ? 'detected' : 'missing');
         } else {

Braces +2 added lines, -1 removed lines

@@ -150,7 +150,8 @@
         if($user->getForceIdentified() === null) {
             $idVerifier = new IdentificationVerifier($this->getHttpHelper(), $this->getSiteConfiguration(), $this->getDatabase());
             $this->assign('identificationStatus', $idVerifier->isUserIdentified($user->getOnWikiName()) ? 'detected' : 'missing');
-        } else {
+        }
+        else {
             $this->assign('identificationStatus', $user->getForceIdentified() == 1 ? 'forced-on' : 'forced-off');
         }
 

includes/Pages/RequestAction/PageCreateRequest.php

Indentation +147 added lines, -147 removed lines

@@ -33,151 +33,151 @@
  */
 class PageCreateRequest extends RequestActionBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     * @throws AccessDeniedException
-     * @throws ApplicationLogicException
-     */
-    protected function main()
-    {
-        $this->checkPosted();
-
-        $database = $this->getDatabase();
-
-        $request = $this->getRequest($database);
-        $template = $this->getTemplate($database);
-        $creationMode = $this->getCreationMode();
-        $user = User::getCurrent($database);
-
-        $secMgr = $this->getSecurityManager();
-        if ($secMgr->allows('RequestCreation', User::CREATION_BOT, $user) !== SecurityManager::ALLOWED
-            && $creationMode === 'bot'
-        ) {
-            throw new AccessDeniedException($secMgr);
-        }
-        elseif ($secMgr->allows('RequestCreation', User::CREATION_OAUTH, $user) !== SecurityManager::ALLOWED
-            && $creationMode === 'oauth'
-        ) {
-            throw new AccessDeniedException($secMgr);
-        }
-
-        if ($request->getEmailSent()) {
-            throw new ApplicationLogicException('This requester has already had an email sent to them. Please fall back to manual creation');
-        }
-
-        $request->setStatus(RequestStatus::JOBQUEUE);
-        $request->setReserved(null);
-        $request->save();
-
-        Logger::enqueuedJobQueue($database, $request);
-
-        $creationTaskId = $this->enqueueCreationTask($creationMode, $request, $template, $user, $database);
-
-        if ($user->getWelcomeTemplate() !== null && !WebRequest::postBoolean('skipAutoWelcome')) {
-            $this->enqueueWelcomeTask($request, $creationTaskId, $user, $database);
-        }
-
-        SessionAlert::success("Request {$request->getId()} has been queued for autocreation");
-
-        $this->redirect();
-    }
-
-    protected function getCreationMode()
-    {
-        $creationMode = WebRequest::postString('mode');
-        if ($creationMode !== 'oauth' && $creationMode !== 'bot') {
-            throw new ApplicationLogicException('Unknown creation mode');
-        }
-
-        return $creationMode;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate
-     * @throws ApplicationLogicException
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::postInt('template');
-        if ($templateId === null) {
-            throw new ApplicationLogicException('No template specified');
-        }
-
-        /** @var EmailTemplate $template */
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !$template->getActive()) {
-            throw new ApplicationLogicException('Invalid or inactive template specified');
-        }
-
-        if ($template->getDefaultAction() !== EmailTemplate::CREATED) {
-            throw new ApplicationLogicException('Specified template is not a creation template!');
-        }
-
-        return $template;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database)
-    {
-        $request = parent::getRequest($database);
-
-        if ($request->getStatus() == RequestStatus::CLOSED) {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        return $request;
-    }
-
-    /**
-     * @param               $creationMode
-     * @param Request       $request
-     * @param EmailTemplate $template
-     * @param User          $user
-     *
-     * @param PdoDatabase   $database
-     *
-     * @return int
-     * @throws ApplicationLogicException
-     */
-    protected function enqueueCreationTask(
-        $creationMode,
-        Request $request,
-        EmailTemplate $template,
-        User $user,
-        PdoDatabase $database
-    ) {
-        $creationTaskClass = null;
-
-        if ($creationMode == "oauth") {
-            $creationTaskClass = UserCreationTask::class;
-        }
-
-        if ($creationMode == "bot") {
-            $creationTaskClass = BotCreationTask::class;
-        }
-
-        if ($creationTaskClass === null) {
-            throw new ApplicationLogicException('Cannot determine creation mode');
-        }
-
-        $creationTask = new JobQueue();
-        $creationTask->setTask($creationTaskClass);
-        $creationTask->setRequest($request->getId());
-        $creationTask->setEmailTemplate($template->getId());
-        $creationTask->setTriggerUserId($user->getId());
-        $creationTask->setDatabase($database);
-        $creationTask->save();
-
-        $creationTaskId = $creationTask->getId();
-
-        return $creationTaskId;
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 * @throws AccessDeniedException
+	 * @throws ApplicationLogicException
+	 */
+	protected function main()
+	{
+		$this->checkPosted();
+
+		$database = $this->getDatabase();
+
+		$request = $this->getRequest($database);
+		$template = $this->getTemplate($database);
+		$creationMode = $this->getCreationMode();
+		$user = User::getCurrent($database);
+
+		$secMgr = $this->getSecurityManager();
+		if ($secMgr->allows('RequestCreation', User::CREATION_BOT, $user) !== SecurityManager::ALLOWED
+			&& $creationMode === 'bot'
+		) {
+			throw new AccessDeniedException($secMgr);
+		}
+		elseif ($secMgr->allows('RequestCreation', User::CREATION_OAUTH, $user) !== SecurityManager::ALLOWED
+			&& $creationMode === 'oauth'
+		) {
+			throw new AccessDeniedException($secMgr);
+		}
+
+		if ($request->getEmailSent()) {
+			throw new ApplicationLogicException('This requester has already had an email sent to them. Please fall back to manual creation');
+		}
+
+		$request->setStatus(RequestStatus::JOBQUEUE);
+		$request->setReserved(null);
+		$request->save();
+
+		Logger::enqueuedJobQueue($database, $request);
+
+		$creationTaskId = $this->enqueueCreationTask($creationMode, $request, $template, $user, $database);
+
+		if ($user->getWelcomeTemplate() !== null && !WebRequest::postBoolean('skipAutoWelcome')) {
+			$this->enqueueWelcomeTask($request, $creationTaskId, $user, $database);
+		}
+
+		SessionAlert::success("Request {$request->getId()} has been queued for autocreation");
+
+		$this->redirect();
+	}
+
+	protected function getCreationMode()
+	{
+		$creationMode = WebRequest::postString('mode');
+		if ($creationMode !== 'oauth' && $creationMode !== 'bot') {
+			throw new ApplicationLogicException('Unknown creation mode');
+		}
+
+		return $creationMode;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate
+	 * @throws ApplicationLogicException
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::postInt('template');
+		if ($templateId === null) {
+			throw new ApplicationLogicException('No template specified');
+		}
+
+		/** @var EmailTemplate $template */
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !$template->getActive()) {
+			throw new ApplicationLogicException('Invalid or inactive template specified');
+		}
+
+		if ($template->getDefaultAction() !== EmailTemplate::CREATED) {
+			throw new ApplicationLogicException('Specified template is not a creation template!');
+		}
+
+		return $template;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database)
+	{
+		$request = parent::getRequest($database);
+
+		if ($request->getStatus() == RequestStatus::CLOSED) {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * @param               $creationMode
+	 * @param Request       $request
+	 * @param EmailTemplate $template
+	 * @param User          $user
+	 *
+	 * @param PdoDatabase   $database
+	 *
+	 * @return int
+	 * @throws ApplicationLogicException
+	 */
+	protected function enqueueCreationTask(
+		$creationMode,
+		Request $request,
+		EmailTemplate $template,
+		User $user,
+		PdoDatabase $database
+	) {
+		$creationTaskClass = null;
+
+		if ($creationMode == "oauth") {
+			$creationTaskClass = UserCreationTask::class;
+		}
+
+		if ($creationMode == "bot") {
+			$creationTaskClass = BotCreationTask::class;
+		}
+
+		if ($creationTaskClass === null) {
+			throw new ApplicationLogicException('Cannot determine creation mode');
+		}
+
+		$creationTask = new JobQueue();
+		$creationTask->setTask($creationTaskClass);
+		$creationTask->setRequest($request->getId());
+		$creationTask->setEmailTemplate($template->getId());
+		$creationTask->setTriggerUserId($user->getId());
+		$creationTask->setDatabase($database);
+		$creationTask->save();
+
+		$creationTaskId = $creationTask->getId();
+
+		return $creationTaskId;
+	}
 }

includes/Pages/UserAuth/PageLogout.php

Indentation +16 added lines, -16 removed lines

@@ -14,22 +14,22 @@
 
 class PageLogout extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        if(WebRequest::wasPosted()) {
-            Session::destroy();
-            $this->redirect("login");
-            return;
-        }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		if(WebRequest::wasPosted()) {
+			Session::destroy();
+			$this->redirect("login");
+			return;
+		}
 
-        $this->redirect();
-    }
+		$this->redirect();
+	}
 
-    protected function isProtectedPage()
-    {
-        return false;
-    }
+	protected function isProtectedPage()
+	{
+		return false;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -19,7 +19,7 @@
      */
     protected function main()
     {
-        if(WebRequest::wasPosted()) {
+        if (WebRequest::wasPosted()) {
             Session::destroy();
             $this->redirect("login");
             return;

includes/WebStart.php

Indentation +221 added lines, -221 removed lines

@@ -32,225 +32,225 @@
  */
 class WebStart extends ApplicationBase
 {
-    /**
-     * @var IRequestRouter $requestRouter The request router to use. Note that different entry points have different
-     *                                    routers and hence different URL mappings
-     */
-    private $requestRouter;
-    /**
-     * @var bool $isPublic Determines whether to use public interface objects or internal interface objects
-     */
-    private $isPublic = false;
-
-    /**
-     * WebStart constructor.
-     *
-     * @param SiteConfiguration $configuration The site configuration
-     * @param IRequestRouter    $router        The request router to use
-     */
-    public function __construct(SiteConfiguration $configuration, IRequestRouter $router)
-    {
-        parent::__construct($configuration);
-
-        $this->requestRouter = $router;
-    }
-
-    /**
-     * @param ITask             $page
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $database
-     * @param PdoDatabase       $notificationsDatabase
-     *
-     * @return void
-     */
-    protected function setupHelpers(
-        ITask $page,
-        SiteConfiguration $siteConfiguration,
-        PdoDatabase $database,
-        PdoDatabase $notificationsDatabase = null
-    ) {
-        parent::setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
-
-        if ($page instanceof PageBase) {
-            $page->setTokenManager(new TokenManager());
-            $page->setCspManager(new ContentSecurityPolicyManager($siteConfiguration));
-
-            if ($page instanceof InternalPageBase) {
-                $page->setTypeAheadHelper(new TypeAheadHelper());
-
-                $identificationVerifier = new IdentificationVerifier($page->getHttpHelper(), $siteConfiguration,
-                    $database);
-                $page->setIdentificationVerifier($identificationVerifier);
-
-                $page->setSecurityManager(new SecurityManager($identificationVerifier, new RoleConfiguration()));
-
-                if ($siteConfiguration->getTitleBlacklistEnabled()) {
-                    $page->setBlacklistHelper(new FakeBlacklistHelper());
-                }
-                else {
-                    $page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
-                        $siteConfiguration->getMediawikiWebServiceEndpoint()));
-                }
-            }
-        }
-    }
-
-    /**
-     * Application entry point.
-     *
-     * Sets up the environment and runs the application, performing any global cleanup operations when done.
-     */
-    public function run()
-    {
-        try {
-            if ($this->setupEnvironment()) {
-                $this->main();
-            }
-        }
-        catch (EnvironmentException $ex) {
-            ob_end_clean();
-            print Offline::getOfflineMessage($this->isPublic(), $ex->getMessage());
-        }
-        catch (ReadableException $ex) {
-            ob_end_clean();
-            print $ex->getReadableError();
-        }
-        finally {
-            $this->cleanupEnvironment();
-        }
-    }
-
-    /**
-     * Environment setup
-     *
-     * This method initialises the tool environment. If the tool cannot be initialised correctly, it will return false
-     * and shut down prematurely.
-     *
-     * @return bool
-     * @throws EnvironmentException
-     */
-    protected function setupEnvironment()
-    {
-        // initialise global exception handler
-        set_exception_handler(array(ExceptionHandler::class, 'exceptionHandler'));
-        set_error_handler(array(ExceptionHandler::class, 'errorHandler'), E_RECOVERABLE_ERROR);
-
-        // start output buffering if necessary
-        if (ob_get_level() === 0) {
-            ob_start();
-        }
-
-        // initialise super-global providers
-        WebRequest::setGlobalStateProvider(new GlobalStateProvider());
-
-        if (Offline::isOffline()) {
-            print Offline::getOfflineMessage($this->isPublic());
-            ob_end_flush();
-
-            return false;
-        }
-
-        // Call parent setup
-        if (!parent::setupEnvironment()) {
-            return false;
-        }
-
-        // Start up sessions
-        Session::start();
-
-        // Check the user is allowed to be logged in still. This must be before we call any user-loading functions and
-        // get the current user cached.
-        // I'm not sure if this function call being here is particularly a good thing, but it's part of starting up a
-        // session I suppose.
-        $this->checkForceLogout();
-
-        // environment initialised!
-        return true;
-    }
-
-    /**
-     * Main application logic
-     */
-    protected function main()
-    {
-        // Get the right route for the request
-        $page = $this->requestRouter->route();
-
-        $siteConfiguration = $this->getConfiguration();
-        $database = PdoDatabase::getDatabaseConnection('acc');
-
-        if ($siteConfiguration->getIrcNotificationsEnabled()) {
-            $notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
-        }
-        else {
-            // @todo federated table here?
-            $notificationsDatabase = $database;
-        }
-
-        $this->setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
-
-        /* @todo Remove this global statement! It's here for User.php, which does far more than it should. */
-        global $oauthProtocolHelper;
-        $oauthProtocolHelper = $page->getOAuthProtocolHelper();
-
-        /* @todo Remove this global statement! It's here for Request.php, which does far more than it should. */
-        global $globalXffTrustProvider;
-        $globalXffTrustProvider = $page->getXffTrustProvider();
-
-        // run the route code for the request.
-        $page->execute();
-    }
-
-    /**
-     * Any cleanup tasks should go here
-     *
-     * Note that we need to be very careful here, as exceptions may have been thrown and handled.
-     * This should *only* be for cleaning up, no logic should go here.
-     */
-    protected function cleanupEnvironment()
-    {
-        // Clean up anything we splurged after sending the page.
-        if (ob_get_level() > 0) {
-            for ($i = ob_get_level(); $i > 0; $i--) {
-                ob_end_clean();
-            }
-        }
-    }
-
-    private function checkForceLogout()
-    {
-        $database = PdoDatabase::getDatabaseConnection('acc');
-
-        $sessionUserId = WebRequest::getSessionUserId();
-        iF ($sessionUserId === null) {
-            return;
-        }
-
-        // Note, User::getCurrent() caches it's result, which we *really* don't want to trigger.
-        $currentUser = User::getById($sessionUserId, $database);
-
-        if ($currentUser === false) {
-            // Umm... this user has a session cookie with a userId set, but no user exists...
-            Session::restart();
-
-            $currentUser = User::getCurrent($database);
-        }
-
-        if ($currentUser->getForceLogout()) {
-            Session::restart();
-
-            $currentUser->setForceLogout(false);
-            $currentUser->save();
-        }
-    }
-
-    public function isPublic()
-    {
-        return $this->isPublic;
-    }
-
-    public function setPublic($isPublic)
-    {
-        $this->isPublic = $isPublic;
-    }
+	/**
+	 * @var IRequestRouter $requestRouter The request router to use. Note that different entry points have different
+	 *                                    routers and hence different URL mappings
+	 */
+	private $requestRouter;
+	/**
+	 * @var bool $isPublic Determines whether to use public interface objects or internal interface objects
+	 */
+	private $isPublic = false;
+
+	/**
+	 * WebStart constructor.
+	 *
+	 * @param SiteConfiguration $configuration The site configuration
+	 * @param IRequestRouter    $router        The request router to use
+	 */
+	public function __construct(SiteConfiguration $configuration, IRequestRouter $router)
+	{
+		parent::__construct($configuration);
+
+		$this->requestRouter = $router;
+	}
+
+	/**
+	 * @param ITask             $page
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $database
+	 * @param PdoDatabase       $notificationsDatabase
+	 *
+	 * @return void
+	 */
+	protected function setupHelpers(
+		ITask $page,
+		SiteConfiguration $siteConfiguration,
+		PdoDatabase $database,
+		PdoDatabase $notificationsDatabase = null
+	) {
+		parent::setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
+
+		if ($page instanceof PageBase) {
+			$page->setTokenManager(new TokenManager());
+			$page->setCspManager(new ContentSecurityPolicyManager($siteConfiguration));
+
+			if ($page instanceof InternalPageBase) {
+				$page->setTypeAheadHelper(new TypeAheadHelper());
+
+				$identificationVerifier = new IdentificationVerifier($page->getHttpHelper(), $siteConfiguration,
+					$database);
+				$page->setIdentificationVerifier($identificationVerifier);
+
+				$page->setSecurityManager(new SecurityManager($identificationVerifier, new RoleConfiguration()));
+
+				if ($siteConfiguration->getTitleBlacklistEnabled()) {
+					$page->setBlacklistHelper(new FakeBlacklistHelper());
+				}
+				else {
+					$page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
+						$siteConfiguration->getMediawikiWebServiceEndpoint()));
+				}
+			}
+		}
+	}
+
+	/**
+	 * Application entry point.
+	 *
+	 * Sets up the environment and runs the application, performing any global cleanup operations when done.
+	 */
+	public function run()
+	{
+		try {
+			if ($this->setupEnvironment()) {
+				$this->main();
+			}
+		}
+		catch (EnvironmentException $ex) {
+			ob_end_clean();
+			print Offline::getOfflineMessage($this->isPublic(), $ex->getMessage());
+		}
+		catch (ReadableException $ex) {
+			ob_end_clean();
+			print $ex->getReadableError();
+		}
+		finally {
+			$this->cleanupEnvironment();
+		}
+	}
+
+	/**
+	 * Environment setup
+	 *
+	 * This method initialises the tool environment. If the tool cannot be initialised correctly, it will return false
+	 * and shut down prematurely.
+	 *
+	 * @return bool
+	 * @throws EnvironmentException
+	 */
+	protected function setupEnvironment()
+	{
+		// initialise global exception handler
+		set_exception_handler(array(ExceptionHandler::class, 'exceptionHandler'));
+		set_error_handler(array(ExceptionHandler::class, 'errorHandler'), E_RECOVERABLE_ERROR);
+
+		// start output buffering if necessary
+		if (ob_get_level() === 0) {
+			ob_start();
+		}
+
+		// initialise super-global providers
+		WebRequest::setGlobalStateProvider(new GlobalStateProvider());
+
+		if (Offline::isOffline()) {
+			print Offline::getOfflineMessage($this->isPublic());
+			ob_end_flush();
+
+			return false;
+		}
+
+		// Call parent setup
+		if (!parent::setupEnvironment()) {
+			return false;
+		}
+
+		// Start up sessions
+		Session::start();
+
+		// Check the user is allowed to be logged in still. This must be before we call any user-loading functions and
+		// get the current user cached.
+		// I'm not sure if this function call being here is particularly a good thing, but it's part of starting up a
+		// session I suppose.
+		$this->checkForceLogout();
+
+		// environment initialised!
+		return true;
+	}
+
+	/**
+	 * Main application logic
+	 */
+	protected function main()
+	{
+		// Get the right route for the request
+		$page = $this->requestRouter->route();
+
+		$siteConfiguration = $this->getConfiguration();
+		$database = PdoDatabase::getDatabaseConnection('acc');
+
+		if ($siteConfiguration->getIrcNotificationsEnabled()) {
+			$notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
+		}
+		else {
+			// @todo federated table here?
+			$notificationsDatabase = $database;
+		}
+
+		$this->setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
+
+		/* @todo Remove this global statement! It's here for User.php, which does far more than it should. */
+		global $oauthProtocolHelper;
+		$oauthProtocolHelper = $page->getOAuthProtocolHelper();
+
+		/* @todo Remove this global statement! It's here for Request.php, which does far more than it should. */
+		global $globalXffTrustProvider;
+		$globalXffTrustProvider = $page->getXffTrustProvider();
+
+		// run the route code for the request.
+		$page->execute();
+	}
+
+	/**
+	 * Any cleanup tasks should go here
+	 *
+	 * Note that we need to be very careful here, as exceptions may have been thrown and handled.
+	 * This should *only* be for cleaning up, no logic should go here.
+	 */
+	protected function cleanupEnvironment()
+	{
+		// Clean up anything we splurged after sending the page.
+		if (ob_get_level() > 0) {
+			for ($i = ob_get_level(); $i > 0; $i--) {
+				ob_end_clean();
+			}
+		}
+	}
+
+	private function checkForceLogout()
+	{
+		$database = PdoDatabase::getDatabaseConnection('acc');
+
+		$sessionUserId = WebRequest::getSessionUserId();
+		iF ($sessionUserId === null) {
+			return;
+		}
+
+		// Note, User::getCurrent() caches it's result, which we *really* don't want to trigger.
+		$currentUser = User::getById($sessionUserId, $database);
+
+		if ($currentUser === false) {
+			// Umm... this user has a session cookie with a userId set, but no user exists...
+			Session::restart();
+
+			$currentUser = User::getCurrent($database);
+		}
+
+		if ($currentUser->getForceLogout()) {
+			Session::restart();
+
+			$currentUser->setForceLogout(false);
+			$currentUser->save();
+		}
+	}
+
+	public function isPublic()
+	{
+		return $this->isPublic;
+	}
+
+	public function setPublic($isPublic)
+	{
+		$this->isPublic = $isPublic;
+	}
 }

includes/Helpers/OAuthUserHelper.php

Indentation +417 added lines, -417 removed lines

@@ -22,425 +22,425 @@
 
 class OAuthUserHelper implements IMediaWikiClient
 {
-    const TOKEN_REQUEST = 'request';
-    const TOKEN_ACCESS = 'access';
-    /** @var PDOStatement */
-    private static $tokenCountStatement = null;
-    /** @var PDOStatement */
-    private $getTokenStatement;
-    /**
-     * @var User
-     */
-    private $user;
-    /**
-     * @var PdoDatabase
-     */
-    private $database;
-    /**
-     * @var IOAuthProtocolHelper
-     */
-    private $oauthProtocolHelper;
-    /**
-     * @var bool|null Is the user linked to OAuth
-     */
-    private $linked;
-    private $partiallyLinked;
-    /** @var OAuthToken */
-    private $accessToken;
-    /** @var bool */
-    private $accessTokenLoaded = false;
-    /**
-     * @var OAuthIdentity
-     */
-    private $identity = null;
-    /**
-     * @var bool
-     */
-    private $identityLoaded = false;
-    /**
-     * @var SiteConfiguration
-     */
-    private $siteConfiguration;
-
-    #region Static methods
-    public static function findUserByRequestToken($requestToken, PdoDatabase $database)
-    {
-        $statement = $database->prepare(<<<'SQL'
+	const TOKEN_REQUEST = 'request';
+	const TOKEN_ACCESS = 'access';
+	/** @var PDOStatement */
+	private static $tokenCountStatement = null;
+	/** @var PDOStatement */
+	private $getTokenStatement;
+	/**
+	 * @var User
+	 */
+	private $user;
+	/**
+	 * @var PdoDatabase
+	 */
+	private $database;
+	/**
+	 * @var IOAuthProtocolHelper
+	 */
+	private $oauthProtocolHelper;
+	/**
+	 * @var bool|null Is the user linked to OAuth
+	 */
+	private $linked;
+	private $partiallyLinked;
+	/** @var OAuthToken */
+	private $accessToken;
+	/** @var bool */
+	private $accessTokenLoaded = false;
+	/**
+	 * @var OAuthIdentity
+	 */
+	private $identity = null;
+	/**
+	 * @var bool
+	 */
+	private $identityLoaded = false;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $siteConfiguration;
+
+	#region Static methods
+	public static function findUserByRequestToken($requestToken, PdoDatabase $database)
+	{
+		$statement = $database->prepare(<<<'SQL'
             SELECT u.* FROM user u 
             INNER JOIN oauthtoken t ON t.user = u.id 
             WHERE t.type = :type AND t.token = :token
 SQL
-        );
-        $statement->execute(array(':type' => self::TOKEN_REQUEST, ':token' => $requestToken));
-
-        /** @var User $user */
-        $user = $statement->fetchObject(User::class);
-        $statement->closeCursor();
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Token not found in store, please try again');
-        }
-
-        $user->setDatabase($database);
-
-        return $user;
-    }
-
-    public static function userIsFullyLinked(User $user, PdoDatabase $database = null)
-    {
-        if (self::$tokenCountStatement === null && $database === null) {
-            throw new ApplicationLogicException('Static link request without initialised statement');
-        }
-
-        return self::runTokenCount($user->getId(), $database, self::TOKEN_ACCESS);
-    }
-
-    public static function userIsPartiallyLinked(User $user, PdoDatabase $database = null)
-    {
-        if (self::$tokenCountStatement === null && $database === null) {
-            throw new ApplicationLogicException('Static link request without initialised statement');
-        }
-
-        if (self::userIsFullyLinked($user, $database)) {
-            return false;
-        }
-
-        return self::runTokenCount($user->getId(), $database, self::TOKEN_REQUEST)
-            || $user->getOnWikiName() == null;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     */
-    public static function prepareTokenCountStatement(PdoDatabase $database)
-    {
-        if (self::$tokenCountStatement === null) {
-            self::$tokenCountStatement = $database->prepare('SELECT COUNT(*) FROM oauthtoken WHERE user = :user AND type = :type');
-        }
-    }
-
-    private static function runTokenCount($userId, $database, $tokenType)
-    {
-        if (self::$tokenCountStatement === null) {
-            self::prepareTokenCountStatement($database);
-        }
-
-        self::$tokenCountStatement->execute(array(
-            ':user' => $userId,
-            ':type' => $tokenType,
-        ));
-
-        $tokenCount = self::$tokenCountStatement->fetchColumn();
-        $linked = $tokenCount > 0;
-        self::$tokenCountStatement->closeCursor();
-
-        return $linked;
-    }
-
-    #endregion Static methods
-
-    /**
-     * OAuthUserHelper constructor.
-     *
-     * @param User                 $user
-     * @param PdoDatabase          $database
-     * @param IOAuthProtocolHelper $oauthProtocolHelper
-     * @param SiteConfiguration    $siteConfiguration
-     */
-    public function __construct(
-        User $user,
-        PdoDatabase $database,
-        IOAuthProtocolHelper $oauthProtocolHelper,
-        SiteConfiguration $siteConfiguration
-    ) {
-        $this->user = $user;
-        $this->database = $database;
-        $this->oauthProtocolHelper = $oauthProtocolHelper;
-
-        $this->linked = null;
-        $this->partiallyLinked = null;
-        $this->siteConfiguration = $siteConfiguration;
-
-        self::prepareTokenCountStatement($database);
-        $this->getTokenStatement = $this->database->prepare('SELECT * FROM oauthtoken WHERE user = :user AND type = :type');
-    }
-
-    /**
-     * Determines if the user is fully connected to OAuth.
-     *
-     * @return bool
-     */
-    public function isFullyLinked()
-    {
-        if ($this->linked === null) {
-            $this->linked = self::userIsFullyLinked($this->user, $this->database);
-        }
-
-        return $this->linked;
-    }
-
-    /**
-     * Attempts to figure out if a user is partially linked to OAuth, and therefore needs to complete the OAuth
-     * procedure before configuring.
-     * @return bool
-     */
-    public function isPartiallyLinked()
-    {
-        if ($this->partiallyLinked === null) {
-            $this->partiallyLinked = self::userIsPartiallyLinked($this->user, $this->database);
-        }
-
-        return $this->partiallyLinked;
-    }
-
-    public function canCreateAccount() {
-        return $this->isFullyLinked()
-            && $this->getIdentity(true)->getGrantBasic()
-            && $this->getIdentity(true)->getGrantHighVolume()
-            && $this->getIdentity(true)->getGrantCreateAccount();
-    }
-
-    public function canWelcome() {
-        return $this->isFullyLinked()
-            && $this->getIdentity(true)->getGrantBasic()
-            && $this->getIdentity(true)->getGrantHighVolume()
-            && $this->getIdentity(true)->getGrantCreateEditMovePage();
-    }
-
-    /**
-     * @throws OAuthException
-     */
-    public function refreshIdentity()
-    {
-        $this->loadIdentity();
-
-        if ($this->identity === null) {
-            $this->identity = new OAuthIdentity();
-            $this->identity->setUserId($this->user->getId());
-            $this->identity->setDatabase($this->database);
-        }
-
-        $token = $this->loadAccessToken();
-
-        $rawTicket = $this->oauthProtocolHelper->getIdentityTicket($token->getToken(), $token->getSecret());
-
-        $this->identity->populate($rawTicket);
-
-        if (!$this->identityIsValid()) {
-            throw new OAuthException('Identity ticket is not valid!');
-        }
-
-        $this->identity->save();
-
-        $this->user->setOnWikiName($this->identity->getUsername());
-        $this->user->save();
-    }
-
-    public function getRequestToken()
-    {
-        $token = $this->oauthProtocolHelper->getRequestToken();
-
-        $this->partiallyLinked = true;
-        $this->linked = false;
-
-        $this->database
-            ->prepare('DELETE FROM oauthtoken WHERE user = :user AND type = :type')
-            ->execute(array(':user' => $this->user->getId(), ':type' => self::TOKEN_REQUEST));
-
-        $this->database
-            ->prepare('INSERT INTO oauthtoken (user, type, token, secret, expiry) VALUES (:user, :type, :token, :secret, DATE_ADD(NOW(), INTERVAL 1 DAY))')
-            ->execute(array(
-                ':user'   => $this->user->getId(),
-                ':type'   => self::TOKEN_REQUEST,
-                ':token'  => $token->key,
-                ':secret' => $token->secret,
-            ));
-
-        return $this->oauthProtocolHelper->getAuthoriseUrl($token->key);
-    }
-
-    public function completeHandshake($verificationToken)
-    {
-        $this->getTokenStatement->execute(array(':user' => $this->user->getId(), ':type' => self::TOKEN_REQUEST));
-
-        /** @var OAuthToken $token */
-        $token = $this->getTokenStatement->fetchObject(OAuthToken::class);
-        $this->getTokenStatement->closeCursor();
-
-        if ($token === false) {
-            throw new ApplicationLogicException('Cannot find request token');
-        }
-
-        $token->setDatabase($this->database);
-
-        $accessToken = $this->oauthProtocolHelper->callbackCompleted($token->getToken(), $token->getSecret(),
-            $verificationToken);
-
-        $clearStatement = $this->database->prepare('DELETE FROM oauthtoken WHERE user = :u AND type = :t');
-        $clearStatement->execute(array(':u' => $this->user->getId(), ':t' => self::TOKEN_ACCESS));
-
-        $token->setToken($accessToken->key);
-        $token->setSecret($accessToken->secret);
-        $token->setType(self::TOKEN_ACCESS);
-        $token->setExpiry(null);
-        $token->save();
-
-        $this->partiallyLinked = false;
-        $this->linked = true;
-
-        $this->refreshIdentity();
-    }
-
-    public function detach()
-    {
-        $this->loadIdentity();
-
-        $this->identity->delete();
-        $statement = $this->database->prepare('DELETE FROM oauthtoken WHERE user = :user');
-        $statement->execute(array(':user' => $this->user->getId()));
-
-        $this->identity = null;
-        $this->linked = false;
-        $this->partiallyLinked = false;
-    }
-
-    /**
-     * @param bool $expiredOk
-     *
-     * @return OAuthIdentity
-     * @throws OAuthException
-     */
-    public function getIdentity($expiredOk = false)
-    {
-        $this->loadIdentity();
-
-        if (!$this->identityIsValid($expiredOk)) {
-            throw new OAuthException('Stored identity is not valid.');
-        }
-
-        return $this->identity;
-    }
-
-    public function doApiCall($params, $method)
-    {
-        // Ensure we're logged in
-        $params['assert'] = 'user';
-
-        $token = $this->loadAccessToken();
-        return $this->oauthProtocolHelper->apiCall($params, $token->getToken(), $token->getSecret(), $method);
-    }
-
-    /**
-     * @param bool $expiredOk
-     *
-     * @return bool
-     */
-    private function identityIsValid($expiredOk = false)
-    {
-        $this->loadIdentity();
-
-        if ($this->identity === null) {
-            return false;
-        }
-
-        if ($this->identity->getIssuedAtTime() === false
-            || $this->identity->getExpirationTime() === false
-            || $this->identity->getAudience() === false
-            || $this->identity->getIssuer() === false
-        ) {
-            // this isn't populated properly.
-            return false;
-        }
-
-        $issue = DateTimeImmutable::createFromFormat("U", $this->identity->getIssuedAtTime());
-        $now = new DateTimeImmutable();
-
-        if ($issue > $now) {
-            // wat.
-            return false;
-        }
-
-        if ($this->identityExpired() && !$expiredOk) {
-            // soz.
-            return false;
-        }
-
-        if ($this->identity->getAudience() !== $this->siteConfiguration->getOAuthConsumerToken()) {
-            // token not issued for us
-            return false;
-        }
-
-        if ($this->identity->getIssuer() !== $this->siteConfiguration->getOauthMediaWikiCanonicalServer()) {
-            // token not issued by the right person
-            return false;
-        }
-
-        // can't find a reason to not trust it
-        return true;
-    }
-
-    /**
-     * @return bool
-     */
-    public function identityExpired()
-    {
-        // allowed max age
-        $gracePeriod = $this->siteConfiguration->getOauthIdentityGraceTime();
-
-        $expiry = DateTimeImmutable::createFromFormat("U", $this->identity->getExpirationTime());
-        $graceExpiry = $expiry->modify($gracePeriod);
-        $now = new DateTimeImmutable();
-
-        return $graceExpiry < $now;
-    }
-
-    /**
-     * Loads the OAuth identity from the database for the current user.
-     */
-    private function loadIdentity()
-    {
-        if ($this->identityLoaded) {
-            return;
-        }
-
-        $statement = $this->database->prepare('SELECT * FROM oauthidentity WHERE user = :user');
-        $statement->execute(array(':user' => $this->user->getId()));
-        /** @var OAuthIdentity $obj */
-        $obj = $statement->fetchObject(OAuthIdentity::class);
-
-        if ($obj === false) {
-            // failed to load identity.
-            $this->identityLoaded = true;
-            $this->identity = null;
-
-            return;
-        }
-
-        $obj->setDatabase($this->database);
-        $this->identityLoaded = true;
-        $this->identity = $obj;
-    }
-
-    /**
-     * @return OAuthToken
-     * @throws OAuthException
-     */
-    private function loadAccessToken()
-    {
-        if (!$this->accessTokenLoaded) {
-            $this->getTokenStatement->execute(array(':user' => $this->user->getId(), ':type' => self::TOKEN_ACCESS));
-            /** @var OAuthToken $token */
-            $token = $this->getTokenStatement->fetchObject(OAuthToken::class);
-            $this->getTokenStatement->closeCursor();
-
-            if ($token === false) {
-                throw new OAuthException('Access token not found!');
-            }
-
-            $this->accessToken = $token;
-            $this->accessTokenLoaded = true;
-        }
-
-        return $this->accessToken;
-    }
+		);
+		$statement->execute(array(':type' => self::TOKEN_REQUEST, ':token' => $requestToken));
+
+		/** @var User $user */
+		$user = $statement->fetchObject(User::class);
+		$statement->closeCursor();
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Token not found in store, please try again');
+		}
+
+		$user->setDatabase($database);
+
+		return $user;
+	}
+
+	public static function userIsFullyLinked(User $user, PdoDatabase $database = null)
+	{
+		if (self::$tokenCountStatement === null && $database === null) {
+			throw new ApplicationLogicException('Static link request without initialised statement');
+		}
+
+		return self::runTokenCount($user->getId(), $database, self::TOKEN_ACCESS);
+	}
+
+	public static function userIsPartiallyLinked(User $user, PdoDatabase $database = null)
+	{
+		if (self::$tokenCountStatement === null && $database === null) {
+			throw new ApplicationLogicException('Static link request without initialised statement');
+		}
+
+		if (self::userIsFullyLinked($user, $database)) {
+			return false;
+		}
+
+		return self::runTokenCount($user->getId(), $database, self::TOKEN_REQUEST)
+			|| $user->getOnWikiName() == null;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 */
+	public static function prepareTokenCountStatement(PdoDatabase $database)
+	{
+		if (self::$tokenCountStatement === null) {
+			self::$tokenCountStatement = $database->prepare('SELECT COUNT(*) FROM oauthtoken WHERE user = :user AND type = :type');
+		}
+	}
+
+	private static function runTokenCount($userId, $database, $tokenType)
+	{
+		if (self::$tokenCountStatement === null) {
+			self::prepareTokenCountStatement($database);
+		}
+
+		self::$tokenCountStatement->execute(array(
+			':user' => $userId,
+			':type' => $tokenType,
+		));
+
+		$tokenCount = self::$tokenCountStatement->fetchColumn();
+		$linked = $tokenCount > 0;
+		self::$tokenCountStatement->closeCursor();
+
+		return $linked;
+	}
+
+	#endregion Static methods
+
+	/**
+	 * OAuthUserHelper constructor.
+	 *
+	 * @param User                 $user
+	 * @param PdoDatabase          $database
+	 * @param IOAuthProtocolHelper $oauthProtocolHelper
+	 * @param SiteConfiguration    $siteConfiguration
+	 */
+	public function __construct(
+		User $user,
+		PdoDatabase $database,
+		IOAuthProtocolHelper $oauthProtocolHelper,
+		SiteConfiguration $siteConfiguration
+	) {
+		$this->user = $user;
+		$this->database = $database;
+		$this->oauthProtocolHelper = $oauthProtocolHelper;
+
+		$this->linked = null;
+		$this->partiallyLinked = null;
+		$this->siteConfiguration = $siteConfiguration;
+
+		self::prepareTokenCountStatement($database);
+		$this->getTokenStatement = $this->database->prepare('SELECT * FROM oauthtoken WHERE user = :user AND type = :type');
+	}
+
+	/**
+	 * Determines if the user is fully connected to OAuth.
+	 *
+	 * @return bool
+	 */
+	public function isFullyLinked()
+	{
+		if ($this->linked === null) {
+			$this->linked = self::userIsFullyLinked($this->user, $this->database);
+		}
+
+		return $this->linked;
+	}
+
+	/**
+	 * Attempts to figure out if a user is partially linked to OAuth, and therefore needs to complete the OAuth
+	 * procedure before configuring.
+	 * @return bool
+	 */
+	public function isPartiallyLinked()
+	{
+		if ($this->partiallyLinked === null) {
+			$this->partiallyLinked = self::userIsPartiallyLinked($this->user, $this->database);
+		}
+
+		return $this->partiallyLinked;
+	}
+
+	public function canCreateAccount() {
+		return $this->isFullyLinked()
+			&& $this->getIdentity(true)->getGrantBasic()
+			&& $this->getIdentity(true)->getGrantHighVolume()
+			&& $this->getIdentity(true)->getGrantCreateAccount();
+	}
+
+	public function canWelcome() {
+		return $this->isFullyLinked()
+			&& $this->getIdentity(true)->getGrantBasic()
+			&& $this->getIdentity(true)->getGrantHighVolume()
+			&& $this->getIdentity(true)->getGrantCreateEditMovePage();
+	}
+
+	/**
+	 * @throws OAuthException
+	 */
+	public function refreshIdentity()
+	{
+		$this->loadIdentity();
+
+		if ($this->identity === null) {
+			$this->identity = new OAuthIdentity();
+			$this->identity->setUserId($this->user->getId());
+			$this->identity->setDatabase($this->database);
+		}
+
+		$token = $this->loadAccessToken();
+
+		$rawTicket = $this->oauthProtocolHelper->getIdentityTicket($token->getToken(), $token->getSecret());
+
+		$this->identity->populate($rawTicket);
+
+		if (!$this->identityIsValid()) {
+			throw new OAuthException('Identity ticket is not valid!');
+		}
+
+		$this->identity->save();
+
+		$this->user->setOnWikiName($this->identity->getUsername());
+		$this->user->save();
+	}
+
+	public function getRequestToken()
+	{
+		$token = $this->oauthProtocolHelper->getRequestToken();
+
+		$this->partiallyLinked = true;
+		$this->linked = false;
+
+		$this->database
+			->prepare('DELETE FROM oauthtoken WHERE user = :user AND type = :type')
+			->execute(array(':user' => $this->user->getId(), ':type' => self::TOKEN_REQUEST));
+
+		$this->database
+			->prepare('INSERT INTO oauthtoken (user, type, token, secret, expiry) VALUES (:user, :type, :token, :secret, DATE_ADD(NOW(), INTERVAL 1 DAY))')
+			->execute(array(
+				':user'   => $this->user->getId(),
+				':type'   => self::TOKEN_REQUEST,
+				':token'  => $token->key,
+				':secret' => $token->secret,
+			));
+
+		return $this->oauthProtocolHelper->getAuthoriseUrl($token->key);
+	}
+
+	public function completeHandshake($verificationToken)
+	{
+		$this->getTokenStatement->execute(array(':user' => $this->user->getId(), ':type' => self::TOKEN_REQUEST));
+
+		/** @var OAuthToken $token */
+		$token = $this->getTokenStatement->fetchObject(OAuthToken::class);
+		$this->getTokenStatement->closeCursor();
+
+		if ($token === false) {
+			throw new ApplicationLogicException('Cannot find request token');
+		}
+
+		$token->setDatabase($this->database);
+
+		$accessToken = $this->oauthProtocolHelper->callbackCompleted($token->getToken(), $token->getSecret(),
+			$verificationToken);
+
+		$clearStatement = $this->database->prepare('DELETE FROM oauthtoken WHERE user = :u AND type = :t');
+		$clearStatement->execute(array(':u' => $this->user->getId(), ':t' => self::TOKEN_ACCESS));
+
+		$token->setToken($accessToken->key);
+		$token->setSecret($accessToken->secret);
+		$token->setType(self::TOKEN_ACCESS);
+		$token->setExpiry(null);
+		$token->save();
+
+		$this->partiallyLinked = false;
+		$this->linked = true;
+
+		$this->refreshIdentity();
+	}
+
+	public function detach()
+	{
+		$this->loadIdentity();
+
+		$this->identity->delete();
+		$statement = $this->database->prepare('DELETE FROM oauthtoken WHERE user = :user');
+		$statement->execute(array(':user' => $this->user->getId()));
+
+		$this->identity = null;
+		$this->linked = false;
+		$this->partiallyLinked = false;
+	}
+
+	/**
+	 * @param bool $expiredOk
+	 *
+	 * @return OAuthIdentity
+	 * @throws OAuthException
+	 */
+	public function getIdentity($expiredOk = false)
+	{
+		$this->loadIdentity();
+
+		if (!$this->identityIsValid($expiredOk)) {
+			throw new OAuthException('Stored identity is not valid.');
+		}
+
+		return $this->identity;
+	}
+
+	public function doApiCall($params, $method)
+	{
+		// Ensure we're logged in
+		$params['assert'] = 'user';
+
+		$token = $this->loadAccessToken();
+		return $this->oauthProtocolHelper->apiCall($params, $token->getToken(), $token->getSecret(), $method);
+	}
+
+	/**
+	 * @param bool $expiredOk
+	 *
+	 * @return bool
+	 */
+	private function identityIsValid($expiredOk = false)
+	{
+		$this->loadIdentity();
+
+		if ($this->identity === null) {
+			return false;
+		}
+
+		if ($this->identity->getIssuedAtTime() === false
+			|| $this->identity->getExpirationTime() === false
+			|| $this->identity->getAudience() === false
+			|| $this->identity->getIssuer() === false
+		) {
+			// this isn't populated properly.
+			return false;
+		}
+
+		$issue = DateTimeImmutable::createFromFormat("U", $this->identity->getIssuedAtTime());
+		$now = new DateTimeImmutable();
+
+		if ($issue > $now) {
+			// wat.
+			return false;
+		}
+
+		if ($this->identityExpired() && !$expiredOk) {
+			// soz.
+			return false;
+		}
+
+		if ($this->identity->getAudience() !== $this->siteConfiguration->getOAuthConsumerToken()) {
+			// token not issued for us
+			return false;
+		}
+
+		if ($this->identity->getIssuer() !== $this->siteConfiguration->getOauthMediaWikiCanonicalServer()) {
+			// token not issued by the right person
+			return false;
+		}
+
+		// can't find a reason to not trust it
+		return true;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function identityExpired()
+	{
+		// allowed max age
+		$gracePeriod = $this->siteConfiguration->getOauthIdentityGraceTime();
+
+		$expiry = DateTimeImmutable::createFromFormat("U", $this->identity->getExpirationTime());
+		$graceExpiry = $expiry->modify($gracePeriod);
+		$now = new DateTimeImmutable();
+
+		return $graceExpiry < $now;
+	}
+
+	/**
+	 * Loads the OAuth identity from the database for the current user.
+	 */
+	private function loadIdentity()
+	{
+		if ($this->identityLoaded) {
+			return;
+		}
+
+		$statement = $this->database->prepare('SELECT * FROM oauthidentity WHERE user = :user');
+		$statement->execute(array(':user' => $this->user->getId()));
+		/** @var OAuthIdentity $obj */
+		$obj = $statement->fetchObject(OAuthIdentity::class);
+
+		if ($obj === false) {
+			// failed to load identity.
+			$this->identityLoaded = true;
+			$this->identity = null;
+
+			return;
+		}
+
+		$obj->setDatabase($this->database);
+		$this->identityLoaded = true;
+		$this->identity = $obj;
+	}
+
+	/**
+	 * @return OAuthToken
+	 * @throws OAuthException
+	 */
+	private function loadAccessToken()
+	{
+		if (!$this->accessTokenLoaded) {
+			$this->getTokenStatement->execute(array(':user' => $this->user->getId(), ':type' => self::TOKEN_ACCESS));
+			/** @var OAuthToken $token */
+			$token = $this->getTokenStatement->fetchObject(OAuthToken::class);
+			$this->getTokenStatement->closeCursor();
+
+			if ($token === false) {
+				throw new OAuthException('Access token not found!');
+			}
+
+			$this->accessToken = $token;
+			$this->accessTokenLoaded = true;
+		}
+
+		return $this->accessToken;
+	}
 }

Braces +4 added lines, -2 removed lines

@@ -193,14 +193,16 @@
         return $this->partiallyLinked;
     }
 
-    public function canCreateAccount() {
+    public function canCreateAccount()
+    {
         return $this->isFullyLinked()
             && $this->getIdentity(true)->getGrantBasic()
             && $this->getIdentity(true)->getGrantHighVolume()
             && $this->getIdentity(true)->getGrantCreateAccount();
     }
 
-    public function canWelcome() {
+    public function canWelcome()
+    {
         return $this->isFullyLinked()
             && $this->getIdentity(true)->getGrantBasic()
             && $this->getIdentity(true)->getGrantHighVolume()

includes/Tasks/InternalPageBase.php

Indentation +224 added lines, -224 removed lines

@@ -23,228 +23,228 @@
 
 abstract class InternalPageBase extends PageBase
 {
-    use NavigationMenuAccessControl;
-
-    /** @var IdentificationVerifier */
-    private $identificationVerifier;
-    /** @var ITypeAheadHelper */
-    private $typeAheadHelper;
-    /** @var SecurityManager */
-    private $securityManager;
-    /** @var IBlacklistHelper */
-    private $blacklistHelper;
-
-    /**
-     * @return ITypeAheadHelper
-     */
-    public function getTypeAheadHelper()
-    {
-        return $this->typeAheadHelper;
-    }
-
-    /**
-     * Sets up the internal IdentificationVerifier instance.  Intended to be called from WebStart::setupHelpers().
-     *
-     * @param IdentificationVerifier $identificationVerifier
-     *
-     * @return void
-     */
-    public function setIdentificationVerifier(IdentificationVerifier $identificationVerifier)
-    {
-        $this->identificationVerifier = $identificationVerifier;
-    }
-
-    /**
-     * @param ITypeAheadHelper $typeAheadHelper
-     */
-    public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
-    {
-        $this->typeAheadHelper = $typeAheadHelper;
-    }
-
-    /**
-     * Runs the page code
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    final public function execute()
-    {
-        if ($this->getRouteName() === null) {
-            throw new Exception("Request is unrouted.");
-        }
-
-        if ($this->getSiteConfiguration() === null) {
-            throw new Exception("Page has no configuration!");
-        }
-
-        $this->setupPage();
-
-        $this->touchUserLastActive();
-
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        // Hey, this is also a security barrier, in addition to the below. Separated out for readability.
-        if (!$this->isProtectedPage()) {
-            // This page is /not/ a protected page, as such we can just run it.
-            $this->runPage();
-
-            return;
-        }
-
-        // Security barrier.
-        //
-        // This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
-        // away for us
-        $securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
-        if ($securityResult === SecurityManager::ALLOWED) {
-            // We're allowed to run the page, so let's run it.
-            $this->runPage();
-        }
-        else {
-            $this->handleAccessDenied($securityResult);
-
-            // Send the headers
-            $this->sendResponseHeaders();
-        }
-    }
-
-    /**
-     * Performs final tasks needed before rendering the page.
-     */
-    final public function finalisePage()
-    {
-        parent::finalisePage();
-
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        if ($this->barrierTest('viewSiteNotice', User::getCurrent($database), 'GlobalInfo')) {
-            $siteNoticeText = SiteNotice::get($this->getDatabase());
-            $this->assign('siteNoticeText', $siteNoticeText);
-        }
-
-        if ($this->barrierTest('viewOnlineUsers', User::getCurrent($database), 'GlobalInfo')) {
-            $sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
-            $statement = $database->query($sql);
-            $activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
-            $this->assign('onlineusers', $activeUsers);
-        }
-
-        $this->setupNavMenuAccess($currentUser);
-    }
-
-    /**
-     * Configures whether the page respects roles or not. You probably want this to return true.
-     *
-     * Set to false for public pages. You probably want this to return true.
-     *
-     * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
-     * on this page, so you probably want this to return true.
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    protected function isProtectedPage()
-    {
-        return true;
-    }
-
-    protected function handleAccessDenied($denyReason)
-    {
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        // Not allowed to access this resource.
-        // Firstly, let's check if we're even logged in.
-        if ($currentUser->isCommunityUser()) {
-            // Not logged in, redirect to login page
-            WebRequest::setPostLoginRedirect();
-            $this->redirect("login");
-
-            return;
-        }
-        else {
-            // Decide whether this was a rights failure, or an identification failure.
-
-            if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
-                // Not identified
-                throw new NotIdentifiedException($this->getSecurityManager());
-            }
-            elseif ($denyReason === SecurityManager::ERROR_DENIED) {
-                // Nope, plain old access denied
-                throw new AccessDeniedException($this->getSecurityManager());
-            }
-            else {
-                throw new Exception('Unknown response from security manager.');
-            }
-        }
-    }
-
-    /**
-     * Tests the security barrier for a specified action.
-     *
-     * Don't use within templates
-     *
-     * @param string      $action
-     *
-     * @param User        $user
-     * @param null|string $pageName
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    final public function barrierTest($action, User $user, $pageName = null)
-    {
-        $page = get_called_class();
-        if ($pageName !== null) {
-            $page = $pageName;
-        }
-
-        $securityResult = $this->getSecurityManager()->allows($page, $action, $user);
-
-        return $securityResult === SecurityManager::ALLOWED;
-    }
-
-    /**
-     * Updates the lastactive timestamp
-     */
-    private function touchUserLastActive()
-    {
-        if (WebRequest::getSessionUserId() !== null) {
-            $query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
-            $this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
-        }
-    }
-
-    /**
-     * @return SecurityManager
-     */
-    public function getSecurityManager()
-    {
-        return $this->securityManager;
-    }
-
-    /**
-     * @param SecurityManager $securityManager
-     */
-    public function setSecurityManager(SecurityManager $securityManager)
-    {
-        $this->securityManager = $securityManager;
-    }
-
-    /**
-     * @return IBlacklistHelper
-     */
-    public function getBlacklistHelper()
-    {
-        return $this->blacklistHelper;
-    }
-
-    /**
-     * @param IBlacklistHelper $blacklistHelper
-     */
-    public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
-    {
-        $this->blacklistHelper = $blacklistHelper;
-    }
+	use NavigationMenuAccessControl;
+
+	/** @var IdentificationVerifier */
+	private $identificationVerifier;
+	/** @var ITypeAheadHelper */
+	private $typeAheadHelper;
+	/** @var SecurityManager */
+	private $securityManager;
+	/** @var IBlacklistHelper */
+	private $blacklistHelper;
+
+	/**
+	 * @return ITypeAheadHelper
+	 */
+	public function getTypeAheadHelper()
+	{
+		return $this->typeAheadHelper;
+	}
+
+	/**
+	 * Sets up the internal IdentificationVerifier instance.  Intended to be called from WebStart::setupHelpers().
+	 *
+	 * @param IdentificationVerifier $identificationVerifier
+	 *
+	 * @return void
+	 */
+	public function setIdentificationVerifier(IdentificationVerifier $identificationVerifier)
+	{
+		$this->identificationVerifier = $identificationVerifier;
+	}
+
+	/**
+	 * @param ITypeAheadHelper $typeAheadHelper
+	 */
+	public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
+	{
+		$this->typeAheadHelper = $typeAheadHelper;
+	}
+
+	/**
+	 * Runs the page code
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	final public function execute()
+	{
+		if ($this->getRouteName() === null) {
+			throw new Exception("Request is unrouted.");
+		}
+
+		if ($this->getSiteConfiguration() === null) {
+			throw new Exception("Page has no configuration!");
+		}
+
+		$this->setupPage();
+
+		$this->touchUserLastActive();
+
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		// Hey, this is also a security barrier, in addition to the below. Separated out for readability.
+		if (!$this->isProtectedPage()) {
+			// This page is /not/ a protected page, as such we can just run it.
+			$this->runPage();
+
+			return;
+		}
+
+		// Security barrier.
+		//
+		// This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
+		// away for us
+		$securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
+		if ($securityResult === SecurityManager::ALLOWED) {
+			// We're allowed to run the page, so let's run it.
+			$this->runPage();
+		}
+		else {
+			$this->handleAccessDenied($securityResult);
+
+			// Send the headers
+			$this->sendResponseHeaders();
+		}
+	}
+
+	/**
+	 * Performs final tasks needed before rendering the page.
+	 */
+	final public function finalisePage()
+	{
+		parent::finalisePage();
+
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		if ($this->barrierTest('viewSiteNotice', User::getCurrent($database), 'GlobalInfo')) {
+			$siteNoticeText = SiteNotice::get($this->getDatabase());
+			$this->assign('siteNoticeText', $siteNoticeText);
+		}
+
+		if ($this->barrierTest('viewOnlineUsers', User::getCurrent($database), 'GlobalInfo')) {
+			$sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
+			$statement = $database->query($sql);
+			$activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
+			$this->assign('onlineusers', $activeUsers);
+		}
+
+		$this->setupNavMenuAccess($currentUser);
+	}
+
+	/**
+	 * Configures whether the page respects roles or not. You probably want this to return true.
+	 *
+	 * Set to false for public pages. You probably want this to return true.
+	 *
+	 * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
+	 * on this page, so you probably want this to return true.
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	protected function isProtectedPage()
+	{
+		return true;
+	}
+
+	protected function handleAccessDenied($denyReason)
+	{
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		// Not allowed to access this resource.
+		// Firstly, let's check if we're even logged in.
+		if ($currentUser->isCommunityUser()) {
+			// Not logged in, redirect to login page
+			WebRequest::setPostLoginRedirect();
+			$this->redirect("login");
+
+			return;
+		}
+		else {
+			// Decide whether this was a rights failure, or an identification failure.
+
+			if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
+				// Not identified
+				throw new NotIdentifiedException($this->getSecurityManager());
+			}
+			elseif ($denyReason === SecurityManager::ERROR_DENIED) {
+				// Nope, plain old access denied
+				throw new AccessDeniedException($this->getSecurityManager());
+			}
+			else {
+				throw new Exception('Unknown response from security manager.');
+			}
+		}
+	}
+
+	/**
+	 * Tests the security barrier for a specified action.
+	 *
+	 * Don't use within templates
+	 *
+	 * @param string      $action
+	 *
+	 * @param User        $user
+	 * @param null|string $pageName
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	final public function barrierTest($action, User $user, $pageName = null)
+	{
+		$page = get_called_class();
+		if ($pageName !== null) {
+			$page = $pageName;
+		}
+
+		$securityResult = $this->getSecurityManager()->allows($page, $action, $user);
+
+		return $securityResult === SecurityManager::ALLOWED;
+	}
+
+	/**
+	 * Updates the lastactive timestamp
+	 */
+	private function touchUserLastActive()
+	{
+		if (WebRequest::getSessionUserId() !== null) {
+			$query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
+			$this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
+		}
+	}
+
+	/**
+	 * @return SecurityManager
+	 */
+	public function getSecurityManager()
+	{
+		return $this->securityManager;
+	}
+
+	/**
+	 * @param SecurityManager $securityManager
+	 */
+	public function setSecurityManager(SecurityManager $securityManager)
+	{
+		$this->securityManager = $securityManager;
+	}
+
+	/**
+	 * @return IBlacklistHelper
+	 */
+	public function getBlacklistHelper()
+	{
+		return $this->blacklistHelper;
+	}
+
+	/**
+	 * @param IBlacklistHelper $blacklistHelper
+	 */
+	public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
+	{
+		$this->blacklistHelper = $blacklistHelper;
+	}
 }

includes/ConsoleTasks/RunJobQueueTask.php

Indentation +112 added lines, -112 removed lines

@@ -22,116 +22,116 @@
 
 class RunJobQueueTask extends ConsoleTaskBase
 {
-    private $taskList = array(
-        WelcomeUserTask::class,
-        BotCreationTask::class,
-        UserCreationTask::class
-    );
-
-    public function execute()
-    {
-        $database = $this->getDatabase();
-
-        // ensure we're running inside a tx here.
-        if (!$database->hasActiveTransaction()) {
-            $database->beginTransaction();
-        }
-
-        $sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
-        $statement = $database->prepare($sql);
-        $statement->execute(array(':status' => JobQueue::STATUS_READY, ':lim' => 10));
-        /** @var JobQueue[] $queuedJobs */
-        $queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
-
-        // mark all the jobs as running, and commit the txn so we're not holding onto long-running transactions.
-        // We'll re-lock the row when we get to it.
-        foreach ($queuedJobs as $job) {
-            $job->setDatabase($database);
-            $job->setStatus(JobQueue::STATUS_WAITING);
-            $job->setError(null);
-            $job->setAcknowledged(null);
-            $job->save();
-        }
-
-        $database->commit();
-
-        set_error_handler(array(RunJobQueueTask::class, 'errorHandler'), E_ALL);
-
-        foreach ($queuedJobs as $job) {
-            try {
-                $database->beginTransaction();
-                $job->setStatus(JobQueue::STATUS_RUNNING);
-                $job->save();
-                $database->commit();
-
-                $database->beginTransaction();
-
-                // re-lock the job
-                $job->setStatus(JobQueue::STATUS_RUNNING);
-                $job->save();
-
-                // validate we're allowed to run the requested task (whitelist)
-                if (!in_array($job->getTask(), $this->taskList)) {
-                    throw new ApplicationLogicException('Job task not registered');
-                }
-
-                // Create a task.
-                $taskName = $job->getTask();
-
-                if(!class_exists($taskName)) {
-                    throw new ApplicationLogicException('Job task does not exist');
-                }
-
-                /** @var BackgroundTaskBase $task */
-                $task = new $taskName;
-
-                $this->setupTask($task, $job);
-                $task->run();
-            }
-            catch (Exception $ex) {
-                $database->rollBack();
-                $database->beginTransaction();
-
-                /** @var JobQueue $job */
-                $job = JobQueue::getById($job->getId(), $database);
-                $job->setDatabase($database);
-                $job->setStatus(JobQueue::STATUS_FAILED);
-                $job->setError($ex->getMessage());
-                $job->setAcknowledged(0);
-                $job->save();
-
-                /** @var Request $request */
-                $request = Request::getById($job->getRequest(), $database);
-                if ($request === false) {
-                    $request = null;
-                }
-
-                Logger::backgroundJobIssue($this->getDatabase(), $job);
-
-                $database->commit();
-            }
-            finally {
-                $database->commit();
-            }
-        }
-    }
-
-    /**
-     * @param BackgroundTaskBase $task
-     * @param JobQueue           $job
-     */
-    private function setupTask(BackgroundTaskBase $task, JobQueue $job)
-    {
-        $task->setJob($job);
-        $task->setDatabase($this->getDatabase());
-        $task->setHttpHelper($this->getHttpHelper());
-        $task->setOauthProtocolHelper($this->getOAuthProtocolHelper());
-        $task->setEmailHelper($this->getEmailHelper());
-        $task->setSiteConfiguration($this->getSiteConfiguration());
-        $task->setNotificationHelper($this->getNotificationHelper());
-    }
-
-    public static function errorHandler($errno, $errstr, $errfile, $errline) {
-        throw new Exception($errfile . "@" . $errline . ": " . $errstr);
-    }
+	private $taskList = array(
+		WelcomeUserTask::class,
+		BotCreationTask::class,
+		UserCreationTask::class
+	);
+
+	public function execute()
+	{
+		$database = $this->getDatabase();
+
+		// ensure we're running inside a tx here.
+		if (!$database->hasActiveTransaction()) {
+			$database->beginTransaction();
+		}
+
+		$sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
+		$statement = $database->prepare($sql);
+		$statement->execute(array(':status' => JobQueue::STATUS_READY, ':lim' => 10));
+		/** @var JobQueue[] $queuedJobs */
+		$queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
+
+		// mark all the jobs as running, and commit the txn so we're not holding onto long-running transactions.
+		// We'll re-lock the row when we get to it.
+		foreach ($queuedJobs as $job) {
+			$job->setDatabase($database);
+			$job->setStatus(JobQueue::STATUS_WAITING);
+			$job->setError(null);
+			$job->setAcknowledged(null);
+			$job->save();
+		}
+
+		$database->commit();
+
+		set_error_handler(array(RunJobQueueTask::class, 'errorHandler'), E_ALL);
+
+		foreach ($queuedJobs as $job) {
+			try {
+				$database->beginTransaction();
+				$job->setStatus(JobQueue::STATUS_RUNNING);
+				$job->save();
+				$database->commit();
+
+				$database->beginTransaction();
+
+				// re-lock the job
+				$job->setStatus(JobQueue::STATUS_RUNNING);
+				$job->save();
+
+				// validate we're allowed to run the requested task (whitelist)
+				if (!in_array($job->getTask(), $this->taskList)) {
+					throw new ApplicationLogicException('Job task not registered');
+				}
+
+				// Create a task.
+				$taskName = $job->getTask();
+
+				if(!class_exists($taskName)) {
+					throw new ApplicationLogicException('Job task does not exist');
+				}
+
+				/** @var BackgroundTaskBase $task */
+				$task = new $taskName;
+
+				$this->setupTask($task, $job);
+				$task->run();
+			}
+			catch (Exception $ex) {
+				$database->rollBack();
+				$database->beginTransaction();
+
+				/** @var JobQueue $job */
+				$job = JobQueue::getById($job->getId(), $database);
+				$job->setDatabase($database);
+				$job->setStatus(JobQueue::STATUS_FAILED);
+				$job->setError($ex->getMessage());
+				$job->setAcknowledged(0);
+				$job->save();
+
+				/** @var Request $request */
+				$request = Request::getById($job->getRequest(), $database);
+				if ($request === false) {
+					$request = null;
+				}
+
+				Logger::backgroundJobIssue($this->getDatabase(), $job);
+
+				$database->commit();
+			}
+			finally {
+				$database->commit();
+			}
+		}
+	}
+
+	/**
+	 * @param BackgroundTaskBase $task
+	 * @param JobQueue           $job
+	 */
+	private function setupTask(BackgroundTaskBase $task, JobQueue $job)
+	{
+		$task->setJob($job);
+		$task->setDatabase($this->getDatabase());
+		$task->setHttpHelper($this->getHttpHelper());
+		$task->setOauthProtocolHelper($this->getOAuthProtocolHelper());
+		$task->setEmailHelper($this->getEmailHelper());
+		$task->setSiteConfiguration($this->getSiteConfiguration());
+		$task->setNotificationHelper($this->getNotificationHelper());
+	}
+
+	public static function errorHandler($errno, $errstr, $errfile, $errline) {
+		throw new Exception($errfile . "@" . $errline . ": " . $errstr);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -78,7 +78,7 @@ 
                 // Create a task.
                 $taskName = $job->getTask();
 
-                if(!class_exists($taskName)) {
+                if (!class_exists($taskName)) {
                     throw new ApplicationLogicException('Job task does not exist');
                 }
 
@@ -132,6 +132,6 @@ 
     }
 
     public static function errorHandler($errno, $errstr, $errfile, $errline) {
-        throw new Exception($errfile . "@" . $errline . ": " . $errstr);
+        throw new Exception($errfile."@".$errline.": ".$errstr);
     }
 }

Braces +2 added lines, -1 removed lines

@@ -131,7 +131,8 @@
         $task->setNotificationHelper($this->getNotificationHelper());
     }
 
-    public static function errorHandler($errno, $errstr, $errfile, $errline) {
+    public static function errorHandler($errno, $errstr, $errfile, $errline)
+    {
         throw new Exception($errfile . "@" . $errline . ": " . $errstr);
     }
 }