mdaniels5757 /
waca
@@ -32,369 +32,369 @@ |
||
| 32 | 32 | |
| 33 | 33 | class PageViewRequest extends InternalPageBase |
| 34 | 34 | { |
| 35 | - use RequestData; |
|
| 36 | - |
|
| 37 | - const STATUS_SYMBOL_OPEN = 'Ο'; |
|
| 38 | - const STATUS_SYMBOL_ACCEPTED = '☑'; |
|
| 39 | - const STATUS_SYMBOL_REJECTED = '☒'; |
|
| 40 | - |
|
| 41 | - /** |
|
| 42 | - * Main function for this page, when no specific actions are called. |
|
| 43 | - * @throws ApplicationLogicException |
|
| 44 | - */ |
|
| 45 | - protected function main() |
|
| 46 | - { |
|
| 47 | - // set up csrf protection |
|
| 48 | - $this->assignCSRFToken(); |
|
| 49 | - |
|
| 50 | - // get some useful objects |
|
| 51 | - $database = $this->getDatabase(); |
|
| 52 | - $request = $this->getRequest($database, WebRequest::getInt('id')); |
|
| 53 | - $config = $this->getSiteConfiguration(); |
|
| 54 | - $currentUser = User::getCurrent($database); |
|
| 55 | - |
|
| 56 | - // FIXME: domains! |
|
| 57 | - /** @var Domain $domain */ |
|
| 58 | - $domain = Domain::getById(1, $this->getDatabase()); |
|
| 59 | - $this->assign('mediawikiScriptPath', $domain->getWikiArticlePath()); |
|
| 60 | - |
|
| 61 | - // Shows a page if the email is not confirmed. |
|
| 62 | - if ($request->getEmailConfirm() !== 'Confirmed') { |
|
| 63 | - // Show a banner if the user can manually confirm the request |
|
| 64 | - $viewConfirm = $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageManuallyConfirm::class); |
|
| 65 | - |
|
| 66 | - // If the request is purged, there's nothing to confirm! |
|
| 67 | - if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) { |
|
| 68 | - $viewConfirm = false; |
|
| 69 | - } |
|
| 70 | - |
|
| 71 | - // Render |
|
| 72 | - $this->setTemplate("view-request/not-confirmed.tpl"); |
|
| 73 | - $this->assign("requestId", $request->getId()); |
|
| 74 | - $this->assign("requestVersion", $request->getUpdateVersion()); |
|
| 75 | - $this->assign('canViewConfirmButton', $viewConfirm); |
|
| 76 | - |
|
| 77 | - // Make sure to return, to prevent the leaking of other information. |
|
| 78 | - return; |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - $this->setupBasicData($request, $config); |
|
| 82 | - |
|
| 83 | - $this->setupUsernameData($request); |
|
| 84 | - |
|
| 85 | - $this->setupTitle($request); |
|
| 86 | - |
|
| 87 | - $this->setupReservationDetails($request->getReserved(), $database, $currentUser); |
|
| 88 | - $this->setupGeneralData($database); |
|
| 89 | - |
|
| 90 | - $this->assign('requestDataCleared', false); |
|
| 91 | - if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) { |
|
| 92 | - $this->assign('requestDataCleared', true); |
|
| 93 | - } |
|
| 94 | - |
|
| 95 | - $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser); |
|
| 96 | - |
|
| 97 | - $this->setupCreationTypes($currentUser); |
|
| 98 | - |
|
| 99 | - $this->setupLogData($request, $database, $allowedPrivateData); |
|
| 100 | - |
|
| 101 | - $this->addJs("/api.php?action=templates&targetVariable=templateconfirms"); |
|
| 102 | - |
|
| 103 | - $this->assign('showRevealLink', false); |
|
| 104 | - if ($request->getReserved() === $currentUser->getId() || |
|
| 105 | - $this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData') |
|
| 106 | - ) { |
|
| 107 | - $this->assign('showRevealLink', true); |
|
| 108 | - $this->assign('revealHash', $request->getRevealHash()); |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - $this->assign('canSeeRelatedRequests', false); |
|
| 112 | - if ($allowedPrivateData || $this->barrierTest('seeRelatedRequests', $currentUser, 'RequestData')) { |
|
| 113 | - $this->setupRelatedRequests($request, $config, $database); |
|
| 114 | - } |
|
| 115 | - |
|
| 116 | - $this->assign('canCreateLocalAccount', $this->barrierTest('createLocalAccount', $currentUser, 'RequestData')); |
|
| 117 | - |
|
| 118 | - $closureDate = $request->getClosureDate(); |
|
| 119 | - $date = new DateTime(); |
|
| 120 | - $date->modify("-7 days"); |
|
| 121 | - if ($request->getStatus() == "Closed" && $closureDate < $date) { |
|
| 122 | - $this->assign('isOldRequest', true); |
|
| 123 | - } |
|
| 124 | - $this->assign('canResetOldRequest', $this->barrierTest('reopenOldRequest', $currentUser, 'RequestData')); |
|
| 125 | - $this->assign('canResetPurgedRequest', $this->barrierTest('reopenClearedRequest', $currentUser, 'RequestData')); |
|
| 126 | - |
|
| 127 | - $this->assign('requestEmailSent', $request->getEmailSent()); |
|
| 128 | - |
|
| 129 | - if ($allowedPrivateData) { |
|
| 130 | - $this->setTemplate('view-request/main-with-data.tpl'); |
|
| 131 | - $this->setupPrivateData($request, $config); |
|
| 132 | - $this->assign('canSetBan', $this->barrierTest('set', $currentUser, PageBan::class)); |
|
| 133 | - $this->assign('canSeeCheckuserData', $this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')); |
|
| 134 | - |
|
| 135 | - if ($this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')) { |
|
| 136 | - $this->setTemplate('view-request/main-with-checkuser-data.tpl'); |
|
| 137 | - $this->setupCheckUserData($request); |
|
| 138 | - } |
|
| 139 | - } |
|
| 140 | - else { |
|
| 141 | - $this->setTemplate('view-request/main.tpl'); |
|
| 142 | - } |
|
| 143 | - } |
|
| 144 | - |
|
| 145 | - /** |
|
| 146 | - * @param Request $request |
|
| 147 | - */ |
|
| 148 | - protected function setupTitle(Request $request) |
|
| 149 | - { |
|
| 150 | - $statusSymbol = self::STATUS_SYMBOL_OPEN; |
|
| 151 | - if ($request->getStatus() === RequestStatus::CLOSED) { |
|
| 152 | - if ($request->getWasCreated()) { |
|
| 153 | - $statusSymbol = self::STATUS_SYMBOL_ACCEPTED; |
|
| 154 | - } |
|
| 155 | - else { |
|
| 156 | - $statusSymbol = self::STATUS_SYMBOL_REJECTED; |
|
| 157 | - } |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - $this->setHtmlTitle($statusSymbol . ' #' . $request->getId()); |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - /** |
|
| 164 | - * Sets up data unrelated to the request, such as the email template information |
|
| 165 | - * |
|
| 166 | - * @param PdoDatabase $database |
|
| 167 | - */ |
|
| 168 | - protected function setupGeneralData(PdoDatabase $database) |
|
| 169 | - { |
|
| 170 | - $this->assign('createAccountReason', 'Requested account at [[WP:ACC]], request #'); |
|
| 171 | - |
|
| 172 | - // FIXME: domains |
|
| 173 | - /** @var Domain $domain */ |
|
| 174 | - $domain = Domain::getById(1, $database); |
|
| 175 | - $this->assign('defaultRequestState', RequestQueue::getDefaultQueue($database, 1)->getApiName()); |
|
| 176 | - $this->assign('activeRequestQueues', RequestQueue::getEnabledQueues($database)); |
|
| 177 | - |
|
| 178 | - /** @var EmailTemplate $createdTemplate */ |
|
| 179 | - $createdTemplate = EmailTemplate::getById($domain->getDefaultClose(), $database); |
|
| 180 | - |
|
| 181 | - $this->assign('createdHasJsQuestion', $createdTemplate->getJsquestion() != ''); |
|
| 182 | - $this->assign('createdId', $createdTemplate->getId()); |
|
| 183 | - $this->assign('createdName', $createdTemplate->getName()); |
|
| 184 | - |
|
| 185 | - $preferenceManager = PreferenceManager::getForCurrent($database); |
|
| 186 | - $skipJsAborts = $preferenceManager->getPreference(PreferenceManager::PREF_SKIP_JS_ABORT); |
|
| 187 | - $preferredCreationMode = (int)$preferenceManager->getPreference(PreferenceManager::PREF_CREATION_MODE); |
|
| 188 | - $this->assign('skipJsAborts', $skipJsAborts); |
|
| 189 | - $this->assign('preferredCreationMode', $preferredCreationMode); |
|
| 190 | - |
|
| 191 | - $createReasons = EmailTemplate::getActiveNonpreloadTemplates( |
|
| 192 | - EmailTemplate::ACTION_CREATED, |
|
| 193 | - $database, |
|
| 194 | - $domain->getId(), |
|
| 195 | - $domain->getDefaultClose()); |
|
| 196 | - $this->assign("createReasons", $createReasons); |
|
| 197 | - |
|
| 198 | - $declineReasons = EmailTemplate::getActiveNonpreloadTemplates( |
|
| 199 | - EmailTemplate::ACTION_NOT_CREATED, |
|
| 200 | - $database, |
|
| 201 | - $domain->getId()); |
|
| 202 | - $this->assign("declineReasons", $declineReasons); |
|
| 203 | - |
|
| 204 | - $allCreateReasons = EmailTemplate::getAllActiveTemplates( |
|
| 205 | - EmailTemplate::ACTION_CREATED, |
|
| 206 | - $database, |
|
| 207 | - $domain->getId()); |
|
| 208 | - $this->assign("allCreateReasons", $allCreateReasons); |
|
| 209 | - |
|
| 210 | - $allDeclineReasons = EmailTemplate::getAllActiveTemplates( |
|
| 211 | - EmailTemplate::ACTION_NOT_CREATED, |
|
| 212 | - $database, |
|
| 213 | - $domain->getId()); |
|
| 214 | - $this->assign("allDeclineReasons", $allDeclineReasons); |
|
| 215 | - |
|
| 216 | - $allOtherReasons = EmailTemplate::getAllActiveTemplates( |
|
| 217 | - false, |
|
| 218 | - $database, |
|
| 219 | - $domain->getId()); |
|
| 220 | - $this->assign("allOtherReasons", $allOtherReasons); |
|
| 221 | - } |
|
| 222 | - |
|
| 223 | - private function setupLogData(Request $request, PdoDatabase $database, bool $allowedPrivateData) |
|
| 224 | - { |
|
| 225 | - $currentUser = User::getCurrent($database); |
|
| 226 | - |
|
| 227 | - $logs = LogHelper::getRequestLogsWithComments($request->getId(), $database, $this->getSecurityManager()); |
|
| 228 | - $requestLogs = array(); |
|
| 229 | - |
|
| 230 | - /** @var User[] $nameCache */ |
|
| 231 | - $nameCache = array(); |
|
| 232 | - |
|
| 233 | - $editableComments = $this->barrierTest('editOthers', $currentUser, PageEditComment::class); |
|
| 234 | - |
|
| 235 | - $canFlag = $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageFlagComment::class); |
|
| 236 | - $canUnflag = $this->barrierTest('unflag', $currentUser, PageFlagComment::class); |
|
| 237 | - |
|
| 238 | - /** @var Log|Comment $entry */ |
|
| 239 | - foreach ($logs as $entry) { |
|
| 240 | - // both log and comment have a 'user' field |
|
| 241 | - if (!array_key_exists($entry->getUser(), $nameCache)) { |
|
| 242 | - $entryUser = User::getById($entry->getUser(), $database); |
|
| 243 | - $nameCache[$entry->getUser()] = $entryUser; |
|
| 244 | - } |
|
| 245 | - |
|
| 246 | - if ($entry instanceof Comment) { |
|
| 247 | - // Determine if the comment contains private information. |
|
| 248 | - // Private defined as flagged or restricted visibility, but only when the user isn't allowed |
|
| 249 | - // to see private data |
|
| 250 | - $commentIsRestricted = |
|
| 251 | - ($entry->getFlagged() |
|
| 252 | - || $entry->getVisibility() == 'admin' || $entry->getVisibility() == 'checkuser') |
|
| 253 | - && !$allowedPrivateData; |
|
| 254 | - |
|
| 255 | - // Only allow comment editing if the user is able to edit comments or this is the user's own comment, |
|
| 256 | - // but only when they're allowed to see the comment itself. |
|
| 257 | - $commentIsEditable = ($editableComments || $entry->getUser() == $currentUser->getId()) |
|
| 258 | - && !$commentIsRestricted; |
|
| 259 | - |
|
| 260 | - // Flagging/unflagging can only be done if you can see the comment |
|
| 261 | - $canFlagThisComment = $canFlag |
|
| 262 | - && ( |
|
| 263 | - (!$entry->getFlagged() && !$commentIsRestricted) |
|
| 264 | - || ($entry->getFlagged() && $canUnflag && $commentIsEditable) |
|
| 265 | - ); |
|
| 266 | - |
|
| 267 | - $requestLogs[] = array( |
|
| 268 | - 'type' => 'comment', |
|
| 269 | - 'security' => $entry->getVisibility(), |
|
| 270 | - 'user' => $entry->getVisibility() == 'requester' ? $request->getName() : $nameCache[$entry->getUser()]->getUsername(), |
|
| 271 | - 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), |
|
| 272 | - 'entry' => null, |
|
| 273 | - 'time' => $entry->getTime(), |
|
| 274 | - 'canedit' => $commentIsEditable, |
|
| 275 | - 'id' => $entry->getId(), |
|
| 276 | - 'comment' => $entry->getComment(), |
|
| 277 | - 'flagged' => $entry->getFlagged(), |
|
| 278 | - 'canflag' => $canFlagThisComment, |
|
| 279 | - 'updateversion' => $entry->getUpdateVersion(), |
|
| 280 | - 'edited' => $entry->getEdited(), |
|
| 281 | - 'hidden' => $commentIsRestricted |
|
| 282 | - ); |
|
| 283 | - } |
|
| 284 | - |
|
| 285 | - if ($entry instanceof Log) { |
|
| 286 | - $invalidUserId = $entry->getUser() === -1 || $entry->getUser() === 0; |
|
| 287 | - $entryUser = $invalidUserId ? User::getCommunity() : $nameCache[$entry->getUser()]; |
|
| 288 | - |
|
| 289 | - $entryComment = $entry->getComment(); |
|
| 290 | - |
|
| 291 | - if ($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest') { |
|
| 292 | - $data = unserialize($entry->getComment()); |
|
| 293 | - /** @var JobQueue $job */ |
|
| 294 | - $job = JobQueue::getById($data['job'], $database); |
|
| 295 | - $requestLogs[] = array( |
|
| 296 | - 'type' => 'joblog', |
|
| 297 | - 'security' => 'user', |
|
| 298 | - 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), |
|
| 299 | - 'user' => $entryUser->getUsername(), |
|
| 300 | - 'entry' => LogHelper::getLogDescription($entry), |
|
| 301 | - 'time' => $entry->getTimestamp(), |
|
| 302 | - 'canedit' => false, |
|
| 303 | - 'id' => $entry->getId(), |
|
| 304 | - 'jobId' => $job->getId(), |
|
| 305 | - 'jobDesc' => JobQueue::getTaskDescriptions()[$job->getTask()], |
|
| 306 | - ); |
|
| 307 | - } |
|
| 308 | - else { |
|
| 309 | - $requestLogs[] = array( |
|
| 310 | - 'type' => 'log', |
|
| 311 | - 'security' => 'user', |
|
| 312 | - 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), |
|
| 313 | - 'user' => $entryUser->getUsername(), |
|
| 314 | - 'entry' => LogHelper::getLogDescription($entry), |
|
| 315 | - 'time' => $entry->getTimestamp(), |
|
| 316 | - 'canedit' => false, |
|
| 317 | - 'id' => $entry->getId(), |
|
| 318 | - 'comment' => $entryComment, |
|
| 319 | - ); |
|
| 320 | - } |
|
| 321 | - } |
|
| 322 | - } |
|
| 323 | - |
|
| 324 | - $this->addJs("/api.php?action=users&targetVariable=typeaheaddata"); |
|
| 325 | - |
|
| 326 | - $this->assign("requestLogs", $requestLogs); |
|
| 327 | - } |
|
| 328 | - |
|
| 329 | - /** |
|
| 330 | - * @param Request $request |
|
| 331 | - */ |
|
| 332 | - protected function setupUsernameData(Request $request) |
|
| 333 | - { |
|
| 334 | - $blacklistData = $this->getBlacklistHelper()->isBlacklisted($request->getName()); |
|
| 335 | - |
|
| 336 | - $this->assign('requestIsBlacklisted', $blacklistData !== false); |
|
| 337 | - $this->assign('requestBlacklist', $blacklistData); |
|
| 338 | - |
|
| 339 | - try { |
|
| 340 | - $spoofs = $this->getAntiSpoofProvider()->getSpoofs($request->getName()); |
|
| 341 | - } |
|
| 342 | - catch (Exception $ex) { |
|
| 343 | - $spoofs = $ex->getMessage(); |
|
| 344 | - } |
|
| 345 | - |
|
| 346 | - $this->assign("spoofs", $spoofs); |
|
| 347 | - } |
|
| 348 | - |
|
| 349 | - private function setupCreationTypes(User $user) |
|
| 350 | - { |
|
| 351 | - $this->assign('allowWelcomeSkip', false); |
|
| 352 | - $this->assign('forceWelcomeSkip', false); |
|
| 353 | - |
|
| 354 | - $database = $this->getDatabase(); |
|
| 355 | - $preferenceManager = PreferenceManager::getForCurrent($database); |
|
| 356 | - |
|
| 357 | - $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration()); |
|
| 358 | - |
|
| 359 | - $welcomeTemplate = $preferenceManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE); |
|
| 360 | - |
|
| 361 | - if ($welcomeTemplate != null) { |
|
| 362 | - $this->assign('allowWelcomeSkip', true); |
|
| 363 | - |
|
| 364 | - if (!$oauth->canWelcome()) { |
|
| 365 | - $this->assign('forceWelcomeSkip', true); |
|
| 366 | - } |
|
| 367 | - } |
|
| 368 | - |
|
| 369 | - // test credentials |
|
| 370 | - $canManualCreate = $this->barrierTest(PreferenceManager::CREATION_MANUAL, $user, 'RequestCreation'); |
|
| 371 | - $canOauthCreate = $this->barrierTest(PreferenceManager::CREATION_OAUTH, $user, 'RequestCreation'); |
|
| 372 | - $canBotCreate = $this->barrierTest(PreferenceManager::CREATION_BOT, $user, 'RequestCreation'); |
|
| 373 | - |
|
| 374 | - $this->assign('canManualCreate', $canManualCreate); |
|
| 375 | - $this->assign('canOauthCreate', $canOauthCreate); |
|
| 376 | - $this->assign('canBotCreate', $canBotCreate); |
|
| 377 | - |
|
| 378 | - // show/hide the type radio buttons |
|
| 379 | - $creationHasChoice = count(array_filter([$canManualCreate, $canOauthCreate, $canBotCreate])) > 1; |
|
| 380 | - |
|
| 381 | - $creationModePreference = $preferenceManager->getPreference(PreferenceManager::PREF_CREATION_MODE); |
|
| 382 | - if (!$this->barrierTest($creationModePreference, $user, 'RequestCreation')) { |
|
| 383 | - // user is not allowed to use their default. Force a choice. |
|
| 384 | - $creationHasChoice = true; |
|
| 385 | - } |
|
| 386 | - |
|
| 387 | - $this->assign('creationHasChoice', $creationHasChoice); |
|
| 388 | - |
|
| 389 | - // determine problems in creation types |
|
| 390 | - $this->assign('botProblem', false); |
|
| 391 | - if ($canBotCreate && $this->getSiteConfiguration()->getCreationBotPassword() === null) { |
|
| 392 | - $this->assign('botProblem', true); |
|
| 393 | - } |
|
| 394 | - |
|
| 395 | - $this->assign('oauthProblem', false); |
|
| 396 | - if ($canOauthCreate && !$oauth->canCreateAccount()) { |
|
| 397 | - $this->assign('oauthProblem', true); |
|
| 398 | - } |
|
| 399 | - } |
|
| 35 | + use RequestData; |
|
| 36 | + |
|
| 37 | + const STATUS_SYMBOL_OPEN = 'Ο'; |
|
| 38 | + const STATUS_SYMBOL_ACCEPTED = '☑'; |
|
| 39 | + const STATUS_SYMBOL_REJECTED = '☒'; |
|
| 40 | + |
|
| 41 | + /** |
|
| 42 | + * Main function for this page, when no specific actions are called. |
|
| 43 | + * @throws ApplicationLogicException |
|
| 44 | + */ |
|
| 45 | + protected function main() |
|
| 46 | + { |
|
| 47 | + // set up csrf protection |
|
| 48 | + $this->assignCSRFToken(); |
|
| 49 | + |
|
| 50 | + // get some useful objects |
|
| 51 | + $database = $this->getDatabase(); |
|
| 52 | + $request = $this->getRequest($database, WebRequest::getInt('id')); |
|
| 53 | + $config = $this->getSiteConfiguration(); |
|
| 54 | + $currentUser = User::getCurrent($database); |
|
| 55 | + |
|
| 56 | + // FIXME: domains! |
|
| 57 | + /** @var Domain $domain */ |
|
| 58 | + $domain = Domain::getById(1, $this->getDatabase()); |
|
| 59 | + $this->assign('mediawikiScriptPath', $domain->getWikiArticlePath()); |
|
| 60 | + |
|
| 61 | + // Shows a page if the email is not confirmed. |
|
| 62 | + if ($request->getEmailConfirm() !== 'Confirmed') { |
|
| 63 | + // Show a banner if the user can manually confirm the request |
|
| 64 | + $viewConfirm = $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageManuallyConfirm::class); |
|
| 65 | + |
|
| 66 | + // If the request is purged, there's nothing to confirm! |
|
| 67 | + if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) { |
|
| 68 | + $viewConfirm = false; |
|
| 69 | + } |
|
| 70 | + |
|
| 71 | + // Render |
|
| 72 | + $this->setTemplate("view-request/not-confirmed.tpl"); |
|
| 73 | + $this->assign("requestId", $request->getId()); |
|
| 74 | + $this->assign("requestVersion", $request->getUpdateVersion()); |
|
| 75 | + $this->assign('canViewConfirmButton', $viewConfirm); |
|
| 76 | + |
|
| 77 | + // Make sure to return, to prevent the leaking of other information. |
|
| 78 | + return; |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + $this->setupBasicData($request, $config); |
|
| 82 | + |
|
| 83 | + $this->setupUsernameData($request); |
|
| 84 | + |
|
| 85 | + $this->setupTitle($request); |
|
| 86 | + |
|
| 87 | + $this->setupReservationDetails($request->getReserved(), $database, $currentUser); |
|
| 88 | + $this->setupGeneralData($database); |
|
| 89 | + |
|
| 90 | + $this->assign('requestDataCleared', false); |
|
| 91 | + if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) { |
|
| 92 | + $this->assign('requestDataCleared', true); |
|
| 93 | + } |
|
| 94 | + |
|
| 95 | + $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser); |
|
| 96 | + |
|
| 97 | + $this->setupCreationTypes($currentUser); |
|
| 98 | + |
|
| 99 | + $this->setupLogData($request, $database, $allowedPrivateData); |
|
| 100 | + |
|
| 101 | + $this->addJs("/api.php?action=templates&targetVariable=templateconfirms"); |
|
| 102 | + |
|
| 103 | + $this->assign('showRevealLink', false); |
|
| 104 | + if ($request->getReserved() === $currentUser->getId() || |
|
| 105 | + $this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData') |
|
| 106 | + ) { |
|
| 107 | + $this->assign('showRevealLink', true); |
|
| 108 | + $this->assign('revealHash', $request->getRevealHash()); |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + $this->assign('canSeeRelatedRequests', false); |
|
| 112 | + if ($allowedPrivateData || $this->barrierTest('seeRelatedRequests', $currentUser, 'RequestData')) { |
|
| 113 | + $this->setupRelatedRequests($request, $config, $database); |
|
| 114 | + } |
|
| 115 | + |
|
| 116 | + $this->assign('canCreateLocalAccount', $this->barrierTest('createLocalAccount', $currentUser, 'RequestData')); |
|
| 117 | + |
|
| 118 | + $closureDate = $request->getClosureDate(); |
|
| 119 | + $date = new DateTime(); |
|
| 120 | + $date->modify("-7 days"); |
|
| 121 | + if ($request->getStatus() == "Closed" && $closureDate < $date) { |
|
| 122 | + $this->assign('isOldRequest', true); |
|
| 123 | + } |
|
| 124 | + $this->assign('canResetOldRequest', $this->barrierTest('reopenOldRequest', $currentUser, 'RequestData')); |
|
| 125 | + $this->assign('canResetPurgedRequest', $this->barrierTest('reopenClearedRequest', $currentUser, 'RequestData')); |
|
| 126 | + |
|
| 127 | + $this->assign('requestEmailSent', $request->getEmailSent()); |
|
| 128 | + |
|
| 129 | + if ($allowedPrivateData) { |
|
| 130 | + $this->setTemplate('view-request/main-with-data.tpl'); |
|
| 131 | + $this->setupPrivateData($request, $config); |
|
| 132 | + $this->assign('canSetBan', $this->barrierTest('set', $currentUser, PageBan::class)); |
|
| 133 | + $this->assign('canSeeCheckuserData', $this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')); |
|
| 134 | + |
|
| 135 | + if ($this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')) { |
|
| 136 | + $this->setTemplate('view-request/main-with-checkuser-data.tpl'); |
|
| 137 | + $this->setupCheckUserData($request); |
|
| 138 | + } |
|
| 139 | + } |
|
| 140 | + else { |
|
| 141 | + $this->setTemplate('view-request/main.tpl'); |
|
| 142 | + } |
|
| 143 | + } |
|
| 144 | + |
|
| 145 | + /** |
|
| 146 | + * @param Request $request |
|
| 147 | + */ |
|
| 148 | + protected function setupTitle(Request $request) |
|
| 149 | + { |
|
| 150 | + $statusSymbol = self::STATUS_SYMBOL_OPEN; |
|
| 151 | + if ($request->getStatus() === RequestStatus::CLOSED) { |
|
| 152 | + if ($request->getWasCreated()) { |
|
| 153 | + $statusSymbol = self::STATUS_SYMBOL_ACCEPTED; |
|
| 154 | + } |
|
| 155 | + else { |
|
| 156 | + $statusSymbol = self::STATUS_SYMBOL_REJECTED; |
|
| 157 | + } |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + $this->setHtmlTitle($statusSymbol . ' #' . $request->getId()); |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + /** |
|
| 164 | + * Sets up data unrelated to the request, such as the email template information |
|
| 165 | + * |
|
| 166 | + * @param PdoDatabase $database |
|
| 167 | + */ |
|
| 168 | + protected function setupGeneralData(PdoDatabase $database) |
|
| 169 | + { |
|
| 170 | + $this->assign('createAccountReason', 'Requested account at [[WP:ACC]], request #'); |
|
| 171 | + |
|
| 172 | + // FIXME: domains |
|
| 173 | + /** @var Domain $domain */ |
|
| 174 | + $domain = Domain::getById(1, $database); |
|
| 175 | + $this->assign('defaultRequestState', RequestQueue::getDefaultQueue($database, 1)->getApiName()); |
|
| 176 | + $this->assign('activeRequestQueues', RequestQueue::getEnabledQueues($database)); |
|
| 177 | + |
|
| 178 | + /** @var EmailTemplate $createdTemplate */ |
|
| 179 | + $createdTemplate = EmailTemplate::getById($domain->getDefaultClose(), $database); |
|
| 180 | + |
|
| 181 | + $this->assign('createdHasJsQuestion', $createdTemplate->getJsquestion() != ''); |
|
| 182 | + $this->assign('createdId', $createdTemplate->getId()); |
|
| 183 | + $this->assign('createdName', $createdTemplate->getName()); |
|
| 184 | + |
|
| 185 | + $preferenceManager = PreferenceManager::getForCurrent($database); |
|
| 186 | + $skipJsAborts = $preferenceManager->getPreference(PreferenceManager::PREF_SKIP_JS_ABORT); |
|
| 187 | + $preferredCreationMode = (int)$preferenceManager->getPreference(PreferenceManager::PREF_CREATION_MODE); |
|
| 188 | + $this->assign('skipJsAborts', $skipJsAborts); |
|
| 189 | + $this->assign('preferredCreationMode', $preferredCreationMode); |
|
| 190 | + |
|
| 191 | + $createReasons = EmailTemplate::getActiveNonpreloadTemplates( |
|
| 192 | + EmailTemplate::ACTION_CREATED, |
|
| 193 | + $database, |
|
| 194 | + $domain->getId(), |
|
| 195 | + $domain->getDefaultClose()); |
|
| 196 | + $this->assign("createReasons", $createReasons); |
|
| 197 | + |
|
| 198 | + $declineReasons = EmailTemplate::getActiveNonpreloadTemplates( |
|
| 199 | + EmailTemplate::ACTION_NOT_CREATED, |
|
| 200 | + $database, |
|
| 201 | + $domain->getId()); |
|
| 202 | + $this->assign("declineReasons", $declineReasons); |
|
| 203 | + |
|
| 204 | + $allCreateReasons = EmailTemplate::getAllActiveTemplates( |
|
| 205 | + EmailTemplate::ACTION_CREATED, |
|
| 206 | + $database, |
|
| 207 | + $domain->getId()); |
|
| 208 | + $this->assign("allCreateReasons", $allCreateReasons); |
|
| 209 | + |
|
| 210 | + $allDeclineReasons = EmailTemplate::getAllActiveTemplates( |
|
| 211 | + EmailTemplate::ACTION_NOT_CREATED, |
|
| 212 | + $database, |
|
| 213 | + $domain->getId()); |
|
| 214 | + $this->assign("allDeclineReasons", $allDeclineReasons); |
|
| 215 | + |
|
| 216 | + $allOtherReasons = EmailTemplate::getAllActiveTemplates( |
|
| 217 | + false, |
|
| 218 | + $database, |
|
| 219 | + $domain->getId()); |
|
| 220 | + $this->assign("allOtherReasons", $allOtherReasons); |
|
| 221 | + } |
|
| 222 | + |
|
| 223 | + private function setupLogData(Request $request, PdoDatabase $database, bool $allowedPrivateData) |
|
| 224 | + { |
|
| 225 | + $currentUser = User::getCurrent($database); |
|
| 226 | + |
|
| 227 | + $logs = LogHelper::getRequestLogsWithComments($request->getId(), $database, $this->getSecurityManager()); |
|
| 228 | + $requestLogs = array(); |
|
| 229 | + |
|
| 230 | + /** @var User[] $nameCache */ |
|
| 231 | + $nameCache = array(); |
|
| 232 | + |
|
| 233 | + $editableComments = $this->barrierTest('editOthers', $currentUser, PageEditComment::class); |
|
| 234 | + |
|
| 235 | + $canFlag = $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageFlagComment::class); |
|
| 236 | + $canUnflag = $this->barrierTest('unflag', $currentUser, PageFlagComment::class); |
|
| 237 | + |
|
| 238 | + /** @var Log|Comment $entry */ |
|
| 239 | + foreach ($logs as $entry) { |
|
| 240 | + // both log and comment have a 'user' field |
|
| 241 | + if (!array_key_exists($entry->getUser(), $nameCache)) { |
|
| 242 | + $entryUser = User::getById($entry->getUser(), $database); |
|
| 243 | + $nameCache[$entry->getUser()] = $entryUser; |
|
| 244 | + } |
|
| 245 | + |
|
| 246 | + if ($entry instanceof Comment) { |
|
| 247 | + // Determine if the comment contains private information. |
|
| 248 | + // Private defined as flagged or restricted visibility, but only when the user isn't allowed |
|
| 249 | + // to see private data |
|
| 250 | + $commentIsRestricted = |
|
| 251 | + ($entry->getFlagged() |
|
| 252 | + || $entry->getVisibility() == 'admin' || $entry->getVisibility() == 'checkuser') |
|
| 253 | + && !$allowedPrivateData; |
|
| 254 | + |
|
| 255 | + // Only allow comment editing if the user is able to edit comments or this is the user's own comment, |
|
| 256 | + // but only when they're allowed to see the comment itself. |
|
| 257 | + $commentIsEditable = ($editableComments || $entry->getUser() == $currentUser->getId()) |
|
| 258 | + && !$commentIsRestricted; |
|
| 259 | + |
|
| 260 | + // Flagging/unflagging can only be done if you can see the comment |
|
| 261 | + $canFlagThisComment = $canFlag |
|
| 262 | + && ( |
|
| 263 | + (!$entry->getFlagged() && !$commentIsRestricted) |
|
| 264 | + || ($entry->getFlagged() && $canUnflag && $commentIsEditable) |
|
| 265 | + ); |
|
| 266 | + |
|
| 267 | + $requestLogs[] = array( |
|
| 268 | + 'type' => 'comment', |
|
| 269 | + 'security' => $entry->getVisibility(), |
|
| 270 | + 'user' => $entry->getVisibility() == 'requester' ? $request->getName() : $nameCache[$entry->getUser()]->getUsername(), |
|
| 271 | + 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), |
|
| 272 | + 'entry' => null, |
|
| 273 | + 'time' => $entry->getTime(), |
|
| 274 | + 'canedit' => $commentIsEditable, |
|
| 275 | + 'id' => $entry->getId(), |
|
| 276 | + 'comment' => $entry->getComment(), |
|
| 277 | + 'flagged' => $entry->getFlagged(), |
|
| 278 | + 'canflag' => $canFlagThisComment, |
|
| 279 | + 'updateversion' => $entry->getUpdateVersion(), |
|
| 280 | + 'edited' => $entry->getEdited(), |
|
| 281 | + 'hidden' => $commentIsRestricted |
|
| 282 | + ); |
|
| 283 | + } |
|
| 284 | + |
|
| 285 | + if ($entry instanceof Log) { |
|
| 286 | + $invalidUserId = $entry->getUser() === -1 || $entry->getUser() === 0; |
|
| 287 | + $entryUser = $invalidUserId ? User::getCommunity() : $nameCache[$entry->getUser()]; |
|
| 288 | + |
|
| 289 | + $entryComment = $entry->getComment(); |
|
| 290 | + |
|
| 291 | + if ($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest') { |
|
| 292 | + $data = unserialize($entry->getComment()); |
|
| 293 | + /** @var JobQueue $job */ |
|
| 294 | + $job = JobQueue::getById($data['job'], $database); |
|
| 295 | + $requestLogs[] = array( |
|
| 296 | + 'type' => 'joblog', |
|
| 297 | + 'security' => 'user', |
|
| 298 | + 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), |
|
| 299 | + 'user' => $entryUser->getUsername(), |
|
| 300 | + 'entry' => LogHelper::getLogDescription($entry), |
|
| 301 | + 'time' => $entry->getTimestamp(), |
|
| 302 | + 'canedit' => false, |
|
| 303 | + 'id' => $entry->getId(), |
|
| 304 | + 'jobId' => $job->getId(), |
|
| 305 | + 'jobDesc' => JobQueue::getTaskDescriptions()[$job->getTask()], |
|
| 306 | + ); |
|
| 307 | + } |
|
| 308 | + else { |
|
| 309 | + $requestLogs[] = array( |
|
| 310 | + 'type' => 'log', |
|
| 311 | + 'security' => 'user', |
|
| 312 | + 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), |
|
| 313 | + 'user' => $entryUser->getUsername(), |
|
| 314 | + 'entry' => LogHelper::getLogDescription($entry), |
|
| 315 | + 'time' => $entry->getTimestamp(), |
|
| 316 | + 'canedit' => false, |
|
| 317 | + 'id' => $entry->getId(), |
|
| 318 | + 'comment' => $entryComment, |
|
| 319 | + ); |
|
| 320 | + } |
|
| 321 | + } |
|
| 322 | + } |
|
| 323 | + |
|
| 324 | + $this->addJs("/api.php?action=users&targetVariable=typeaheaddata"); |
|
| 325 | + |
|
| 326 | + $this->assign("requestLogs", $requestLogs); |
|
| 327 | + } |
|
| 328 | + |
|
| 329 | + /** |
|
| 330 | + * @param Request $request |
|
| 331 | + */ |
|
| 332 | + protected function setupUsernameData(Request $request) |
|
| 333 | + { |
|
| 334 | + $blacklistData = $this->getBlacklistHelper()->isBlacklisted($request->getName()); |
|
| 335 | + |
|
| 336 | + $this->assign('requestIsBlacklisted', $blacklistData !== false); |
|
| 337 | + $this->assign('requestBlacklist', $blacklistData); |
|
| 338 | + |
|
| 339 | + try { |
|
| 340 | + $spoofs = $this->getAntiSpoofProvider()->getSpoofs($request->getName()); |
|
| 341 | + } |
|
| 342 | + catch (Exception $ex) { |
|
| 343 | + $spoofs = $ex->getMessage(); |
|
| 344 | + } |
|
| 345 | + |
|
| 346 | + $this->assign("spoofs", $spoofs); |
|
| 347 | + } |
|
| 348 | + |
|
| 349 | + private function setupCreationTypes(User $user) |
|
| 350 | + { |
|
| 351 | + $this->assign('allowWelcomeSkip', false); |
|
| 352 | + $this->assign('forceWelcomeSkip', false); |
|
| 353 | + |
|
| 354 | + $database = $this->getDatabase(); |
|
| 355 | + $preferenceManager = PreferenceManager::getForCurrent($database); |
|
| 356 | + |
|
| 357 | + $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration()); |
|
| 358 | + |
|
| 359 | + $welcomeTemplate = $preferenceManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE); |
|
| 360 | + |
|
| 361 | + if ($welcomeTemplate != null) { |
|
| 362 | + $this->assign('allowWelcomeSkip', true); |
|
| 363 | + |
|
| 364 | + if (!$oauth->canWelcome()) { |
|
| 365 | + $this->assign('forceWelcomeSkip', true); |
|
| 366 | + } |
|
| 367 | + } |
|
| 368 | + |
|
| 369 | + // test credentials |
|
| 370 | + $canManualCreate = $this->barrierTest(PreferenceManager::CREATION_MANUAL, $user, 'RequestCreation'); |
|
| 371 | + $canOauthCreate = $this->barrierTest(PreferenceManager::CREATION_OAUTH, $user, 'RequestCreation'); |
|
| 372 | + $canBotCreate = $this->barrierTest(PreferenceManager::CREATION_BOT, $user, 'RequestCreation'); |
|
| 373 | + |
|
| 374 | + $this->assign('canManualCreate', $canManualCreate); |
|
| 375 | + $this->assign('canOauthCreate', $canOauthCreate); |
|
| 376 | + $this->assign('canBotCreate', $canBotCreate); |
|
| 377 | + |
|
| 378 | + // show/hide the type radio buttons |
|
| 379 | + $creationHasChoice = count(array_filter([$canManualCreate, $canOauthCreate, $canBotCreate])) > 1; |
|
| 380 | + |
|
| 381 | + $creationModePreference = $preferenceManager->getPreference(PreferenceManager::PREF_CREATION_MODE); |
|
| 382 | + if (!$this->barrierTest($creationModePreference, $user, 'RequestCreation')) { |
|
| 383 | + // user is not allowed to use their default. Force a choice. |
|
| 384 | + $creationHasChoice = true; |
|
| 385 | + } |
|
| 386 | + |
|
| 387 | + $this->assign('creationHasChoice', $creationHasChoice); |
|
| 388 | + |
|
| 389 | + // determine problems in creation types |
|
| 390 | + $this->assign('botProblem', false); |
|
| 391 | + if ($canBotCreate && $this->getSiteConfiguration()->getCreationBotPassword() === null) { |
|
| 392 | + $this->assign('botProblem', true); |
|
| 393 | + } |
|
| 394 | + |
|
| 395 | + $this->assign('oauthProblem', false); |
|
| 396 | + if ($canOauthCreate && !$oauth->canCreateAccount()) { |
|
| 397 | + $this->assign('oauthProblem', true); |
|
| 398 | + } |
|
| 399 | + } |
|
| 400 | 400 | } |
@@ -136,8 +136,7 @@ discard block |
||
| 136 | 136 | $this->setTemplate('view-request/main-with-checkuser-data.tpl'); |
| 137 | 137 | $this->setupCheckUserData($request); |
| 138 | 138 | } |
| 139 | - } |
|
| 140 | - else { |
|
| 139 | + } else { |
|
| 141 | 140 | $this->setTemplate('view-request/main.tpl'); |
| 142 | 141 | } |
| 143 | 142 | } |
@@ -151,8 +150,7 @@ discard block |
||
| 151 | 150 | if ($request->getStatus() === RequestStatus::CLOSED) { |
| 152 | 151 | if ($request->getWasCreated()) { |
| 153 | 152 | $statusSymbol = self::STATUS_SYMBOL_ACCEPTED; |
| 154 | - } |
|
| 155 | - else { |
|
| 153 | + } else { |
|
| 156 | 154 | $statusSymbol = self::STATUS_SYMBOL_REJECTED; |
| 157 | 155 | } |
| 158 | 156 | } |
@@ -304,8 +302,7 @@ discard block |
||
| 304 | 302 | 'jobId' => $job->getId(), |
| 305 | 303 | 'jobDesc' => JobQueue::getTaskDescriptions()[$job->getTask()], |
| 306 | 304 | ); |
| 307 | - } |
|
| 308 | - else { |
|
| 305 | + } else { |
|
| 309 | 306 | $requestLogs[] = array( |
| 310 | 307 | 'type' => 'log', |
| 311 | 308 | 'security' => 'user', |
@@ -18,59 +18,59 @@ |
||
| 18 | 18 | |
| 19 | 19 | class PageExpandedRequestList extends InternalPageBase |
| 20 | 20 | { |
| 21 | - use RequestListData; |
|
| 21 | + use RequestListData; |
|
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * Main function for this page, when no specific actions are called. |
|
| 25 | - * @return void |
|
| 26 | - * @todo This is very similar to the PageMain code, we could probably generalise this somehow |
|
| 27 | - */ |
|
| 28 | - protected function main() |
|
| 29 | - { |
|
| 30 | - if (WebRequest::getString('queue') === null) { |
|
| 31 | - $this->redirect(''); |
|
| 32 | - return; |
|
| 33 | - } |
|
| 23 | + /** |
|
| 24 | + * Main function for this page, when no specific actions are called. |
|
| 25 | + * @return void |
|
| 26 | + * @todo This is very similar to the PageMain code, we could probably generalise this somehow |
|
| 27 | + */ |
|
| 28 | + protected function main() |
|
| 29 | + { |
|
| 30 | + if (WebRequest::getString('queue') === null) { |
|
| 31 | + $this->redirect(''); |
|
| 32 | + return; |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - $database = $this->getDatabase(); |
|
| 35 | + $database = $this->getDatabase(); |
|
| 36 | 36 | |
| 37 | - // FIXME: domains |
|
| 38 | - $queue = RequestQueue::getByApiName($database, WebRequest::getString('queue'), 1); |
|
| 37 | + // FIXME: domains |
|
| 38 | + $queue = RequestQueue::getByApiName($database, WebRequest::getString('queue'), 1); |
|
| 39 | 39 | |
| 40 | - if ($queue === false) { |
|
| 41 | - $this->redirect(''); |
|
| 42 | - return; |
|
| 43 | - } |
|
| 40 | + if ($queue === false) { |
|
| 41 | + $this->redirect(''); |
|
| 42 | + return; |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - /** @var SiteConfiguration $config */ |
|
| 46 | - $config = $this->getSiteConfiguration(); |
|
| 45 | + /** @var SiteConfiguration $config */ |
|
| 46 | + $config = $this->getSiteConfiguration(); |
|
| 47 | 47 | |
| 48 | - $this->assignCSRFToken(); |
|
| 48 | + $this->assignCSRFToken(); |
|
| 49 | 49 | |
| 50 | - $this->assign('queuehelp', $queue->getHelp()); |
|
| 50 | + $this->assign('queuehelp', $queue->getHelp()); |
|
| 51 | 51 | |
| 52 | - // FIXME: domains |
|
| 53 | - $search = RequestSearchHelper::get($database, 1); |
|
| 54 | - $search->byStatus(RequestStatus::OPEN); |
|
| 52 | + // FIXME: domains |
|
| 53 | + $search = RequestSearchHelper::get($database, 1); |
|
| 54 | + $search->byStatus(RequestStatus::OPEN); |
|
| 55 | 55 | |
| 56 | - list($defaultSort, $defaultSortDirection) = WebRequest::requestListDefaultSort(); |
|
| 57 | - $this->assign('defaultSort', $defaultSort); |
|
| 58 | - $this->assign('defaultSortDirection', $defaultSortDirection); |
|
| 56 | + list($defaultSort, $defaultSortDirection) = WebRequest::requestListDefaultSort(); |
|
| 57 | + $this->assign('defaultSort', $defaultSort); |
|
| 58 | + $this->assign('defaultSortDirection', $defaultSortDirection); |
|
| 59 | 59 | |
| 60 | - if ($config->getEmailConfirmationEnabled()) { |
|
| 61 | - $search->withConfirmedEmail(); |
|
| 62 | - } |
|
| 60 | + if ($config->getEmailConfirmationEnabled()) { |
|
| 61 | + $search->withConfirmedEmail(); |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - $queuesById = [$queue->getId() => $queue]; |
|
| 65 | - $requestsByQueue = $search->fetchByQueue(array_keys($queuesById)); |
|
| 66 | - $requestData = $requestsByQueue[$queue->getId()]; |
|
| 64 | + $queuesById = [$queue->getId() => $queue]; |
|
| 65 | + $requestsByQueue = $search->fetchByQueue(array_keys($queuesById)); |
|
| 66 | + $requestData = $requestsByQueue[$queue->getId()]; |
|
| 67 | 67 | |
| 68 | - $this->assign('requests', $this->prepareRequestData($requestData['data'])); |
|
| 69 | - $this->assign('totalRequests', $requestData['count']); |
|
| 70 | - $this->assign('header', $queue->getHeader()); |
|
| 71 | - $this->assign('requestLimitShowOnly', $config->getMiserModeLimit()); |
|
| 68 | + $this->assign('requests', $this->prepareRequestData($requestData['data'])); |
|
| 69 | + $this->assign('totalRequests', $requestData['count']); |
|
| 70 | + $this->assign('header', $queue->getHeader()); |
|
| 71 | + $this->assign('requestLimitShowOnly', $config->getMiserModeLimit()); |
|
| 72 | 72 | |
| 73 | - $this->setHtmlTitle('{$header|escape}{if $totalRequests > 0} [{$totalRequests|escape}]{/if}'); |
|
| 74 | - $this->setTemplate('mainpage/expandedrequestlist.tpl'); |
|
| 75 | - } |
|
| 73 | + $this->setHtmlTitle('{$header|escape}{if $totalRequests > 0} [{$totalRequests|escape}]{/if}'); |
|
| 74 | + $this->setTemplate('mainpage/expandedrequestlist.tpl'); |
|
| 75 | + } |
|
| 76 | 76 | } |
@@ -19,67 +19,67 @@ |
||
| 19 | 19 | |
| 20 | 20 | class PageFlagComment extends InternalPageBase |
| 21 | 21 | { |
| 22 | - /** |
|
| 23 | - * @inheritDoc |
|
| 24 | - */ |
|
| 25 | - protected function main() |
|
| 26 | - { |
|
| 27 | - if (!WebRequest::wasPosted()) { |
|
| 28 | - throw new ApplicationLogicException('This page does not support GET methods.'); |
|
| 29 | - } |
|
| 22 | + /** |
|
| 23 | + * @inheritDoc |
|
| 24 | + */ |
|
| 25 | + protected function main() |
|
| 26 | + { |
|
| 27 | + if (!WebRequest::wasPosted()) { |
|
| 28 | + throw new ApplicationLogicException('This page does not support GET methods.'); |
|
| 29 | + } |
|
| 30 | 30 | |
| 31 | - $this->validateCSRFToken(); |
|
| 31 | + $this->validateCSRFToken(); |
|
| 32 | 32 | |
| 33 | - $flagState = WebRequest::postInt('flag'); |
|
| 34 | - $commentId = WebRequest::postInt('comment'); |
|
| 35 | - $updateVersion = WebRequest::postInt('updateversion'); |
|
| 33 | + $flagState = WebRequest::postInt('flag'); |
|
| 34 | + $commentId = WebRequest::postInt('comment'); |
|
| 35 | + $updateVersion = WebRequest::postInt('updateversion'); |
|
| 36 | 36 | |
| 37 | - if ($flagState !== 0 && $flagState !== 1) { |
|
| 38 | - throw new ApplicationLogicException('Flag status not valid'); |
|
| 39 | - } |
|
| 37 | + if ($flagState !== 0 && $flagState !== 1) { |
|
| 38 | + throw new ApplicationLogicException('Flag status not valid'); |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | - $database = $this->getDatabase(); |
|
| 41 | + $database = $this->getDatabase(); |
|
| 42 | 42 | |
| 43 | - /** @var Comment|false $comment */ |
|
| 44 | - $comment = Comment::getById($commentId, $database); |
|
| 45 | - if ($comment === false) { |
|
| 46 | - throw new ApplicationLogicException('Unknown comment'); |
|
| 47 | - } |
|
| 43 | + /** @var Comment|false $comment */ |
|
| 44 | + $comment = Comment::getById($commentId, $database); |
|
| 45 | + if ($comment === false) { |
|
| 46 | + throw new ApplicationLogicException('Unknown comment'); |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - $currentUser = User::getCurrent($database); |
|
| 49 | + $currentUser = User::getCurrent($database); |
|
| 50 | 50 | |
| 51 | - if ($comment->getFlagged() && !$this->barrierTest('unflag', $currentUser)) { |
|
| 52 | - // user isn't allowed to unflag comments |
|
| 53 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 54 | - } |
|
| 51 | + if ($comment->getFlagged() && !$this->barrierTest('unflag', $currentUser)) { |
|
| 52 | + // user isn't allowed to unflag comments |
|
| 53 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - /** @var Request $request */ |
|
| 57 | - $request = Request::getById($comment->getRequest(), $database); |
|
| 56 | + /** @var Request $request */ |
|
| 57 | + $request = Request::getById($comment->getRequest(), $database); |
|
| 58 | 58 | |
| 59 | - if ($comment->getFlagged() |
|
| 60 | - && !$this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData') |
|
| 61 | - && $request->getReserved() !== $currentUser->getId() |
|
| 62 | - ) { |
|
| 63 | - // can't unflag if you can't see it. |
|
| 64 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 65 | - } |
|
| 59 | + if ($comment->getFlagged() |
|
| 60 | + && !$this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData') |
|
| 61 | + && $request->getReserved() !== $currentUser->getId() |
|
| 62 | + ) { |
|
| 63 | + // can't unflag if you can't see it. |
|
| 64 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - $comment->setFlagged($flagState == 1); |
|
| 68 | - $comment->setUpdateVersion($updateVersion); |
|
| 69 | - $comment->save(); |
|
| 67 | + $comment->setFlagged($flagState == 1); |
|
| 68 | + $comment->setUpdateVersion($updateVersion); |
|
| 69 | + $comment->save(); |
|
| 70 | 70 | |
| 71 | - if ($flagState === 1) { |
|
| 72 | - Logger::flaggedComment($database, $comment, $request->getDomain()); |
|
| 73 | - } |
|
| 74 | - else { |
|
| 75 | - Logger::unflaggedComment($database, $comment, $request->getDomain()); |
|
| 76 | - } |
|
| 71 | + if ($flagState === 1) { |
|
| 72 | + Logger::flaggedComment($database, $comment, $request->getDomain()); |
|
| 73 | + } |
|
| 74 | + else { |
|
| 75 | + Logger::unflaggedComment($database, $comment, $request->getDomain()); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - if (WebRequest::postString('return') == 'list') { |
|
| 79 | - $this->redirect('flaggedComments'); |
|
| 80 | - } |
|
| 81 | - else { |
|
| 82 | - $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]); |
|
| 83 | - } |
|
| 84 | - } |
|
| 78 | + if (WebRequest::postString('return') == 'list') { |
|
| 79 | + $this->redirect('flaggedComments'); |
|
| 80 | + } |
|
| 81 | + else { |
|
| 82 | + $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]); |
|
| 83 | + } |
|
| 84 | + } |
|
| 85 | 85 | } |
| 86 | 86 | \ No newline at end of file |
@@ -70,15 +70,13 @@ |
||
| 70 | 70 | |
| 71 | 71 | if ($flagState === 1) { |
| 72 | 72 | Logger::flaggedComment($database, $comment, $request->getDomain()); |
| 73 | - } |
|
| 74 | - else { |
|
| 73 | + } else { |
|
| 75 | 74 | Logger::unflaggedComment($database, $comment, $request->getDomain()); |
| 76 | 75 | } |
| 77 | 76 | |
| 78 | 77 | if (WebRequest::postString('return') == 'list') { |
| 79 | 78 | $this->redirect('flaggedComments'); |
| 80 | - } |
|
| 81 | - else { |
|
| 79 | + } else { |
|
| 82 | 80 | $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]); |
| 83 | 81 | } |
| 84 | 82 | } |
@@ -17,64 +17,64 @@ |
||
| 17 | 17 | |
| 18 | 18 | class PageLog extends PagedInternalPageBase |
| 19 | 19 | { |
| 20 | - /** |
|
| 21 | - * Main function for this page, when no specific actions are called. |
|
| 22 | - */ |
|
| 23 | - protected function main() |
|
| 24 | - { |
|
| 25 | - $this->setHtmlTitle('Logs'); |
|
| 26 | - |
|
| 27 | - $filterUser = WebRequest::getString('filterUser'); |
|
| 28 | - $filterAction = WebRequest::getString('filterAction'); |
|
| 29 | - $filterObjectType = WebRequest::getString('filterObjectType'); |
|
| 30 | - $filterObjectId = WebRequest::getInt('filterObjectId'); |
|
| 31 | - |
|
| 32 | - $database = $this->getDatabase(); |
|
| 33 | - |
|
| 34 | - if (!array_key_exists($filterObjectType, LogHelper::getObjectTypes())) { |
|
| 35 | - $filterObjectType = null; |
|
| 36 | - } |
|
| 37 | - |
|
| 38 | - $this->addJs("/api.php?action=users&all=true&targetVariable=typeaheaddata"); |
|
| 39 | - |
|
| 40 | - // FIXME: domains |
|
| 41 | - $logSearch = LogSearchHelper::get($database, 1); |
|
| 42 | - |
|
| 43 | - if ($filterUser !== null) { |
|
| 44 | - $userObj = User::getByUsername($filterUser, $database); |
|
| 45 | - if ($userObj !== false) { |
|
| 46 | - $logSearch->byUser($userObj->getId()); |
|
| 47 | - } |
|
| 48 | - else { |
|
| 49 | - $logSearch->byUser(-1); |
|
| 50 | - } |
|
| 51 | - } |
|
| 52 | - if ($filterAction !== null) { |
|
| 53 | - $logSearch->byAction($filterAction); |
|
| 54 | - } |
|
| 55 | - if ($filterObjectType !== null) { |
|
| 56 | - $logSearch->byObjectType($filterObjectType); |
|
| 57 | - } |
|
| 58 | - if ($filterObjectId !== null) { |
|
| 59 | - $logSearch->byObjectId($filterObjectId); |
|
| 60 | - } |
|
| 61 | - |
|
| 62 | - $this->setSearchHelper($logSearch); |
|
| 63 | - $this->setupLimits(); |
|
| 64 | - |
|
| 65 | - /** @var Log[] $logs */ |
|
| 66 | - $logs = $logSearch->getRecordCount($count)->fetch(); |
|
| 67 | - |
|
| 68 | - list($users, $logData) = LogHelper::prepareLogsForTemplate($logs, $database, $this->getSiteConfiguration()); |
|
| 69 | - |
|
| 70 | - $this->setupPageData($count, array('filterUser' => $filterUser, 'filterAction' => $filterAction, 'filterObjectType' => $filterObjectType, 'filterObjectId' => $filterObjectId)); |
|
| 71 | - |
|
| 72 | - $this->assign("logs", $logData); |
|
| 73 | - $this->assign("users", $users); |
|
| 74 | - |
|
| 75 | - $this->assign('allLogActions', LogHelper::getLogActions($this->getDatabase())); |
|
| 76 | - $this->assign('allObjectTypes', LogHelper::getObjectTypes()); |
|
| 77 | - |
|
| 78 | - $this->setTemplate("logs/main.tpl"); |
|
| 79 | - } |
|
| 20 | + /** |
|
| 21 | + * Main function for this page, when no specific actions are called. |
|
| 22 | + */ |
|
| 23 | + protected function main() |
|
| 24 | + { |
|
| 25 | + $this->setHtmlTitle('Logs'); |
|
| 26 | + |
|
| 27 | + $filterUser = WebRequest::getString('filterUser'); |
|
| 28 | + $filterAction = WebRequest::getString('filterAction'); |
|
| 29 | + $filterObjectType = WebRequest::getString('filterObjectType'); |
|
| 30 | + $filterObjectId = WebRequest::getInt('filterObjectId'); |
|
| 31 | + |
|
| 32 | + $database = $this->getDatabase(); |
|
| 33 | + |
|
| 34 | + if (!array_key_exists($filterObjectType, LogHelper::getObjectTypes())) { |
|
| 35 | + $filterObjectType = null; |
|
| 36 | + } |
|
| 37 | + |
|
| 38 | + $this->addJs("/api.php?action=users&all=true&targetVariable=typeaheaddata"); |
|
| 39 | + |
|
| 40 | + // FIXME: domains |
|
| 41 | + $logSearch = LogSearchHelper::get($database, 1); |
|
| 42 | + |
|
| 43 | + if ($filterUser !== null) { |
|
| 44 | + $userObj = User::getByUsername($filterUser, $database); |
|
| 45 | + if ($userObj !== false) { |
|
| 46 | + $logSearch->byUser($userObj->getId()); |
|
| 47 | + } |
|
| 48 | + else { |
|
| 49 | + $logSearch->byUser(-1); |
|
| 50 | + } |
|
| 51 | + } |
|
| 52 | + if ($filterAction !== null) { |
|
| 53 | + $logSearch->byAction($filterAction); |
|
| 54 | + } |
|
| 55 | + if ($filterObjectType !== null) { |
|
| 56 | + $logSearch->byObjectType($filterObjectType); |
|
| 57 | + } |
|
| 58 | + if ($filterObjectId !== null) { |
|
| 59 | + $logSearch->byObjectId($filterObjectId); |
|
| 60 | + } |
|
| 61 | + |
|
| 62 | + $this->setSearchHelper($logSearch); |
|
| 63 | + $this->setupLimits(); |
|
| 64 | + |
|
| 65 | + /** @var Log[] $logs */ |
|
| 66 | + $logs = $logSearch->getRecordCount($count)->fetch(); |
|
| 67 | + |
|
| 68 | + list($users, $logData) = LogHelper::prepareLogsForTemplate($logs, $database, $this->getSiteConfiguration()); |
|
| 69 | + |
|
| 70 | + $this->setupPageData($count, array('filterUser' => $filterUser, 'filterAction' => $filterAction, 'filterObjectType' => $filterObjectType, 'filterObjectId' => $filterObjectId)); |
|
| 71 | + |
|
| 72 | + $this->assign("logs", $logData); |
|
| 73 | + $this->assign("users", $users); |
|
| 74 | + |
|
| 75 | + $this->assign('allLogActions', LogHelper::getLogActions($this->getDatabase())); |
|
| 76 | + $this->assign('allObjectTypes', LogHelper::getObjectTypes()); |
|
| 77 | + |
|
| 78 | + $this->setTemplate("logs/main.tpl"); |
|
| 79 | + } |
|
| 80 | 80 | } |
@@ -44,8 +44,7 @@ |
||
| 44 | 44 | $userObj = User::getByUsername($filterUser, $database); |
| 45 | 45 | if ($userObj !== false) { |
| 46 | 46 | $logSearch->byUser($userObj->getId()); |
| 47 | - } |
|
| 48 | - else { |
|
| 47 | + } else { |
|
| 49 | 48 | $logSearch->byUser(-1); |
| 50 | 49 | } |
| 51 | 50 | } |
@@ -17,112 +17,112 @@ |
||
| 17 | 17 | |
| 18 | 18 | class PageListFlaggedComments extends InternalPageBase |
| 19 | 19 | { |
| 20 | - /** |
|
| 21 | - * @inheritDoc |
|
| 22 | - */ |
|
| 23 | - protected function main() |
|
| 24 | - { |
|
| 25 | - $this->setHtmlTitle('Flagged comments'); |
|
| 26 | - $this->setTemplate('flagged-comments.tpl'); |
|
| 27 | - |
|
| 28 | - $database = $this->getDatabase(); |
|
| 29 | - $this->assignCSRFToken(); |
|
| 30 | - |
|
| 31 | - /** @var Comment[] $commentObjects */ |
|
| 32 | - $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains |
|
| 33 | - $comments = []; |
|
| 34 | - |
|
| 35 | - $currentUser = User::getCurrent($database); |
|
| 36 | - |
|
| 37 | - $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData'); |
|
| 38 | - $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData'); |
|
| 39 | - $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData'); |
|
| 40 | - |
|
| 41 | - foreach ($commentObjects as $object) { |
|
| 42 | - $data = [ |
|
| 43 | - 'visibility' => $object->getVisibility(), |
|
| 44 | - 'hidden' => false, |
|
| 45 | - 'hiddenText' => false, |
|
| 46 | - ]; |
|
| 47 | - |
|
| 48 | - if (!$alwaysSeePrivateData) { |
|
| 49 | - // tl;dr: This is a stupid configuration, but let's account for it anyway. |
|
| 50 | - // |
|
| 51 | - // Flagged comments are treated as private data. If you don't have the privilege |
|
| 52 | - // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here. |
|
| 53 | - // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness |
|
| 54 | - // of this page. Still, we need to handle the case where we have access to this page, but not access |
|
| 55 | - // to private data. |
|
| 56 | - // At the time of writing, this case does not exist in the current role configuration, but for the role |
|
| 57 | - // configuration to be free of assumptions, we need this code. |
|
| 58 | - |
|
| 59 | - /** @var Request $request */ |
|
| 60 | - $request = Request::getById($object->getRequest(), $database); |
|
| 61 | - |
|
| 62 | - if ($request->getReserved() === $currentUser->getId()) { |
|
| 63 | - $data['hiddenText'] = false; |
|
| 64 | - } |
|
| 65 | - else { |
|
| 66 | - $data['hiddenText'] = true; |
|
| 67 | - } |
|
| 68 | - } |
|
| 69 | - |
|
| 70 | - if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') { |
|
| 71 | - $data['hidden'] = false; |
|
| 72 | - } |
|
| 73 | - elseif ($object->getVisibility() == 'admin') { |
|
| 74 | - if ($seeRestrictedComments) { |
|
| 75 | - $data['hidden'] = false; |
|
| 76 | - } |
|
| 77 | - else { |
|
| 78 | - $data['hidden'] = true; |
|
| 79 | - } |
|
| 80 | - } |
|
| 81 | - elseif ($object->getVisibility() == 'checkuser') { |
|
| 82 | - if ($seeCheckuserComments) { |
|
| 83 | - $data['hidden'] = false; |
|
| 84 | - } |
|
| 85 | - else { |
|
| 86 | - $data['hidden'] = true; |
|
| 87 | - } |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - $this->copyCommentData($object, $data, $database); |
|
| 91 | - |
|
| 92 | - $comments[] = $data; |
|
| 93 | - } |
|
| 94 | - |
|
| 95 | - $this->assign('comments', $comments); |
|
| 96 | - $this->assign('seeRestrictedComments', $seeRestrictedComments); |
|
| 97 | - $this->assign('seeCheckuserComments', $seeCheckuserComments); |
|
| 98 | - |
|
| 99 | - $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class)); |
|
| 100 | - $this->assign('editComments', $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageEditComment::class)); |
|
| 101 | - $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageFlagComment::class)); |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void |
|
| 105 | - { |
|
| 106 | - if ($data['hidden']) { |
|
| 107 | - // All details hidden, so don't copy anything. |
|
| 108 | - return; |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - /** @var Request $request */ |
|
| 112 | - $request = Request::getById($object->getRequest(), $database); |
|
| 113 | - |
|
| 114 | - if (!$data['hiddenText']) { |
|
| 115 | - // Comment text is hidden, but presence of the comment is visible. |
|
| 116 | - $data['comment'] = $object->getComment(); |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - $data['id'] = $object->getId(); |
|
| 120 | - $data['updateversion'] = $object->getUpdateVersion(); |
|
| 121 | - $data['time'] = $object->getTime(); |
|
| 122 | - $data['requestid'] = $object->getRequest(); |
|
| 123 | - $data['request'] = $request->getName(); |
|
| 124 | - $data['requeststatus'] = $request->getStatus(); |
|
| 125 | - $data['userid'] = $object->getUser(); |
|
| 126 | - $data['user'] = User::getById($object->getUser(), $database)->getUsername(); |
|
| 127 | - } |
|
| 20 | + /** |
|
| 21 | + * @inheritDoc |
|
| 22 | + */ |
|
| 23 | + protected function main() |
|
| 24 | + { |
|
| 25 | + $this->setHtmlTitle('Flagged comments'); |
|
| 26 | + $this->setTemplate('flagged-comments.tpl'); |
|
| 27 | + |
|
| 28 | + $database = $this->getDatabase(); |
|
| 29 | + $this->assignCSRFToken(); |
|
| 30 | + |
|
| 31 | + /** @var Comment[] $commentObjects */ |
|
| 32 | + $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains |
|
| 33 | + $comments = []; |
|
| 34 | + |
|
| 35 | + $currentUser = User::getCurrent($database); |
|
| 36 | + |
|
| 37 | + $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData'); |
|
| 38 | + $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData'); |
|
| 39 | + $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData'); |
|
| 40 | + |
|
| 41 | + foreach ($commentObjects as $object) { |
|
| 42 | + $data = [ |
|
| 43 | + 'visibility' => $object->getVisibility(), |
|
| 44 | + 'hidden' => false, |
|
| 45 | + 'hiddenText' => false, |
|
| 46 | + ]; |
|
| 47 | + |
|
| 48 | + if (!$alwaysSeePrivateData) { |
|
| 49 | + // tl;dr: This is a stupid configuration, but let's account for it anyway. |
|
| 50 | + // |
|
| 51 | + // Flagged comments are treated as private data. If you don't have the privilege |
|
| 52 | + // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here. |
|
| 53 | + // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness |
|
| 54 | + // of this page. Still, we need to handle the case where we have access to this page, but not access |
|
| 55 | + // to private data. |
|
| 56 | + // At the time of writing, this case does not exist in the current role configuration, but for the role |
|
| 57 | + // configuration to be free of assumptions, we need this code. |
|
| 58 | + |
|
| 59 | + /** @var Request $request */ |
|
| 60 | + $request = Request::getById($object->getRequest(), $database); |
|
| 61 | + |
|
| 62 | + if ($request->getReserved() === $currentUser->getId()) { |
|
| 63 | + $data['hiddenText'] = false; |
|
| 64 | + } |
|
| 65 | + else { |
|
| 66 | + $data['hiddenText'] = true; |
|
| 67 | + } |
|
| 68 | + } |
|
| 69 | + |
|
| 70 | + if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') { |
|
| 71 | + $data['hidden'] = false; |
|
| 72 | + } |
|
| 73 | + elseif ($object->getVisibility() == 'admin') { |
|
| 74 | + if ($seeRestrictedComments) { |
|
| 75 | + $data['hidden'] = false; |
|
| 76 | + } |
|
| 77 | + else { |
|
| 78 | + $data['hidden'] = true; |
|
| 79 | + } |
|
| 80 | + } |
|
| 81 | + elseif ($object->getVisibility() == 'checkuser') { |
|
| 82 | + if ($seeCheckuserComments) { |
|
| 83 | + $data['hidden'] = false; |
|
| 84 | + } |
|
| 85 | + else { |
|
| 86 | + $data['hidden'] = true; |
|
| 87 | + } |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + $this->copyCommentData($object, $data, $database); |
|
| 91 | + |
|
| 92 | + $comments[] = $data; |
|
| 93 | + } |
|
| 94 | + |
|
| 95 | + $this->assign('comments', $comments); |
|
| 96 | + $this->assign('seeRestrictedComments', $seeRestrictedComments); |
|
| 97 | + $this->assign('seeCheckuserComments', $seeCheckuserComments); |
|
| 98 | + |
|
| 99 | + $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class)); |
|
| 100 | + $this->assign('editComments', $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageEditComment::class)); |
|
| 101 | + $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageFlagComment::class)); |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void |
|
| 105 | + { |
|
| 106 | + if ($data['hidden']) { |
|
| 107 | + // All details hidden, so don't copy anything. |
|
| 108 | + return; |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + /** @var Request $request */ |
|
| 112 | + $request = Request::getById($object->getRequest(), $database); |
|
| 113 | + |
|
| 114 | + if (!$data['hiddenText']) { |
|
| 115 | + // Comment text is hidden, but presence of the comment is visible. |
|
| 116 | + $data['comment'] = $object->getComment(); |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + $data['id'] = $object->getId(); |
|
| 120 | + $data['updateversion'] = $object->getUpdateVersion(); |
|
| 121 | + $data['time'] = $object->getTime(); |
|
| 122 | + $data['requestid'] = $object->getRequest(); |
|
| 123 | + $data['request'] = $request->getName(); |
|
| 124 | + $data['requeststatus'] = $request->getStatus(); |
|
| 125 | + $data['userid'] = $object->getUser(); |
|
| 126 | + $data['user'] = User::getById($object->getUser(), $database)->getUsername(); |
|
| 127 | + } |
|
| 128 | 128 | } |
| 129 | 129 | \ No newline at end of file |
@@ -61,28 +61,23 @@ |
||
| 61 | 61 | |
| 62 | 62 | if ($request->getReserved() === $currentUser->getId()) { |
| 63 | 63 | $data['hiddenText'] = false; |
| 64 | - } |
|
| 65 | - else { |
|
| 64 | + } else { |
|
| 66 | 65 | $data['hiddenText'] = true; |
| 67 | 66 | } |
| 68 | 67 | } |
| 69 | 68 | |
| 70 | 69 | if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') { |
| 71 | 70 | $data['hidden'] = false; |
| 72 | - } |
|
| 73 | - elseif ($object->getVisibility() == 'admin') { |
|
| 71 | + } elseif ($object->getVisibility() == 'admin') { |
|
| 74 | 72 | if ($seeRestrictedComments) { |
| 75 | 73 | $data['hidden'] = false; |
| 76 | - } |
|
| 77 | - else { |
|
| 74 | + } else { |
|
| 78 | 75 | $data['hidden'] = true; |
| 79 | 76 | } |
| 80 | - } |
|
| 81 | - elseif ($object->getVisibility() == 'checkuser') { |
|
| 77 | + } elseif ($object->getVisibility() == 'checkuser') { |
|
| 82 | 78 | if ($seeCheckuserComments) { |
| 83 | 79 | $data['hidden'] = false; |
| 84 | - } |
|
| 85 | - else { |
|
| 80 | + } else { |
|
| 86 | 81 | $data['hidden'] = true; |
| 87 | 82 | } |
| 88 | 83 | } |
@@ -22,292 +22,292 @@ |
||
| 22 | 22 | |
| 23 | 23 | class PageRequestFormManagement extends InternalPageBase |
| 24 | 24 | { |
| 25 | - protected function main() |
|
| 26 | - { |
|
| 27 | - $this->setHtmlTitle('Request Form Management'); |
|
| 28 | - |
|
| 29 | - $database = $this->getDatabase(); |
|
| 30 | - $domainId = Domain::getCurrent($database)->getId(); |
|
| 31 | - $forms = RequestForm::getAllForms($database, $domainId); |
|
| 32 | - $this->assign('forms', $forms); |
|
| 33 | - |
|
| 34 | - $queues = []; |
|
| 35 | - foreach ($forms as $f) { |
|
| 36 | - $queueId = $f->getOverrideQueue(); |
|
| 37 | - if ($queueId !== null) { |
|
| 38 | - if (!isset($queues[$queueId])) { |
|
| 39 | - /** @var RequestQueue $queue */ |
|
| 40 | - $queue = RequestQueue::getById($queueId, $this->getDatabase()); |
|
| 41 | - |
|
| 42 | - if ($queue->getDomain() == $domainId) { |
|
| 43 | - $queues[$queueId] = $queue; |
|
| 44 | - } |
|
| 45 | - } |
|
| 46 | - } |
|
| 47 | - } |
|
| 48 | - |
|
| 49 | - $this->assign('queues', $queues); |
|
| 50 | - |
|
| 51 | - $user = User::getCurrent($database); |
|
| 52 | - $this->assign('canCreate', $this->barrierTest('create', $user)); |
|
| 53 | - $this->assign('canEdit', $this->barrierTest('edit', $user)); |
|
| 54 | - $this->assign('canView', $this->barrierTest('view', $user)); |
|
| 55 | - |
|
| 56 | - $this->setTemplate('form-management/main.tpl'); |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - protected function preview() { |
|
| 60 | - $previewContent = WebRequest::getSessionContext('preview'); |
|
| 61 | - |
|
| 62 | - $renderer = new MarkdownRenderingHelper(); |
|
| 63 | - $this->assign('renderedContent', $renderer->doRender($previewContent['main'])); |
|
| 64 | - $this->assign('username', $renderer->doRenderInline($previewContent['username'])); |
|
| 65 | - $this->assign('email', $renderer->doRenderInline($previewContent['email'])); |
|
| 66 | - $this->assign('comment', $renderer->doRenderInline($previewContent['comment'])); |
|
| 67 | - |
|
| 68 | - $this->setTemplate('form-management/preview.tpl'); |
|
| 69 | - } |
|
| 70 | - |
|
| 71 | - protected function create() |
|
| 72 | - { |
|
| 73 | - if (WebRequest::wasPosted()) { |
|
| 74 | - $this->validateCSRFToken(); |
|
| 75 | - $database = $this->getDatabase(); |
|
| 76 | - $domainId = Domain::getCurrent($database)->getId(); |
|
| 77 | - |
|
| 78 | - $form = new RequestForm(); |
|
| 79 | - |
|
| 80 | - $form->setDatabase($database); |
|
| 81 | - $form->setDomain($domainId); |
|
| 82 | - |
|
| 83 | - $this->setupObjectFromPost($form); |
|
| 84 | - $form->setPublicEndpoint(WebRequest::postString('endpoint')); |
|
| 85 | - |
|
| 86 | - if (WebRequest::postString("preview") === "preview") { |
|
| 87 | - $this->populateFromObject($form); |
|
| 88 | - |
|
| 89 | - WebRequest::setSessionContext('preview', [ |
|
| 90 | - 'main' => $form->getFormContent(), |
|
| 91 | - 'username' => $form->getUsernameHelp(), |
|
| 92 | - 'email' => $form->getEmailHelp(), |
|
| 93 | - 'comment' => $form->getCommentHelp(), |
|
| 94 | - ]); |
|
| 95 | - |
|
| 96 | - $this->assign('createMode', true); |
|
| 97 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 98 | - |
|
| 99 | - return; |
|
| 100 | - } |
|
| 101 | - |
|
| 102 | - $proceed = true; |
|
| 103 | - |
|
| 104 | - if (RequestForm::getByPublicEndpoint($database, $form->getPublicEndpoint(), $domainId) !== false) { |
|
| 105 | - SessionAlert::error("The chosen public endpoint is already in use. Please choose another."); |
|
| 106 | - $proceed = false; |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - if (preg_match('/^[A-Za-z][a-zA-Z0-9-]*$/', $form->getPublicEndpoint()) !== 1) { |
|
| 110 | - SessionAlert::error("The chosen public endpoint contains invalid characters"); |
|
| 111 | - $proceed = false; |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - if (RequestForm::getByName($database, $form->getName(), $domainId) !== false) { |
|
| 115 | - SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 116 | - $proceed = false; |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - if ($form->getOverrideQueue() !== null) { |
|
| 120 | - /** @var RequestQueue|bool $queue */ |
|
| 121 | - $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 122 | - if ($queue === false || $queue->getDomain() !== $domainId || !$queue->isEnabled()) { |
|
| 123 | - SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 124 | - $proceed = false; |
|
| 125 | - } |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - if ($proceed) { |
|
| 129 | - $form->save(); |
|
| 130 | - Logger::requestFormCreated($database, $form); |
|
| 131 | - $this->redirect('requestFormManagement'); |
|
| 132 | - } |
|
| 133 | - else { |
|
| 134 | - $this->populateFromObject($form); |
|
| 135 | - WebRequest::setSessionContext('preview', [ |
|
| 136 | - 'main' => $form->getFormContent(), |
|
| 137 | - 'username' => $form->getUsernameHelp(), |
|
| 138 | - 'email' => $form->getEmailHelp(), |
|
| 139 | - 'comment' => $form->getCommentHelp(), |
|
| 140 | - ]); |
|
| 141 | - |
|
| 142 | - $this->assign('createMode', true); |
|
| 143 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 144 | - } |
|
| 145 | - } |
|
| 146 | - else { |
|
| 147 | - $this->populateFromObject(new RequestForm()); |
|
| 148 | - WebRequest::setSessionContext('preview', null); |
|
| 149 | - $this->assign('hidePreview', true); |
|
| 150 | - |
|
| 151 | - $this->assignCSRFToken(); |
|
| 152 | - $this->assign('createMode', true); |
|
| 153 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 154 | - } |
|
| 155 | - } |
|
| 156 | - |
|
| 157 | - protected function view() |
|
| 158 | - { |
|
| 159 | - $database = $this->getDatabase(); |
|
| 160 | - |
|
| 161 | - /** @var RequestForm $form */ |
|
| 162 | - $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 163 | - |
|
| 164 | - if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 165 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 166 | - } |
|
| 167 | - |
|
| 168 | - $this->populateFromObject($form); |
|
| 169 | - |
|
| 170 | - if ($form->getOverrideQueue() !== null) { |
|
| 171 | - $this->assign('queueObject', RequestQueue::getById($form->getOverrideQueue(), $database)); |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - WebRequest::setSessionContext('preview', [ |
|
| 175 | - 'main' => $form->getFormContent(), |
|
| 176 | - 'username' => $form->getUsernameHelp(), |
|
| 177 | - 'email' => $form->getEmailHelp(), |
|
| 178 | - 'comment' => $form->getCommentHelp(), |
|
| 179 | - ]); |
|
| 180 | - |
|
| 181 | - $renderer = new MarkdownRenderingHelper(); |
|
| 182 | - $this->assign('renderedContent', $renderer->doRender($form->getFormContent())); |
|
| 183 | - |
|
| 184 | - $this->setTemplate('form-management/view.tpl'); |
|
| 185 | - } |
|
| 186 | - |
|
| 187 | - protected function edit() |
|
| 188 | - { |
|
| 189 | - $database = $this->getDatabase(); |
|
| 190 | - |
|
| 191 | - /** @var RequestForm $form */ |
|
| 192 | - $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 193 | - |
|
| 194 | - if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 195 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 196 | - } |
|
| 197 | - |
|
| 198 | - if (WebRequest::wasPosted()) { |
|
| 199 | - $this->validateCSRFToken(); |
|
| 200 | - |
|
| 201 | - $this->setupObjectFromPost($form); |
|
| 202 | - |
|
| 203 | - if (WebRequest::postString("preview") === "preview") { |
|
| 204 | - $this->populateFromObject($form); |
|
| 205 | - |
|
| 206 | - WebRequest::setSessionContext('preview', [ |
|
| 207 | - 'main' => $form->getFormContent(), |
|
| 208 | - 'username' => $form->getUsernameHelp(), |
|
| 209 | - 'email' => $form->getEmailHelp(), |
|
| 210 | - 'comment' => $form->getCommentHelp(), |
|
| 211 | - ]); |
|
| 212 | - |
|
| 213 | - $this->assign('createMode', false); |
|
| 214 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 215 | - |
|
| 216 | - return; |
|
| 217 | - } |
|
| 218 | - |
|
| 219 | - $proceed = true; |
|
| 220 | - |
|
| 221 | - $foundForm = RequestForm::getByName($database, $form->getName(), $form->getDomain()); |
|
| 222 | - if ($foundForm !== false && $foundForm->getId() !== $form->getId()) { |
|
| 223 | - SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 224 | - $proceed = false; |
|
| 225 | - } |
|
| 226 | - |
|
| 227 | - if ($form->getOverrideQueue() !== null) { |
|
| 228 | - /** @var RequestQueue $queue */ |
|
| 229 | - $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 230 | - if ($queue === false || $queue->getDomain() !== $form->getDomain() || !$queue->isEnabled()) { |
|
| 231 | - SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 232 | - $proceed = false; |
|
| 233 | - } |
|
| 234 | - } |
|
| 235 | - |
|
| 236 | - if ($proceed) { |
|
| 237 | - Logger::requestFormEdited($database, $form); |
|
| 238 | - $form->save(); |
|
| 239 | - $this->redirect('requestFormManagement'); |
|
| 240 | - } |
|
| 241 | - else { |
|
| 242 | - $this->populateFromObject($form); |
|
| 243 | - WebRequest::setSessionContext('preview', [ |
|
| 244 | - 'main' => $form->getFormContent(), |
|
| 245 | - 'username' => $form->getUsernameHelp(), |
|
| 246 | - 'email' => $form->getEmailHelp(), |
|
| 247 | - 'comment' => $form->getCommentHelp(), |
|
| 248 | - ]); |
|
| 249 | - |
|
| 250 | - $this->assign('createMode', false); |
|
| 251 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 252 | - } |
|
| 253 | - } |
|
| 254 | - else { |
|
| 255 | - $this->populateFromObject($form); |
|
| 256 | - WebRequest::setSessionContext('preview', [ |
|
| 257 | - 'main' => $form->getFormContent(), |
|
| 258 | - 'username' => $form->getUsernameHelp(), |
|
| 259 | - 'email' => $form->getEmailHelp(), |
|
| 260 | - 'comment' => $form->getCommentHelp(), |
|
| 261 | - ]); |
|
| 262 | - |
|
| 263 | - $this->assign('createMode', false); |
|
| 264 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 265 | - } |
|
| 266 | - } |
|
| 267 | - |
|
| 268 | - /** |
|
| 269 | - * @param RequestForm $form |
|
| 270 | - */ |
|
| 271 | - protected function populateFromObject(RequestForm $form): void |
|
| 272 | - { |
|
| 273 | - $this->assignCSRFToken(); |
|
| 274 | - |
|
| 275 | - $this->assign('name', $form->getName()); |
|
| 276 | - $this->assign('enabled', $form->isEnabled()); |
|
| 277 | - $this->assign('endpoint', $form->getPublicEndpoint()); |
|
| 278 | - $this->assign('queue', $form->getOverrideQueue()); |
|
| 279 | - $this->assign('content', $form->getFormContent()); |
|
| 280 | - $this->assign('username', $form->getUsernameHelp()); |
|
| 281 | - $this->assign('email', $form->getEmailHelp()); |
|
| 282 | - $this->assign('comment', $form->getCommentHelp()); |
|
| 283 | - |
|
| 284 | - $this->assign('domain', $form->getDomainObject()); |
|
| 285 | - |
|
| 286 | - $this->assign('availableQueues', RequestQueue::getEnabledQueues($this->getDatabase())); |
|
| 287 | - } |
|
| 288 | - |
|
| 289 | - /** |
|
| 290 | - * @param RequestForm $form |
|
| 291 | - * |
|
| 292 | - * @return void |
|
| 293 | - * @throws ApplicationLogicException |
|
| 294 | - */ |
|
| 295 | - protected function setupObjectFromPost(RequestForm $form): void |
|
| 296 | - { |
|
| 297 | - if (WebRequest::postString('content') === null |
|
| 298 | - || WebRequest::postString('username') === null |
|
| 299 | - || WebRequest::postString('email') === null |
|
| 300 | - || WebRequest::postString('comment') === null |
|
| 301 | - ) { |
|
| 302 | - throw new ApplicationLogicException("Form content, username help, email help, and comment help are all required fields."); |
|
| 303 | - } |
|
| 304 | - |
|
| 305 | - $form->setName(WebRequest::postString('name')); |
|
| 306 | - $form->setEnabled(WebRequest::postBoolean('enabled')); |
|
| 307 | - $form->setFormContent(WebRequest::postString('content')); |
|
| 308 | - $form->setOverrideQueue(WebRequest::postInt('queue')); |
|
| 309 | - $form->setUsernameHelp(WebRequest::postString('username')); |
|
| 310 | - $form->setEmailHelp(WebRequest::postString('email')); |
|
| 311 | - $form->setCommentHelp(WebRequest::postString('comment')); |
|
| 312 | - } |
|
| 25 | + protected function main() |
|
| 26 | + { |
|
| 27 | + $this->setHtmlTitle('Request Form Management'); |
|
| 28 | + |
|
| 29 | + $database = $this->getDatabase(); |
|
| 30 | + $domainId = Domain::getCurrent($database)->getId(); |
|
| 31 | + $forms = RequestForm::getAllForms($database, $domainId); |
|
| 32 | + $this->assign('forms', $forms); |
|
| 33 | + |
|
| 34 | + $queues = []; |
|
| 35 | + foreach ($forms as $f) { |
|
| 36 | + $queueId = $f->getOverrideQueue(); |
|
| 37 | + if ($queueId !== null) { |
|
| 38 | + if (!isset($queues[$queueId])) { |
|
| 39 | + /** @var RequestQueue $queue */ |
|
| 40 | + $queue = RequestQueue::getById($queueId, $this->getDatabase()); |
|
| 41 | + |
|
| 42 | + if ($queue->getDomain() == $domainId) { |
|
| 43 | + $queues[$queueId] = $queue; |
|
| 44 | + } |
|
| 45 | + } |
|
| 46 | + } |
|
| 47 | + } |
|
| 48 | + |
|
| 49 | + $this->assign('queues', $queues); |
|
| 50 | + |
|
| 51 | + $user = User::getCurrent($database); |
|
| 52 | + $this->assign('canCreate', $this->barrierTest('create', $user)); |
|
| 53 | + $this->assign('canEdit', $this->barrierTest('edit', $user)); |
|
| 54 | + $this->assign('canView', $this->barrierTest('view', $user)); |
|
| 55 | + |
|
| 56 | + $this->setTemplate('form-management/main.tpl'); |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + protected function preview() { |
|
| 60 | + $previewContent = WebRequest::getSessionContext('preview'); |
|
| 61 | + |
|
| 62 | + $renderer = new MarkdownRenderingHelper(); |
|
| 63 | + $this->assign('renderedContent', $renderer->doRender($previewContent['main'])); |
|
| 64 | + $this->assign('username', $renderer->doRenderInline($previewContent['username'])); |
|
| 65 | + $this->assign('email', $renderer->doRenderInline($previewContent['email'])); |
|
| 66 | + $this->assign('comment', $renderer->doRenderInline($previewContent['comment'])); |
|
| 67 | + |
|
| 68 | + $this->setTemplate('form-management/preview.tpl'); |
|
| 69 | + } |
|
| 70 | + |
|
| 71 | + protected function create() |
|
| 72 | + { |
|
| 73 | + if (WebRequest::wasPosted()) { |
|
| 74 | + $this->validateCSRFToken(); |
|
| 75 | + $database = $this->getDatabase(); |
|
| 76 | + $domainId = Domain::getCurrent($database)->getId(); |
|
| 77 | + |
|
| 78 | + $form = new RequestForm(); |
|
| 79 | + |
|
| 80 | + $form->setDatabase($database); |
|
| 81 | + $form->setDomain($domainId); |
|
| 82 | + |
|
| 83 | + $this->setupObjectFromPost($form); |
|
| 84 | + $form->setPublicEndpoint(WebRequest::postString('endpoint')); |
|
| 85 | + |
|
| 86 | + if (WebRequest::postString("preview") === "preview") { |
|
| 87 | + $this->populateFromObject($form); |
|
| 88 | + |
|
| 89 | + WebRequest::setSessionContext('preview', [ |
|
| 90 | + 'main' => $form->getFormContent(), |
|
| 91 | + 'username' => $form->getUsernameHelp(), |
|
| 92 | + 'email' => $form->getEmailHelp(), |
|
| 93 | + 'comment' => $form->getCommentHelp(), |
|
| 94 | + ]); |
|
| 95 | + |
|
| 96 | + $this->assign('createMode', true); |
|
| 97 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 98 | + |
|
| 99 | + return; |
|
| 100 | + } |
|
| 101 | + |
|
| 102 | + $proceed = true; |
|
| 103 | + |
|
| 104 | + if (RequestForm::getByPublicEndpoint($database, $form->getPublicEndpoint(), $domainId) !== false) { |
|
| 105 | + SessionAlert::error("The chosen public endpoint is already in use. Please choose another."); |
|
| 106 | + $proceed = false; |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + if (preg_match('/^[A-Za-z][a-zA-Z0-9-]*$/', $form->getPublicEndpoint()) !== 1) { |
|
| 110 | + SessionAlert::error("The chosen public endpoint contains invalid characters"); |
|
| 111 | + $proceed = false; |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + if (RequestForm::getByName($database, $form->getName(), $domainId) !== false) { |
|
| 115 | + SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 116 | + $proceed = false; |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + if ($form->getOverrideQueue() !== null) { |
|
| 120 | + /** @var RequestQueue|bool $queue */ |
|
| 121 | + $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 122 | + if ($queue === false || $queue->getDomain() !== $domainId || !$queue->isEnabled()) { |
|
| 123 | + SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 124 | + $proceed = false; |
|
| 125 | + } |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + if ($proceed) { |
|
| 129 | + $form->save(); |
|
| 130 | + Logger::requestFormCreated($database, $form); |
|
| 131 | + $this->redirect('requestFormManagement'); |
|
| 132 | + } |
|
| 133 | + else { |
|
| 134 | + $this->populateFromObject($form); |
|
| 135 | + WebRequest::setSessionContext('preview', [ |
|
| 136 | + 'main' => $form->getFormContent(), |
|
| 137 | + 'username' => $form->getUsernameHelp(), |
|
| 138 | + 'email' => $form->getEmailHelp(), |
|
| 139 | + 'comment' => $form->getCommentHelp(), |
|
| 140 | + ]); |
|
| 141 | + |
|
| 142 | + $this->assign('createMode', true); |
|
| 143 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 144 | + } |
|
| 145 | + } |
|
| 146 | + else { |
|
| 147 | + $this->populateFromObject(new RequestForm()); |
|
| 148 | + WebRequest::setSessionContext('preview', null); |
|
| 149 | + $this->assign('hidePreview', true); |
|
| 150 | + |
|
| 151 | + $this->assignCSRFToken(); |
|
| 152 | + $this->assign('createMode', true); |
|
| 153 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 154 | + } |
|
| 155 | + } |
|
| 156 | + |
|
| 157 | + protected function view() |
|
| 158 | + { |
|
| 159 | + $database = $this->getDatabase(); |
|
| 160 | + |
|
| 161 | + /** @var RequestForm $form */ |
|
| 162 | + $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 163 | + |
|
| 164 | + if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 165 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 166 | + } |
|
| 167 | + |
|
| 168 | + $this->populateFromObject($form); |
|
| 169 | + |
|
| 170 | + if ($form->getOverrideQueue() !== null) { |
|
| 171 | + $this->assign('queueObject', RequestQueue::getById($form->getOverrideQueue(), $database)); |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + WebRequest::setSessionContext('preview', [ |
|
| 175 | + 'main' => $form->getFormContent(), |
|
| 176 | + 'username' => $form->getUsernameHelp(), |
|
| 177 | + 'email' => $form->getEmailHelp(), |
|
| 178 | + 'comment' => $form->getCommentHelp(), |
|
| 179 | + ]); |
|
| 180 | + |
|
| 181 | + $renderer = new MarkdownRenderingHelper(); |
|
| 182 | + $this->assign('renderedContent', $renderer->doRender($form->getFormContent())); |
|
| 183 | + |
|
| 184 | + $this->setTemplate('form-management/view.tpl'); |
|
| 185 | + } |
|
| 186 | + |
|
| 187 | + protected function edit() |
|
| 188 | + { |
|
| 189 | + $database = $this->getDatabase(); |
|
| 190 | + |
|
| 191 | + /** @var RequestForm $form */ |
|
| 192 | + $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 193 | + |
|
| 194 | + if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 195 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 196 | + } |
|
| 197 | + |
|
| 198 | + if (WebRequest::wasPosted()) { |
|
| 199 | + $this->validateCSRFToken(); |
|
| 200 | + |
|
| 201 | + $this->setupObjectFromPost($form); |
|
| 202 | + |
|
| 203 | + if (WebRequest::postString("preview") === "preview") { |
|
| 204 | + $this->populateFromObject($form); |
|
| 205 | + |
|
| 206 | + WebRequest::setSessionContext('preview', [ |
|
| 207 | + 'main' => $form->getFormContent(), |
|
| 208 | + 'username' => $form->getUsernameHelp(), |
|
| 209 | + 'email' => $form->getEmailHelp(), |
|
| 210 | + 'comment' => $form->getCommentHelp(), |
|
| 211 | + ]); |
|
| 212 | + |
|
| 213 | + $this->assign('createMode', false); |
|
| 214 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 215 | + |
|
| 216 | + return; |
|
| 217 | + } |
|
| 218 | + |
|
| 219 | + $proceed = true; |
|
| 220 | + |
|
| 221 | + $foundForm = RequestForm::getByName($database, $form->getName(), $form->getDomain()); |
|
| 222 | + if ($foundForm !== false && $foundForm->getId() !== $form->getId()) { |
|
| 223 | + SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 224 | + $proceed = false; |
|
| 225 | + } |
|
| 226 | + |
|
| 227 | + if ($form->getOverrideQueue() !== null) { |
|
| 228 | + /** @var RequestQueue $queue */ |
|
| 229 | + $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 230 | + if ($queue === false || $queue->getDomain() !== $form->getDomain() || !$queue->isEnabled()) { |
|
| 231 | + SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 232 | + $proceed = false; |
|
| 233 | + } |
|
| 234 | + } |
|
| 235 | + |
|
| 236 | + if ($proceed) { |
|
| 237 | + Logger::requestFormEdited($database, $form); |
|
| 238 | + $form->save(); |
|
| 239 | + $this->redirect('requestFormManagement'); |
|
| 240 | + } |
|
| 241 | + else { |
|
| 242 | + $this->populateFromObject($form); |
|
| 243 | + WebRequest::setSessionContext('preview', [ |
|
| 244 | + 'main' => $form->getFormContent(), |
|
| 245 | + 'username' => $form->getUsernameHelp(), |
|
| 246 | + 'email' => $form->getEmailHelp(), |
|
| 247 | + 'comment' => $form->getCommentHelp(), |
|
| 248 | + ]); |
|
| 249 | + |
|
| 250 | + $this->assign('createMode', false); |
|
| 251 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 252 | + } |
|
| 253 | + } |
|
| 254 | + else { |
|
| 255 | + $this->populateFromObject($form); |
|
| 256 | + WebRequest::setSessionContext('preview', [ |
|
| 257 | + 'main' => $form->getFormContent(), |
|
| 258 | + 'username' => $form->getUsernameHelp(), |
|
| 259 | + 'email' => $form->getEmailHelp(), |
|
| 260 | + 'comment' => $form->getCommentHelp(), |
|
| 261 | + ]); |
|
| 262 | + |
|
| 263 | + $this->assign('createMode', false); |
|
| 264 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 265 | + } |
|
| 266 | + } |
|
| 267 | + |
|
| 268 | + /** |
|
| 269 | + * @param RequestForm $form |
|
| 270 | + */ |
|
| 271 | + protected function populateFromObject(RequestForm $form): void |
|
| 272 | + { |
|
| 273 | + $this->assignCSRFToken(); |
|
| 274 | + |
|
| 275 | + $this->assign('name', $form->getName()); |
|
| 276 | + $this->assign('enabled', $form->isEnabled()); |
|
| 277 | + $this->assign('endpoint', $form->getPublicEndpoint()); |
|
| 278 | + $this->assign('queue', $form->getOverrideQueue()); |
|
| 279 | + $this->assign('content', $form->getFormContent()); |
|
| 280 | + $this->assign('username', $form->getUsernameHelp()); |
|
| 281 | + $this->assign('email', $form->getEmailHelp()); |
|
| 282 | + $this->assign('comment', $form->getCommentHelp()); |
|
| 283 | + |
|
| 284 | + $this->assign('domain', $form->getDomainObject()); |
|
| 285 | + |
|
| 286 | + $this->assign('availableQueues', RequestQueue::getEnabledQueues($this->getDatabase())); |
|
| 287 | + } |
|
| 288 | + |
|
| 289 | + /** |
|
| 290 | + * @param RequestForm $form |
|
| 291 | + * |
|
| 292 | + * @return void |
|
| 293 | + * @throws ApplicationLogicException |
|
| 294 | + */ |
|
| 295 | + protected function setupObjectFromPost(RequestForm $form): void |
|
| 296 | + { |
|
| 297 | + if (WebRequest::postString('content') === null |
|
| 298 | + || WebRequest::postString('username') === null |
|
| 299 | + || WebRequest::postString('email') === null |
|
| 300 | + || WebRequest::postString('comment') === null |
|
| 301 | + ) { |
|
| 302 | + throw new ApplicationLogicException("Form content, username help, email help, and comment help are all required fields."); |
|
| 303 | + } |
|
| 304 | + |
|
| 305 | + $form->setName(WebRequest::postString('name')); |
|
| 306 | + $form->setEnabled(WebRequest::postBoolean('enabled')); |
|
| 307 | + $form->setFormContent(WebRequest::postString('content')); |
|
| 308 | + $form->setOverrideQueue(WebRequest::postInt('queue')); |
|
| 309 | + $form->setUsernameHelp(WebRequest::postString('username')); |
|
| 310 | + $form->setEmailHelp(WebRequest::postString('email')); |
|
| 311 | + $form->setCommentHelp(WebRequest::postString('comment')); |
|
| 312 | + } |
|
| 313 | 313 | } |
@@ -56,7 +56,8 @@ discard block |
||
| 56 | 56 | $this->setTemplate('form-management/main.tpl'); |
| 57 | 57 | } |
| 58 | 58 | |
| 59 | - protected function preview() { |
|
| 59 | + protected function preview() |
|
| 60 | + { |
|
| 60 | 61 | $previewContent = WebRequest::getSessionContext('preview'); |
| 61 | 62 | |
| 62 | 63 | $renderer = new MarkdownRenderingHelper(); |
@@ -129,8 +130,7 @@ discard block |
||
| 129 | 130 | $form->save(); |
| 130 | 131 | Logger::requestFormCreated($database, $form); |
| 131 | 132 | $this->redirect('requestFormManagement'); |
| 132 | - } |
|
| 133 | - else { |
|
| 133 | + } else { |
|
| 134 | 134 | $this->populateFromObject($form); |
| 135 | 135 | WebRequest::setSessionContext('preview', [ |
| 136 | 136 | 'main' => $form->getFormContent(), |
@@ -142,8 +142,7 @@ discard block |
||
| 142 | 142 | $this->assign('createMode', true); |
| 143 | 143 | $this->setTemplate('form-management/edit.tpl'); |
| 144 | 144 | } |
| 145 | - } |
|
| 146 | - else { |
|
| 145 | + } else { |
|
| 147 | 146 | $this->populateFromObject(new RequestForm()); |
| 148 | 147 | WebRequest::setSessionContext('preview', null); |
| 149 | 148 | $this->assign('hidePreview', true); |
@@ -237,8 +236,7 @@ discard block |
||
| 237 | 236 | Logger::requestFormEdited($database, $form); |
| 238 | 237 | $form->save(); |
| 239 | 238 | $this->redirect('requestFormManagement'); |
| 240 | - } |
|
| 241 | - else { |
|
| 239 | + } else { |
|
| 242 | 240 | $this->populateFromObject($form); |
| 243 | 241 | WebRequest::setSessionContext('preview', [ |
| 244 | 242 | 'main' => $form->getFormContent(), |
@@ -250,8 +248,7 @@ discard block |
||
| 250 | 248 | $this->assign('createMode', false); |
| 251 | 249 | $this->setTemplate('form-management/edit.tpl'); |
| 252 | 250 | } |
| 253 | - } |
|
| 254 | - else { |
|
| 251 | + } else { |
|
| 255 | 252 | $this->populateFromObject($form); |
| 256 | 253 | WebRequest::setSessionContext('preview', [ |
| 257 | 254 | 'main' => $form->getFormContent(), |
@@ -13,31 +13,31 @@ |
||
| 13 | 13 | |
| 14 | 14 | class PagePasswordLogin extends LoginCredentialPageBase |
| 15 | 15 | { |
| 16 | - protected function providerSpecificSetup() |
|
| 17 | - { |
|
| 18 | - list($partialId, $partialStage) = WebRequest::getAuthPartialLogin(); |
|
| 19 | - |
|
| 20 | - if ($partialId !== null && $partialStage > 1) { |
|
| 21 | - $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority'; |
|
| 22 | - $statement = $this->getDatabase()->prepare($sql); |
|
| 23 | - $statement->execute(array(':user' => $partialId, ':stage' => $partialStage)); |
|
| 24 | - $nextStage = $statement->fetchColumn(); |
|
| 25 | - $statement->closeCursor(); |
|
| 26 | - |
|
| 27 | - $this->redirect("login/" . $this->nextPageMap[$nextStage]); |
|
| 28 | - return; |
|
| 29 | - } |
|
| 30 | - |
|
| 31 | - $this->setTemplate('login/password.tpl'); |
|
| 32 | - } |
|
| 33 | - |
|
| 34 | - protected function getProviderCredentials() |
|
| 35 | - { |
|
| 36 | - $password = WebRequest::postString("password"); |
|
| 37 | - if ($password === null || $password === "") { |
|
| 38 | - throw new ApplicationLogicException("No password specified"); |
|
| 39 | - } |
|
| 40 | - |
|
| 41 | - return $password; |
|
| 42 | - } |
|
| 16 | + protected function providerSpecificSetup() |
|
| 17 | + { |
|
| 18 | + list($partialId, $partialStage) = WebRequest::getAuthPartialLogin(); |
|
| 19 | + |
|
| 20 | + if ($partialId !== null && $partialStage > 1) { |
|
| 21 | + $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority'; |
|
| 22 | + $statement = $this->getDatabase()->prepare($sql); |
|
| 23 | + $statement->execute(array(':user' => $partialId, ':stage' => $partialStage)); |
|
| 24 | + $nextStage = $statement->fetchColumn(); |
|
| 25 | + $statement->closeCursor(); |
|
| 26 | + |
|
| 27 | + $this->redirect("login/" . $this->nextPageMap[$nextStage]); |
|
| 28 | + return; |
|
| 29 | + } |
|
| 30 | + |
|
| 31 | + $this->setTemplate('login/password.tpl'); |
|
| 32 | + } |
|
| 33 | + |
|
| 34 | + protected function getProviderCredentials() |
|
| 35 | + { |
|
| 36 | + $password = WebRequest::postString("password"); |
|
| 37 | + if ($password === null || $password === "") { |
|
| 38 | + throw new ApplicationLogicException("No password specified"); |
|
| 39 | + } |
|
| 40 | + |
|
| 41 | + return $password; |
|
| 42 | + } |
|
| 43 | 43 | } |
| 44 | 44 | \ No newline at end of file |
@@ -20,165 +20,165 @@ |
||
| 20 | 20 | |
| 21 | 21 | class PagePreferences extends InternalPageBase |
| 22 | 22 | { |
| 23 | - /** |
|
| 24 | - * Main function for this page, when no specific actions are called. |
|
| 25 | - * @return void |
|
| 26 | - */ |
|
| 27 | - protected function main() |
|
| 28 | - { |
|
| 29 | - $this->setHtmlTitle('Preferences'); |
|
| 30 | - |
|
| 31 | - $enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth(); |
|
| 32 | - $database = $this->getDatabase(); |
|
| 33 | - $user = User::getCurrent($database); |
|
| 34 | - $preferencesManager = PreferenceManager::getForCurrent($database); |
|
| 35 | - |
|
| 36 | - // Dual mode |
|
| 37 | - if (WebRequest::wasPosted()) { |
|
| 38 | - $this->validateCSRFToken(); |
|
| 39 | - |
|
| 40 | - $this->setPreference($preferencesManager,PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 41 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 42 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 43 | - $this->setCreationMode($user, $preferencesManager); |
|
| 44 | - $this->setSkin($preferencesManager); |
|
| 45 | - $preferencesManager->setGlobalPreference(PreferenceManager::PREF_DEFAULT_DOMAIN, WebRequest::postInt('defaultDomain')); |
|
| 46 | - |
|
| 47 | - $email = WebRequest::postEmail('email'); |
|
| 48 | - if ($email !== null) { |
|
| 49 | - $user->setEmail($email); |
|
| 50 | - } |
|
| 51 | - |
|
| 52 | - $user->save(); |
|
| 53 | - SessionAlert::success("Preferences updated!"); |
|
| 54 | - |
|
| 55 | - if ($this->barrierTest(RoleConfiguration::MAIN, $user, PageMain::class)) { |
|
| 56 | - $this->redirect(''); |
|
| 57 | - } |
|
| 58 | - else { |
|
| 59 | - $this->redirect('preferences'); |
|
| 60 | - } |
|
| 61 | - } |
|
| 62 | - else { |
|
| 63 | - $this->assignCSRFToken(); |
|
| 64 | - $this->setTemplate('preferences/prefs.tpl'); |
|
| 65 | - |
|
| 66 | - // FIXME: domains! |
|
| 67 | - /** @var Domain $domain */ |
|
| 68 | - $domain = Domain::getById(1, $this->getDatabase()); |
|
| 69 | - $this->assign('mediawikiScriptPath', $domain->getWikiArticlePath()); |
|
| 70 | - |
|
| 71 | - $this->assign("enforceOAuth", $enforceOAuth); |
|
| 72 | - |
|
| 73 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature', false); |
|
| 74 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_CREATION_MODE, 'creationMode', false); |
|
| 75 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin', true); |
|
| 76 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', false); |
|
| 77 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', false, true); |
|
| 78 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_DEFAULT_DOMAIN, 'defaultDomain', true); |
|
| 79 | - |
|
| 80 | - $this->assign('canManualCreate', |
|
| 81 | - $this->barrierTest(PreferenceManager::CREATION_MANUAL, $user, 'RequestCreation')); |
|
| 82 | - $this->assign('canOauthCreate', |
|
| 83 | - $this->barrierTest(PreferenceManager::CREATION_OAUTH, $user, 'RequestCreation')); |
|
| 84 | - $this->assign('canBotCreate', |
|
| 85 | - $this->barrierTest(PreferenceManager::CREATION_BOT, $user, 'RequestCreation')); |
|
| 86 | - |
|
| 87 | - $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), |
|
| 88 | - $this->getSiteConfiguration()); |
|
| 89 | - $this->assign('oauth', $oauth); |
|
| 90 | - |
|
| 91 | - $identity = null; |
|
| 92 | - if ($oauth->isFullyLinked()) { |
|
| 93 | - $identity = $oauth->getIdentity(true); |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - $this->assign('identity', $identity); |
|
| 97 | - $this->assign('graceTime', $this->getSiteConfiguration()->getOauthIdentityGraceTime()); |
|
| 98 | - } |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - private function assignPreference( |
|
| 102 | - PreferenceManager $preferencesManager, |
|
| 103 | - string $preference, |
|
| 104 | - string $fieldName, |
|
| 105 | - bool $defaultGlobal, |
|
| 106 | - $defaultValue = null |
|
| 107 | - ): void { |
|
| 108 | - $this->assign($fieldName, $preferencesManager->getPreference($preference) ?? $defaultValue); |
|
| 109 | - $this->assign($fieldName . 'Global', $preferencesManager->isGlobalPreference($preference) ?? $defaultGlobal); |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - private function setPreferenceWithValue( |
|
| 113 | - PreferenceManager $preferencesManager, |
|
| 114 | - string $preferenceName, |
|
| 115 | - string $fieldName, |
|
| 116 | - $value |
|
| 117 | - ): void { |
|
| 118 | - $globalDefinition = WebRequest::postBoolean($fieldName . 'Global'); |
|
| 119 | - if ($globalDefinition) { |
|
| 120 | - $preferencesManager->setGlobalPreference($preferenceName, $value); |
|
| 121 | - } |
|
| 122 | - else { |
|
| 123 | - $preferencesManager->setLocalPreference($preferenceName, $value); |
|
| 124 | - } |
|
| 125 | - } |
|
| 126 | - |
|
| 127 | - private function setPreference( |
|
| 128 | - PreferenceManager $preferencesManager, |
|
| 129 | - string $preferenceName, |
|
| 130 | - string $fieldName |
|
| 131 | - ): void { |
|
| 132 | - $this->setPreferenceWithValue($preferencesManager, $preferenceName, $fieldName, WebRequest::postString($fieldName)); |
|
| 133 | - } |
|
| 134 | - |
|
| 135 | - protected function refreshOAuth() |
|
| 136 | - { |
|
| 137 | - if (!WebRequest::wasPosted()) { |
|
| 138 | - $this->redirect('preferences'); |
|
| 139 | - |
|
| 140 | - return; |
|
| 141 | - } |
|
| 142 | - |
|
| 143 | - $database = $this->getDatabase(); |
|
| 144 | - $oauth = new OAuthUserHelper(User::getCurrent($database), $database, $this->getOAuthProtocolHelper(), |
|
| 145 | - $this->getSiteConfiguration()); |
|
| 146 | - |
|
| 147 | - // token is for old consumer, run through the approval workflow again |
|
| 148 | - if ($oauth->getIdentity(true)->getAudience() !== $this->getSiteConfiguration()->getOAuthConsumerToken()) { |
|
| 149 | - $authoriseUrl = $oauth->getRequestToken(); |
|
| 150 | - $this->redirectUrl($authoriseUrl); |
|
| 151 | - |
|
| 152 | - return; |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - if ($oauth->isFullyLinked()) { |
|
| 156 | - $oauth->refreshIdentity(); |
|
| 157 | - } |
|
| 158 | - |
|
| 159 | - $this->redirect('preferences'); |
|
| 160 | - |
|
| 161 | - return; |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - private function setCreationMode(User $user, PreferenceManager $preferenceManager) |
|
| 165 | - { |
|
| 166 | - // if the user is selecting a creation mode that they are not allowed, do nothing. |
|
| 167 | - // this has the side effect of allowing them to keep a selected mode that either has been changed for them, |
|
| 168 | - // or that they have kept from when they previously had certain access. |
|
| 169 | - // This setting is only settable locally, as ACLs may change between domains. |
|
| 170 | - $creationMode = WebRequest::postInt('creationMode'); |
|
| 171 | - if ($this->barrierTest($creationMode, $user, 'RequestCreation')) { |
|
| 172 | - $preferenceManager->setLocalPreference(PreferenceManager::PREF_CREATION_MODE, WebRequest::postString('creationMode')); |
|
| 173 | - } |
|
| 174 | - } |
|
| 175 | - |
|
| 176 | - private function setSkin(PreferenceManager $preferencesManager): void |
|
| 177 | - { |
|
| 178 | - $newSkin = WebRequest::postString('skin'); |
|
| 179 | - $allowedSkins = ['main', 'alt', 'auto']; |
|
| 180 | - if (in_array($newSkin, $allowedSkins)) { |
|
| 181 | - $this->setPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin'); |
|
| 182 | - } |
|
| 183 | - } |
|
| 23 | + /** |
|
| 24 | + * Main function for this page, when no specific actions are called. |
|
| 25 | + * @return void |
|
| 26 | + */ |
|
| 27 | + protected function main() |
|
| 28 | + { |
|
| 29 | + $this->setHtmlTitle('Preferences'); |
|
| 30 | + |
|
| 31 | + $enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth(); |
|
| 32 | + $database = $this->getDatabase(); |
|
| 33 | + $user = User::getCurrent($database); |
|
| 34 | + $preferencesManager = PreferenceManager::getForCurrent($database); |
|
| 35 | + |
|
| 36 | + // Dual mode |
|
| 37 | + if (WebRequest::wasPosted()) { |
|
| 38 | + $this->validateCSRFToken(); |
|
| 39 | + |
|
| 40 | + $this->setPreference($preferencesManager,PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 41 | + $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 42 | + $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 43 | + $this->setCreationMode($user, $preferencesManager); |
|
| 44 | + $this->setSkin($preferencesManager); |
|
| 45 | + $preferencesManager->setGlobalPreference(PreferenceManager::PREF_DEFAULT_DOMAIN, WebRequest::postInt('defaultDomain')); |
|
| 46 | + |
|
| 47 | + $email = WebRequest::postEmail('email'); |
|
| 48 | + if ($email !== null) { |
|
| 49 | + $user->setEmail($email); |
|
| 50 | + } |
|
| 51 | + |
|
| 52 | + $user->save(); |
|
| 53 | + SessionAlert::success("Preferences updated!"); |
|
| 54 | + |
|
| 55 | + if ($this->barrierTest(RoleConfiguration::MAIN, $user, PageMain::class)) { |
|
| 56 | + $this->redirect(''); |
|
| 57 | + } |
|
| 58 | + else { |
|
| 59 | + $this->redirect('preferences'); |
|
| 60 | + } |
|
| 61 | + } |
|
| 62 | + else { |
|
| 63 | + $this->assignCSRFToken(); |
|
| 64 | + $this->setTemplate('preferences/prefs.tpl'); |
|
| 65 | + |
|
| 66 | + // FIXME: domains! |
|
| 67 | + /** @var Domain $domain */ |
|
| 68 | + $domain = Domain::getById(1, $this->getDatabase()); |
|
| 69 | + $this->assign('mediawikiScriptPath', $domain->getWikiArticlePath()); |
|
| 70 | + |
|
| 71 | + $this->assign("enforceOAuth", $enforceOAuth); |
|
| 72 | + |
|
| 73 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature', false); |
|
| 74 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_CREATION_MODE, 'creationMode', false); |
|
| 75 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin', true); |
|
| 76 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', false); |
|
| 77 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', false, true); |
|
| 78 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_DEFAULT_DOMAIN, 'defaultDomain', true); |
|
| 79 | + |
|
| 80 | + $this->assign('canManualCreate', |
|
| 81 | + $this->barrierTest(PreferenceManager::CREATION_MANUAL, $user, 'RequestCreation')); |
|
| 82 | + $this->assign('canOauthCreate', |
|
| 83 | + $this->barrierTest(PreferenceManager::CREATION_OAUTH, $user, 'RequestCreation')); |
|
| 84 | + $this->assign('canBotCreate', |
|
| 85 | + $this->barrierTest(PreferenceManager::CREATION_BOT, $user, 'RequestCreation')); |
|
| 86 | + |
|
| 87 | + $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), |
|
| 88 | + $this->getSiteConfiguration()); |
|
| 89 | + $this->assign('oauth', $oauth); |
|
| 90 | + |
|
| 91 | + $identity = null; |
|
| 92 | + if ($oauth->isFullyLinked()) { |
|
| 93 | + $identity = $oauth->getIdentity(true); |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + $this->assign('identity', $identity); |
|
| 97 | + $this->assign('graceTime', $this->getSiteConfiguration()->getOauthIdentityGraceTime()); |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + private function assignPreference( |
|
| 102 | + PreferenceManager $preferencesManager, |
|
| 103 | + string $preference, |
|
| 104 | + string $fieldName, |
|
| 105 | + bool $defaultGlobal, |
|
| 106 | + $defaultValue = null |
|
| 107 | + ): void { |
|
| 108 | + $this->assign($fieldName, $preferencesManager->getPreference($preference) ?? $defaultValue); |
|
| 109 | + $this->assign($fieldName . 'Global', $preferencesManager->isGlobalPreference($preference) ?? $defaultGlobal); |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + private function setPreferenceWithValue( |
|
| 113 | + PreferenceManager $preferencesManager, |
|
| 114 | + string $preferenceName, |
|
| 115 | + string $fieldName, |
|
| 116 | + $value |
|
| 117 | + ): void { |
|
| 118 | + $globalDefinition = WebRequest::postBoolean($fieldName . 'Global'); |
|
| 119 | + if ($globalDefinition) { |
|
| 120 | + $preferencesManager->setGlobalPreference($preferenceName, $value); |
|
| 121 | + } |
|
| 122 | + else { |
|
| 123 | + $preferencesManager->setLocalPreference($preferenceName, $value); |
|
| 124 | + } |
|
| 125 | + } |
|
| 126 | + |
|
| 127 | + private function setPreference( |
|
| 128 | + PreferenceManager $preferencesManager, |
|
| 129 | + string $preferenceName, |
|
| 130 | + string $fieldName |
|
| 131 | + ): void { |
|
| 132 | + $this->setPreferenceWithValue($preferencesManager, $preferenceName, $fieldName, WebRequest::postString($fieldName)); |
|
| 133 | + } |
|
| 134 | + |
|
| 135 | + protected function refreshOAuth() |
|
| 136 | + { |
|
| 137 | + if (!WebRequest::wasPosted()) { |
|
| 138 | + $this->redirect('preferences'); |
|
| 139 | + |
|
| 140 | + return; |
|
| 141 | + } |
|
| 142 | + |
|
| 143 | + $database = $this->getDatabase(); |
|
| 144 | + $oauth = new OAuthUserHelper(User::getCurrent($database), $database, $this->getOAuthProtocolHelper(), |
|
| 145 | + $this->getSiteConfiguration()); |
|
| 146 | + |
|
| 147 | + // token is for old consumer, run through the approval workflow again |
|
| 148 | + if ($oauth->getIdentity(true)->getAudience() !== $this->getSiteConfiguration()->getOAuthConsumerToken()) { |
|
| 149 | + $authoriseUrl = $oauth->getRequestToken(); |
|
| 150 | + $this->redirectUrl($authoriseUrl); |
|
| 151 | + |
|
| 152 | + return; |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + if ($oauth->isFullyLinked()) { |
|
| 156 | + $oauth->refreshIdentity(); |
|
| 157 | + } |
|
| 158 | + |
|
| 159 | + $this->redirect('preferences'); |
|
| 160 | + |
|
| 161 | + return; |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + private function setCreationMode(User $user, PreferenceManager $preferenceManager) |
|
| 165 | + { |
|
| 166 | + // if the user is selecting a creation mode that they are not allowed, do nothing. |
|
| 167 | + // this has the side effect of allowing them to keep a selected mode that either has been changed for them, |
|
| 168 | + // or that they have kept from when they previously had certain access. |
|
| 169 | + // This setting is only settable locally, as ACLs may change between domains. |
|
| 170 | + $creationMode = WebRequest::postInt('creationMode'); |
|
| 171 | + if ($this->barrierTest($creationMode, $user, 'RequestCreation')) { |
|
| 172 | + $preferenceManager->setLocalPreference(PreferenceManager::PREF_CREATION_MODE, WebRequest::postString('creationMode')); |
|
| 173 | + } |
|
| 174 | + } |
|
| 175 | + |
|
| 176 | + private function setSkin(PreferenceManager $preferencesManager): void |
|
| 177 | + { |
|
| 178 | + $newSkin = WebRequest::postString('skin'); |
|
| 179 | + $allowedSkins = ['main', 'alt', 'auto']; |
|
| 180 | + if (in_array($newSkin, $allowedSkins)) { |
|
| 181 | + $this->setPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin'); |
|
| 182 | + } |
|
| 183 | + } |
|
| 184 | 184 | } |
@@ -37,9 +37,9 @@ |
||
| 37 | 37 | if (WebRequest::wasPosted()) { |
| 38 | 38 | $this->validateCSRFToken(); |
| 39 | 39 | |
| 40 | - $this->setPreference($preferencesManager,PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 41 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 42 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 40 | + $this->setPreference($preferencesManager, PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 41 | + $this->setPreferenceWithValue($preferencesManager, PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 42 | + $this->setPreferenceWithValue($preferencesManager, PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 43 | 43 | $this->setCreationMode($user, $preferencesManager); |
| 44 | 44 | $this->setSkin($preferencesManager); |
| 45 | 45 | $preferencesManager->setGlobalPreference(PreferenceManager::PREF_DEFAULT_DOMAIN, WebRequest::postInt('defaultDomain')); |
@@ -54,12 +54,10 @@ discard block |
||
| 54 | 54 | |
| 55 | 55 | if ($this->barrierTest(RoleConfiguration::MAIN, $user, PageMain::class)) { |
| 56 | 56 | $this->redirect(''); |
| 57 | - } |
|
| 58 | - else { |
|
| 57 | + } else { |
|
| 59 | 58 | $this->redirect('preferences'); |
| 60 | 59 | } |
| 61 | - } |
|
| 62 | - else { |
|
| 60 | + } else { |
|
| 63 | 61 | $this->assignCSRFToken(); |
| 64 | 62 | $this->setTemplate('preferences/prefs.tpl'); |
| 65 | 63 | |
@@ -118,8 +116,7 @@ discard block |
||
| 118 | 116 | $globalDefinition = WebRequest::postBoolean($fieldName . 'Global'); |
| 119 | 117 | if ($globalDefinition) { |
| 120 | 118 | $preferencesManager->setGlobalPreference($preferenceName, $value); |
| 121 | - } |
|
| 122 | - else { |
|
| 119 | + } else { |
|
| 123 | 120 | $preferencesManager->setLocalPreference($preferenceName, $value); |
| 124 | 121 | } |
| 125 | 122 | } |
@@ -26,297 +26,297 @@ |
||
| 26 | 26 | |
| 27 | 27 | class PageMultiFactor extends InternalPageBase |
| 28 | 28 | { |
| 29 | - /** |
|
| 30 | - * Main function for this page, when no specific actions are called. |
|
| 31 | - * @return void |
|
| 32 | - */ |
|
| 33 | - protected function main() |
|
| 34 | - { |
|
| 35 | - $database = $this->getDatabase(); |
|
| 36 | - $currentUser = User::getCurrent($database); |
|
| 37 | - |
|
| 38 | - $yubikeyOtpCredentialProvider = new YubikeyOtpCredentialProvider($database, $this->getSiteConfiguration(), |
|
| 39 | - $this->getHttpHelper()); |
|
| 40 | - $this->assign('yubikeyOtpIdentity', $yubikeyOtpCredentialProvider->getYubikeyData($currentUser->getId())); |
|
| 41 | - $this->assign('yubikeyOtpEnrolled', $yubikeyOtpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 42 | - |
|
| 43 | - $totpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 44 | - $this->assign('totpEnrolled', $totpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 45 | - |
|
| 46 | - $scratchCredentialProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 47 | - $this->assign('scratchEnrolled', $scratchCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 48 | - $this->assign('scratchRemaining', $scratchCredentialProvider->getRemaining($currentUser->getId())); |
|
| 49 | - |
|
| 50 | - $this->assign('allowedTotp', $this->barrierTest('enableTotp', $currentUser)); |
|
| 51 | - $this->assign('allowedYubikey', $this->barrierTest('enableYubikeyOtp', $currentUser)); |
|
| 52 | - |
|
| 53 | - $this->setTemplate('mfa/mfa.tpl'); |
|
| 54 | - } |
|
| 55 | - |
|
| 56 | - protected function enableYubikeyOtp() |
|
| 57 | - { |
|
| 58 | - $database = $this->getDatabase(); |
|
| 59 | - $currentUser = User::getCurrent($database); |
|
| 60 | - |
|
| 61 | - $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 62 | - $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 63 | - |
|
| 64 | - if (WebRequest::wasPosted()) { |
|
| 65 | - $this->validateCSRFToken(); |
|
| 66 | - |
|
| 67 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 68 | - $this->getSiteConfiguration()); |
|
| 69 | - |
|
| 70 | - $password = WebRequest::postString('password'); |
|
| 71 | - $otp = WebRequest::postString('otp'); |
|
| 72 | - |
|
| 73 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 74 | - |
|
| 75 | - if ($result) { |
|
| 76 | - try { |
|
| 77 | - $otpCredentialProvider->setCredential($currentUser, 2, $otp); |
|
| 78 | - SessionAlert::success('Enabled YubiKey OTP.'); |
|
| 79 | - |
|
| 80 | - $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 81 | - if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 82 | - $scratchProvider->setCredential($currentUser, 2, null); |
|
| 83 | - $tokens = $scratchProvider->getTokens(); |
|
| 84 | - $this->assign('tokens', $tokens); |
|
| 85 | - $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 86 | - return; |
|
| 87 | - } |
|
| 88 | - } |
|
| 89 | - catch (ApplicationLogicException $ex) { |
|
| 90 | - SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage()); |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - $this->redirect('multiFactor'); |
|
| 94 | - } |
|
| 95 | - else { |
|
| 96 | - SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.'); |
|
| 97 | - $this->redirect('multiFactor'); |
|
| 98 | - } |
|
| 99 | - } |
|
| 100 | - else { |
|
| 101 | - if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 102 | - // user is not enrolled, we shouldn't have got here. |
|
| 103 | - throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - $this->assignCSRFToken(); |
|
| 107 | - $this->setTemplate('mfa/enableYubikey.tpl'); |
|
| 108 | - } |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - protected function disableYubikeyOtp() |
|
| 112 | - { |
|
| 113 | - $database = $this->getDatabase(); |
|
| 114 | - $currentUser = User::getCurrent($database); |
|
| 115 | - |
|
| 116 | - $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 117 | - $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 118 | - |
|
| 119 | - $factorType = 'YubiKey OTP'; |
|
| 120 | - |
|
| 121 | - $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 122 | - } |
|
| 123 | - |
|
| 124 | - protected function enableTotp() |
|
| 125 | - { |
|
| 126 | - $database = $this->getDatabase(); |
|
| 127 | - $currentUser = User::getCurrent($database); |
|
| 128 | - |
|
| 129 | - $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 130 | - |
|
| 131 | - if (WebRequest::wasPosted()) { |
|
| 132 | - $this->validateCSRFToken(); |
|
| 133 | - |
|
| 134 | - // used for routing only, not security |
|
| 135 | - $stage = WebRequest::postString('stage'); |
|
| 136 | - |
|
| 137 | - if ($stage === "auth") { |
|
| 138 | - $password = WebRequest::postString('password'); |
|
| 139 | - |
|
| 140 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 141 | - $this->getSiteConfiguration()); |
|
| 142 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 143 | - |
|
| 144 | - if ($result) { |
|
| 145 | - $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 146 | - |
|
| 147 | - $provisioningUrl = $otpCredentialProvider->getProvisioningUrl($currentUser); |
|
| 148 | - |
|
| 149 | - $renderer = new ImageRenderer( |
|
| 150 | - new RendererStyle(256), |
|
| 151 | - new SvgImageBackEnd() |
|
| 152 | - ); |
|
| 153 | - |
|
| 154 | - $writer = new Writer($renderer); |
|
| 155 | - $svg = $writer->writeString($provisioningUrl); |
|
| 156 | - |
|
| 157 | - $this->assign('svg', $svg); |
|
| 158 | - $this->assign('secret', $otpCredentialProvider->getSecret($currentUser)); |
|
| 159 | - |
|
| 160 | - $this->assignCSRFToken(); |
|
| 161 | - $this->setTemplate('mfa/enableTotpEnroll.tpl'); |
|
| 162 | - |
|
| 163 | - return; |
|
| 164 | - } |
|
| 165 | - else { |
|
| 166 | - SessionAlert::error('Error enabling TOTP - invalid credentials.'); |
|
| 167 | - $this->redirect('multiFactor'); |
|
| 168 | - |
|
| 169 | - return; |
|
| 170 | - } |
|
| 171 | - } |
|
| 172 | - |
|
| 173 | - if ($stage === "enroll") { |
|
| 174 | - // we *must* have a defined credential already here, |
|
| 175 | - if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) { |
|
| 176 | - $otp = WebRequest::postString('otp'); |
|
| 177 | - $result = $otpCredentialProvider->verifyEnable($currentUser, $otp); |
|
| 178 | - |
|
| 179 | - if ($result) { |
|
| 180 | - SessionAlert::success('Enabled TOTP.'); |
|
| 181 | - |
|
| 182 | - $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 183 | - if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 184 | - $scratchProvider->setCredential($currentUser, 2, null); |
|
| 185 | - $tokens = $scratchProvider->getTokens(); |
|
| 186 | - $this->assign('tokens', $tokens); |
|
| 187 | - $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 188 | - return; |
|
| 189 | - } |
|
| 190 | - } |
|
| 191 | - else { |
|
| 192 | - $otpCredentialProvider->deleteCredential($currentUser); |
|
| 193 | - SessionAlert::error('Error enabling TOTP: invalid token provided'); |
|
| 194 | - } |
|
| 195 | - |
|
| 196 | - |
|
| 197 | - $this->redirect('multiFactor'); |
|
| 198 | - return; |
|
| 199 | - } |
|
| 200 | - else { |
|
| 201 | - SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.'); |
|
| 202 | - $this->redirect('multiFactor'); |
|
| 203 | - |
|
| 204 | - return; |
|
| 205 | - } |
|
| 206 | - } |
|
| 207 | - |
|
| 208 | - // urgh, dunno what happened, but it's not something expected. |
|
| 209 | - throw new ApplicationLogicException(); |
|
| 210 | - } |
|
| 211 | - else { |
|
| 212 | - if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 213 | - // user is not enrolled, we shouldn't have got here. |
|
| 214 | - throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 215 | - } |
|
| 216 | - |
|
| 217 | - $this->assignCSRFToken(); |
|
| 218 | - |
|
| 219 | - $this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing your tool password below.'); |
|
| 220 | - $this->assign('alertheader', 'Provide credentials'); |
|
| 221 | - $this->assign('continueText', 'Verify password'); |
|
| 222 | - $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 223 | - } |
|
| 224 | - } |
|
| 225 | - |
|
| 226 | - protected function disableTotp() |
|
| 227 | - { |
|
| 228 | - $database = $this->getDatabase(); |
|
| 229 | - $currentUser = User::getCurrent($database); |
|
| 230 | - |
|
| 231 | - $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 232 | - |
|
| 233 | - $factorType = 'TOTP'; |
|
| 234 | - |
|
| 235 | - $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 236 | - } |
|
| 237 | - |
|
| 238 | - protected function scratch() |
|
| 239 | - { |
|
| 240 | - $database = $this->getDatabase(); |
|
| 241 | - $currentUser = User::getCurrent($database); |
|
| 242 | - |
|
| 243 | - if (WebRequest::wasPosted()) { |
|
| 244 | - $this->validateCSRFToken(); |
|
| 245 | - |
|
| 246 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 247 | - $this->getSiteConfiguration()); |
|
| 248 | - |
|
| 249 | - $otpCredentialProvider = new ScratchTokenCredentialProvider($database, |
|
| 250 | - $this->getSiteConfiguration()); |
|
| 251 | - |
|
| 252 | - $password = WebRequest::postString('password'); |
|
| 253 | - |
|
| 254 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 255 | - |
|
| 256 | - if ($result) { |
|
| 257 | - $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 258 | - $tokens = $otpCredentialProvider->getTokens(); |
|
| 259 | - $this->assign('tokens', $tokens); |
|
| 260 | - $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 261 | - } |
|
| 262 | - else { |
|
| 263 | - SessionAlert::error('Error refreshing scratch tokens - invalid credentials.'); |
|
| 264 | - $this->redirect('multiFactor'); |
|
| 265 | - } |
|
| 266 | - } |
|
| 267 | - else { |
|
| 268 | - $this->assignCSRFToken(); |
|
| 269 | - |
|
| 270 | - $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing your tool password below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.'); |
|
| 271 | - $this->assign('alertheader', 'Re-generate scratch tokens'); |
|
| 272 | - $this->assign('continueText', 'Regenerate Scratch Tokens'); |
|
| 273 | - |
|
| 274 | - $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 275 | - } |
|
| 276 | - } |
|
| 277 | - |
|
| 278 | - /** |
|
| 279 | - * @param PdoDatabase $database |
|
| 280 | - * @param User $currentUser |
|
| 281 | - * @param ICredentialProvider $otpCredentialProvider |
|
| 282 | - * @param string $factorType |
|
| 283 | - * |
|
| 284 | - * @throws ApplicationLogicException |
|
| 285 | - */ |
|
| 286 | - private function deleteCredential( |
|
| 287 | - PdoDatabase $database, |
|
| 288 | - User $currentUser, |
|
| 289 | - ICredentialProvider $otpCredentialProvider, |
|
| 290 | - $factorType |
|
| 291 | - ) { |
|
| 292 | - if (WebRequest::wasPosted()) { |
|
| 293 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 294 | - $this->getSiteConfiguration()); |
|
| 295 | - |
|
| 296 | - $this->validateCSRFToken(); |
|
| 297 | - |
|
| 298 | - $password = WebRequest::postString('password'); |
|
| 299 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 300 | - |
|
| 301 | - if ($result) { |
|
| 302 | - $otpCredentialProvider->deleteCredential($currentUser); |
|
| 303 | - SessionAlert::success('Disabled ' . $factorType . '.'); |
|
| 304 | - $this->redirect('multiFactor'); |
|
| 305 | - } |
|
| 306 | - else { |
|
| 307 | - SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.'); |
|
| 308 | - $this->redirect('multiFactor'); |
|
| 309 | - } |
|
| 310 | - } |
|
| 311 | - else { |
|
| 312 | - if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 313 | - // user is not enrolled, we shouldn't have got here. |
|
| 314 | - throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism'); |
|
| 315 | - } |
|
| 316 | - |
|
| 317 | - $this->assignCSRFToken(); |
|
| 318 | - $this->assign('otpType', $factorType); |
|
| 319 | - $this->setTemplate('mfa/disableOtp.tpl'); |
|
| 320 | - } |
|
| 321 | - } |
|
| 29 | + /** |
|
| 30 | + * Main function for this page, when no specific actions are called. |
|
| 31 | + * @return void |
|
| 32 | + */ |
|
| 33 | + protected function main() |
|
| 34 | + { |
|
| 35 | + $database = $this->getDatabase(); |
|
| 36 | + $currentUser = User::getCurrent($database); |
|
| 37 | + |
|
| 38 | + $yubikeyOtpCredentialProvider = new YubikeyOtpCredentialProvider($database, $this->getSiteConfiguration(), |
|
| 39 | + $this->getHttpHelper()); |
|
| 40 | + $this->assign('yubikeyOtpIdentity', $yubikeyOtpCredentialProvider->getYubikeyData($currentUser->getId())); |
|
| 41 | + $this->assign('yubikeyOtpEnrolled', $yubikeyOtpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 42 | + |
|
| 43 | + $totpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 44 | + $this->assign('totpEnrolled', $totpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 45 | + |
|
| 46 | + $scratchCredentialProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 47 | + $this->assign('scratchEnrolled', $scratchCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 48 | + $this->assign('scratchRemaining', $scratchCredentialProvider->getRemaining($currentUser->getId())); |
|
| 49 | + |
|
| 50 | + $this->assign('allowedTotp', $this->barrierTest('enableTotp', $currentUser)); |
|
| 51 | + $this->assign('allowedYubikey', $this->barrierTest('enableYubikeyOtp', $currentUser)); |
|
| 52 | + |
|
| 53 | + $this->setTemplate('mfa/mfa.tpl'); |
|
| 54 | + } |
|
| 55 | + |
|
| 56 | + protected function enableYubikeyOtp() |
|
| 57 | + { |
|
| 58 | + $database = $this->getDatabase(); |
|
| 59 | + $currentUser = User::getCurrent($database); |
|
| 60 | + |
|
| 61 | + $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 62 | + $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 63 | + |
|
| 64 | + if (WebRequest::wasPosted()) { |
|
| 65 | + $this->validateCSRFToken(); |
|
| 66 | + |
|
| 67 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 68 | + $this->getSiteConfiguration()); |
|
| 69 | + |
|
| 70 | + $password = WebRequest::postString('password'); |
|
| 71 | + $otp = WebRequest::postString('otp'); |
|
| 72 | + |
|
| 73 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 74 | + |
|
| 75 | + if ($result) { |
|
| 76 | + try { |
|
| 77 | + $otpCredentialProvider->setCredential($currentUser, 2, $otp); |
|
| 78 | + SessionAlert::success('Enabled YubiKey OTP.'); |
|
| 79 | + |
|
| 80 | + $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 81 | + if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 82 | + $scratchProvider->setCredential($currentUser, 2, null); |
|
| 83 | + $tokens = $scratchProvider->getTokens(); |
|
| 84 | + $this->assign('tokens', $tokens); |
|
| 85 | + $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 86 | + return; |
|
| 87 | + } |
|
| 88 | + } |
|
| 89 | + catch (ApplicationLogicException $ex) { |
|
| 90 | + SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage()); |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + $this->redirect('multiFactor'); |
|
| 94 | + } |
|
| 95 | + else { |
|
| 96 | + SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.'); |
|
| 97 | + $this->redirect('multiFactor'); |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + else { |
|
| 101 | + if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 102 | + // user is not enrolled, we shouldn't have got here. |
|
| 103 | + throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + $this->assignCSRFToken(); |
|
| 107 | + $this->setTemplate('mfa/enableYubikey.tpl'); |
|
| 108 | + } |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + protected function disableYubikeyOtp() |
|
| 112 | + { |
|
| 113 | + $database = $this->getDatabase(); |
|
| 114 | + $currentUser = User::getCurrent($database); |
|
| 115 | + |
|
| 116 | + $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 117 | + $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 118 | + |
|
| 119 | + $factorType = 'YubiKey OTP'; |
|
| 120 | + |
|
| 121 | + $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 122 | + } |
|
| 123 | + |
|
| 124 | + protected function enableTotp() |
|
| 125 | + { |
|
| 126 | + $database = $this->getDatabase(); |
|
| 127 | + $currentUser = User::getCurrent($database); |
|
| 128 | + |
|
| 129 | + $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 130 | + |
|
| 131 | + if (WebRequest::wasPosted()) { |
|
| 132 | + $this->validateCSRFToken(); |
|
| 133 | + |
|
| 134 | + // used for routing only, not security |
|
| 135 | + $stage = WebRequest::postString('stage'); |
|
| 136 | + |
|
| 137 | + if ($stage === "auth") { |
|
| 138 | + $password = WebRequest::postString('password'); |
|
| 139 | + |
|
| 140 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 141 | + $this->getSiteConfiguration()); |
|
| 142 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 143 | + |
|
| 144 | + if ($result) { |
|
| 145 | + $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 146 | + |
|
| 147 | + $provisioningUrl = $otpCredentialProvider->getProvisioningUrl($currentUser); |
|
| 148 | + |
|
| 149 | + $renderer = new ImageRenderer( |
|
| 150 | + new RendererStyle(256), |
|
| 151 | + new SvgImageBackEnd() |
|
| 152 | + ); |
|
| 153 | + |
|
| 154 | + $writer = new Writer($renderer); |
|
| 155 | + $svg = $writer->writeString($provisioningUrl); |
|
| 156 | + |
|
| 157 | + $this->assign('svg', $svg); |
|
| 158 | + $this->assign('secret', $otpCredentialProvider->getSecret($currentUser)); |
|
| 159 | + |
|
| 160 | + $this->assignCSRFToken(); |
|
| 161 | + $this->setTemplate('mfa/enableTotpEnroll.tpl'); |
|
| 162 | + |
|
| 163 | + return; |
|
| 164 | + } |
|
| 165 | + else { |
|
| 166 | + SessionAlert::error('Error enabling TOTP - invalid credentials.'); |
|
| 167 | + $this->redirect('multiFactor'); |
|
| 168 | + |
|
| 169 | + return; |
|
| 170 | + } |
|
| 171 | + } |
|
| 172 | + |
|
| 173 | + if ($stage === "enroll") { |
|
| 174 | + // we *must* have a defined credential already here, |
|
| 175 | + if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) { |
|
| 176 | + $otp = WebRequest::postString('otp'); |
|
| 177 | + $result = $otpCredentialProvider->verifyEnable($currentUser, $otp); |
|
| 178 | + |
|
| 179 | + if ($result) { |
|
| 180 | + SessionAlert::success('Enabled TOTP.'); |
|
| 181 | + |
|
| 182 | + $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 183 | + if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 184 | + $scratchProvider->setCredential($currentUser, 2, null); |
|
| 185 | + $tokens = $scratchProvider->getTokens(); |
|
| 186 | + $this->assign('tokens', $tokens); |
|
| 187 | + $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 188 | + return; |
|
| 189 | + } |
|
| 190 | + } |
|
| 191 | + else { |
|
| 192 | + $otpCredentialProvider->deleteCredential($currentUser); |
|
| 193 | + SessionAlert::error('Error enabling TOTP: invalid token provided'); |
|
| 194 | + } |
|
| 195 | + |
|
| 196 | + |
|
| 197 | + $this->redirect('multiFactor'); |
|
| 198 | + return; |
|
| 199 | + } |
|
| 200 | + else { |
|
| 201 | + SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.'); |
|
| 202 | + $this->redirect('multiFactor'); |
|
| 203 | + |
|
| 204 | + return; |
|
| 205 | + } |
|
| 206 | + } |
|
| 207 | + |
|
| 208 | + // urgh, dunno what happened, but it's not something expected. |
|
| 209 | + throw new ApplicationLogicException(); |
|
| 210 | + } |
|
| 211 | + else { |
|
| 212 | + if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 213 | + // user is not enrolled, we shouldn't have got here. |
|
| 214 | + throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 215 | + } |
|
| 216 | + |
|
| 217 | + $this->assignCSRFToken(); |
|
| 218 | + |
|
| 219 | + $this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing your tool password below.'); |
|
| 220 | + $this->assign('alertheader', 'Provide credentials'); |
|
| 221 | + $this->assign('continueText', 'Verify password'); |
|
| 222 | + $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | + |
|
| 226 | + protected function disableTotp() |
|
| 227 | + { |
|
| 228 | + $database = $this->getDatabase(); |
|
| 229 | + $currentUser = User::getCurrent($database); |
|
| 230 | + |
|
| 231 | + $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 232 | + |
|
| 233 | + $factorType = 'TOTP'; |
|
| 234 | + |
|
| 235 | + $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 236 | + } |
|
| 237 | + |
|
| 238 | + protected function scratch() |
|
| 239 | + { |
|
| 240 | + $database = $this->getDatabase(); |
|
| 241 | + $currentUser = User::getCurrent($database); |
|
| 242 | + |
|
| 243 | + if (WebRequest::wasPosted()) { |
|
| 244 | + $this->validateCSRFToken(); |
|
| 245 | + |
|
| 246 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 247 | + $this->getSiteConfiguration()); |
|
| 248 | + |
|
| 249 | + $otpCredentialProvider = new ScratchTokenCredentialProvider($database, |
|
| 250 | + $this->getSiteConfiguration()); |
|
| 251 | + |
|
| 252 | + $password = WebRequest::postString('password'); |
|
| 253 | + |
|
| 254 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 255 | + |
|
| 256 | + if ($result) { |
|
| 257 | + $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 258 | + $tokens = $otpCredentialProvider->getTokens(); |
|
| 259 | + $this->assign('tokens', $tokens); |
|
| 260 | + $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 261 | + } |
|
| 262 | + else { |
|
| 263 | + SessionAlert::error('Error refreshing scratch tokens - invalid credentials.'); |
|
| 264 | + $this->redirect('multiFactor'); |
|
| 265 | + } |
|
| 266 | + } |
|
| 267 | + else { |
|
| 268 | + $this->assignCSRFToken(); |
|
| 269 | + |
|
| 270 | + $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing your tool password below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.'); |
|
| 271 | + $this->assign('alertheader', 'Re-generate scratch tokens'); |
|
| 272 | + $this->assign('continueText', 'Regenerate Scratch Tokens'); |
|
| 273 | + |
|
| 274 | + $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 275 | + } |
|
| 276 | + } |
|
| 277 | + |
|
| 278 | + /** |
|
| 279 | + * @param PdoDatabase $database |
|
| 280 | + * @param User $currentUser |
|
| 281 | + * @param ICredentialProvider $otpCredentialProvider |
|
| 282 | + * @param string $factorType |
|
| 283 | + * |
|
| 284 | + * @throws ApplicationLogicException |
|
| 285 | + */ |
|
| 286 | + private function deleteCredential( |
|
| 287 | + PdoDatabase $database, |
|
| 288 | + User $currentUser, |
|
| 289 | + ICredentialProvider $otpCredentialProvider, |
|
| 290 | + $factorType |
|
| 291 | + ) { |
|
| 292 | + if (WebRequest::wasPosted()) { |
|
| 293 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 294 | + $this->getSiteConfiguration()); |
|
| 295 | + |
|
| 296 | + $this->validateCSRFToken(); |
|
| 297 | + |
|
| 298 | + $password = WebRequest::postString('password'); |
|
| 299 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 300 | + |
|
| 301 | + if ($result) { |
|
| 302 | + $otpCredentialProvider->deleteCredential($currentUser); |
|
| 303 | + SessionAlert::success('Disabled ' . $factorType . '.'); |
|
| 304 | + $this->redirect('multiFactor'); |
|
| 305 | + } |
|
| 306 | + else { |
|
| 307 | + SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.'); |
|
| 308 | + $this->redirect('multiFactor'); |
|
| 309 | + } |
|
| 310 | + } |
|
| 311 | + else { |
|
| 312 | + if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 313 | + // user is not enrolled, we shouldn't have got here. |
|
| 314 | + throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism'); |
|
| 315 | + } |
|
| 316 | + |
|
| 317 | + $this->assignCSRFToken(); |
|
| 318 | + $this->assign('otpType', $factorType); |
|
| 319 | + $this->setTemplate('mfa/disableOtp.tpl'); |
|
| 320 | + } |
|
| 321 | + } |
|
| 322 | 322 | } |
@@ -91,13 +91,11 @@ discard block |
||
| 91 | 91 | } |
| 92 | 92 | |
| 93 | 93 | $this->redirect('multiFactor'); |
| 94 | - } |
|
| 95 | - else { |
|
| 94 | + } else { |
|
| 96 | 95 | SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.'); |
| 97 | 96 | $this->redirect('multiFactor'); |
| 98 | 97 | } |
| 99 | - } |
|
| 100 | - else { |
|
| 98 | + } else { |
|
| 101 | 99 | if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
| 102 | 100 | // user is not enrolled, we shouldn't have got here. |
| 103 | 101 | throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
@@ -161,8 +159,7 @@ discard block |
||
| 161 | 159 | $this->setTemplate('mfa/enableTotpEnroll.tpl'); |
| 162 | 160 | |
| 163 | 161 | return; |
| 164 | - } |
|
| 165 | - else { |
|
| 162 | + } else { |
|
| 166 | 163 | SessionAlert::error('Error enabling TOTP - invalid credentials.'); |
| 167 | 164 | $this->redirect('multiFactor'); |
| 168 | 165 | |
@@ -187,8 +184,7 @@ discard block |
||
| 187 | 184 | $this->setTemplate('mfa/regenScratchTokens.tpl'); |
| 188 | 185 | return; |
| 189 | 186 | } |
| 190 | - } |
|
| 191 | - else { |
|
| 187 | + } else { |
|
| 192 | 188 | $otpCredentialProvider->deleteCredential($currentUser); |
| 193 | 189 | SessionAlert::error('Error enabling TOTP: invalid token provided'); |
| 194 | 190 | } |
@@ -196,8 +192,7 @@ discard block |
||
| 196 | 192 | |
| 197 | 193 | $this->redirect('multiFactor'); |
| 198 | 194 | return; |
| 199 | - } |
|
| 200 | - else { |
|
| 195 | + } else { |
|
| 201 | 196 | SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.'); |
| 202 | 197 | $this->redirect('multiFactor'); |
| 203 | 198 | |
@@ -207,8 +202,7 @@ discard block |
||
| 207 | 202 | |
| 208 | 203 | // urgh, dunno what happened, but it's not something expected. |
| 209 | 204 | throw new ApplicationLogicException(); |
| 210 | - } |
|
| 211 | - else { |
|
| 205 | + } else { |
|
| 212 | 206 | if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
| 213 | 207 | // user is not enrolled, we shouldn't have got here. |
| 214 | 208 | throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
@@ -258,13 +252,11 @@ discard block |
||
| 258 | 252 | $tokens = $otpCredentialProvider->getTokens(); |
| 259 | 253 | $this->assign('tokens', $tokens); |
| 260 | 254 | $this->setTemplate('mfa/regenScratchTokens.tpl'); |
| 261 | - } |
|
| 262 | - else { |
|
| 255 | + } else { |
|
| 263 | 256 | SessionAlert::error('Error refreshing scratch tokens - invalid credentials.'); |
| 264 | 257 | $this->redirect('multiFactor'); |
| 265 | 258 | } |
| 266 | - } |
|
| 267 | - else { |
|
| 259 | + } else { |
|
| 268 | 260 | $this->assignCSRFToken(); |
| 269 | 261 | |
| 270 | 262 | $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing your tool password below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.'); |
@@ -302,13 +294,11 @@ discard block |
||
| 302 | 294 | $otpCredentialProvider->deleteCredential($currentUser); |
| 303 | 295 | SessionAlert::success('Disabled ' . $factorType . '.'); |
| 304 | 296 | $this->redirect('multiFactor'); |
| 305 | - } |
|
| 306 | - else { |
|
| 297 | + } else { |
|
| 307 | 298 | SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.'); |
| 308 | 299 | $this->redirect('multiFactor'); |
| 309 | 300 | } |
| 310 | - } |
|
| 311 | - else { |
|
| 301 | + } else { |
|
| 312 | 302 | if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
| 313 | 303 | // user is not enrolled, we shouldn't have got here. |
| 314 | 304 | throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism'); |
