mdaniels5757 /
waca
@@ -19,67 +19,67 @@ |
||
| 19 | 19 | |
| 20 | 20 | class PageFlagComment extends InternalPageBase |
| 21 | 21 | { |
| 22 | - /** |
|
| 23 | - * @inheritDoc |
|
| 24 | - */ |
|
| 25 | - protected function main() |
|
| 26 | - { |
|
| 27 | - if (!WebRequest::wasPosted()) { |
|
| 28 | - throw new ApplicationLogicException('This page does not support GET methods.'); |
|
| 29 | - } |
|
| 22 | + /** |
|
| 23 | + * @inheritDoc |
|
| 24 | + */ |
|
| 25 | + protected function main() |
|
| 26 | + { |
|
| 27 | + if (!WebRequest::wasPosted()) { |
|
| 28 | + throw new ApplicationLogicException('This page does not support GET methods.'); |
|
| 29 | + } |
|
| 30 | 30 | |
| 31 | - $this->validateCSRFToken(); |
|
| 31 | + $this->validateCSRFToken(); |
|
| 32 | 32 | |
| 33 | - $flagState = WebRequest::postInt('flag'); |
|
| 34 | - $commentId = WebRequest::postInt('comment'); |
|
| 35 | - $updateVersion = WebRequest::postInt('updateversion'); |
|
| 33 | + $flagState = WebRequest::postInt('flag'); |
|
| 34 | + $commentId = WebRequest::postInt('comment'); |
|
| 35 | + $updateVersion = WebRequest::postInt('updateversion'); |
|
| 36 | 36 | |
| 37 | - if ($flagState !== 0 && $flagState !== 1) { |
|
| 38 | - throw new ApplicationLogicException('Flag status not valid'); |
|
| 39 | - } |
|
| 37 | + if ($flagState !== 0 && $flagState !== 1) { |
|
| 38 | + throw new ApplicationLogicException('Flag status not valid'); |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | - $database = $this->getDatabase(); |
|
| 41 | + $database = $this->getDatabase(); |
|
| 42 | 42 | |
| 43 | - /** @var Comment|false $comment */ |
|
| 44 | - $comment = Comment::getById($commentId, $database); |
|
| 45 | - if ($comment === false) { |
|
| 46 | - throw new ApplicationLogicException('Unknown comment'); |
|
| 47 | - } |
|
| 43 | + /** @var Comment|false $comment */ |
|
| 44 | + $comment = Comment::getById($commentId, $database); |
|
| 45 | + if ($comment === false) { |
|
| 46 | + throw new ApplicationLogicException('Unknown comment'); |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - $currentUser = User::getCurrent($database); |
|
| 49 | + $currentUser = User::getCurrent($database); |
|
| 50 | 50 | |
| 51 | - if ($comment->getFlagged() && !$this->barrierTest('unflag', $currentUser)) { |
|
| 52 | - // user isn't allowed to unflag comments |
|
| 53 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 54 | - } |
|
| 51 | + if ($comment->getFlagged() && !$this->barrierTest('unflag', $currentUser)) { |
|
| 52 | + // user isn't allowed to unflag comments |
|
| 53 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - /** @var Request $request */ |
|
| 57 | - $request = Request::getById($comment->getRequest(), $database); |
|
| 56 | + /** @var Request $request */ |
|
| 57 | + $request = Request::getById($comment->getRequest(), $database); |
|
| 58 | 58 | |
| 59 | - if ($comment->getFlagged() |
|
| 60 | - && !$this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData') |
|
| 61 | - && $request->getReserved() !== $currentUser->getId() |
|
| 62 | - ) { |
|
| 63 | - // can't unflag if you can't see it. |
|
| 64 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 65 | - } |
|
| 59 | + if ($comment->getFlagged() |
|
| 60 | + && !$this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData') |
|
| 61 | + && $request->getReserved() !== $currentUser->getId() |
|
| 62 | + ) { |
|
| 63 | + // can't unflag if you can't see it. |
|
| 64 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - $comment->setFlagged($flagState == 1); |
|
| 68 | - $comment->setUpdateVersion($updateVersion); |
|
| 69 | - $comment->save(); |
|
| 67 | + $comment->setFlagged($flagState == 1); |
|
| 68 | + $comment->setUpdateVersion($updateVersion); |
|
| 69 | + $comment->save(); |
|
| 70 | 70 | |
| 71 | - if ($flagState === 1) { |
|
| 72 | - Logger::flaggedComment($database, $comment, $request->getDomain()); |
|
| 73 | - } |
|
| 74 | - else { |
|
| 75 | - Logger::unflaggedComment($database, $comment, $request->getDomain()); |
|
| 76 | - } |
|
| 71 | + if ($flagState === 1) { |
|
| 72 | + Logger::flaggedComment($database, $comment, $request->getDomain()); |
|
| 73 | + } |
|
| 74 | + else { |
|
| 75 | + Logger::unflaggedComment($database, $comment, $request->getDomain()); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - if (WebRequest::postString('return') == 'list') { |
|
| 79 | - $this->redirect('flaggedComments'); |
|
| 80 | - } |
|
| 81 | - else { |
|
| 82 | - $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]); |
|
| 83 | - } |
|
| 84 | - } |
|
| 78 | + if (WebRequest::postString('return') == 'list') { |
|
| 79 | + $this->redirect('flaggedComments'); |
|
| 80 | + } |
|
| 81 | + else { |
|
| 82 | + $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]); |
|
| 83 | + } |
|
| 84 | + } |
|
| 85 | 85 | } |
| 86 | 86 | \ No newline at end of file |
@@ -70,15 +70,13 @@ |
||
| 70 | 70 | |
| 71 | 71 | if ($flagState === 1) { |
| 72 | 72 | Logger::flaggedComment($database, $comment, $request->getDomain()); |
| 73 | - } |
|
| 74 | - else { |
|
| 73 | + } else { |
|
| 75 | 74 | Logger::unflaggedComment($database, $comment, $request->getDomain()); |
| 76 | 75 | } |
| 77 | 76 | |
| 78 | 77 | if (WebRequest::postString('return') == 'list') { |
| 79 | 78 | $this->redirect('flaggedComments'); |
| 80 | - } |
|
| 81 | - else { |
|
| 79 | + } else { |
|
| 82 | 80 | $this->redirect('viewRequest', null, ['id' => $comment->getRequest()]); |
| 83 | 81 | } |
| 84 | 82 | } |
@@ -44,8 +44,7 @@ |
||
| 44 | 44 | $userObj = User::getByUsername($filterUser, $database); |
| 45 | 45 | if ($userObj !== false) { |
| 46 | 46 | $logSearch->byUser($userObj->getId()); |
| 47 | - } |
|
| 48 | - else { |
|
| 47 | + } else { |
|
| 49 | 48 | $logSearch->byUser(-1); |
| 50 | 49 | } |
| 51 | 50 | } |
@@ -18,64 +18,64 @@ |
||
| 18 | 18 | |
| 19 | 19 | class PageLog extends PagedInternalPageBase |
| 20 | 20 | { |
| 21 | - /** |
|
| 22 | - * Main function for this page, when no specific actions are called. |
|
| 23 | - */ |
|
| 24 | - protected function main() |
|
| 25 | - { |
|
| 26 | - $this->setHtmlTitle('Logs'); |
|
| 27 | - |
|
| 28 | - $filterUser = WebRequest::getString('filterUser'); |
|
| 29 | - $filterAction = WebRequest::getString('filterAction'); |
|
| 30 | - $filterObjectType = WebRequest::getString('filterObjectType'); |
|
| 31 | - $filterObjectId = WebRequest::getInt('filterObjectId'); |
|
| 32 | - |
|
| 33 | - $database = $this->getDatabase(); |
|
| 34 | - |
|
| 35 | - if (!array_key_exists($filterObjectType, LogHelper::getObjectTypes())) { |
|
| 36 | - $filterObjectType = null; |
|
| 37 | - } |
|
| 38 | - |
|
| 39 | - $this->addJs("/api.php?action=users&all=true&targetVariable=typeaheaddata"); |
|
| 40 | - |
|
| 41 | - // FIXME: domains |
|
| 42 | - $logSearch = LogSearchHelper::get($database, 1); |
|
| 43 | - |
|
| 44 | - if ($filterUser !== null) { |
|
| 45 | - $userObj = User::getByUsername($filterUser, $database); |
|
| 46 | - if ($userObj !== false) { |
|
| 47 | - $logSearch->byUser($userObj->getId()); |
|
| 48 | - } |
|
| 49 | - else { |
|
| 50 | - $logSearch->byUser(-1); |
|
| 51 | - } |
|
| 52 | - } |
|
| 53 | - if ($filterAction !== null) { |
|
| 54 | - $logSearch->byAction($filterAction); |
|
| 55 | - } |
|
| 56 | - if ($filterObjectType !== null) { |
|
| 57 | - $logSearch->byObjectType($filterObjectType); |
|
| 58 | - } |
|
| 59 | - if ($filterObjectId !== null) { |
|
| 60 | - $logSearch->byObjectId($filterObjectId); |
|
| 61 | - } |
|
| 62 | - |
|
| 63 | - $this->setSearchHelper($logSearch); |
|
| 64 | - $this->setupLimits(); |
|
| 65 | - |
|
| 66 | - /** @var Log[] $logs */ |
|
| 67 | - $logs = $logSearch->getRecordCount($count)->fetch(); |
|
| 68 | - |
|
| 69 | - list($users, $logData) = LogHelper::prepareLogsForTemplate($logs, $database, $this->getSiteConfiguration(), $this->getSecurityManager()); |
|
| 70 | - |
|
| 71 | - $this->setupPageData($count, array('filterUser' => $filterUser, 'filterAction' => $filterAction, 'filterObjectType' => $filterObjectType, 'filterObjectId' => $filterObjectId)); |
|
| 72 | - |
|
| 73 | - $this->assign("logs", $logData); |
|
| 74 | - $this->assign("users", $users); |
|
| 75 | - |
|
| 76 | - $this->assign('allLogActions', LogHelper::getLogActions($this->getDatabase())); |
|
| 77 | - $this->assign('allObjectTypes', LogHelper::getObjectTypes()); |
|
| 78 | - |
|
| 79 | - $this->setTemplate("logs/main.tpl"); |
|
| 80 | - } |
|
| 21 | + /** |
|
| 22 | + * Main function for this page, when no specific actions are called. |
|
| 23 | + */ |
|
| 24 | + protected function main() |
|
| 25 | + { |
|
| 26 | + $this->setHtmlTitle('Logs'); |
|
| 27 | + |
|
| 28 | + $filterUser = WebRequest::getString('filterUser'); |
|
| 29 | + $filterAction = WebRequest::getString('filterAction'); |
|
| 30 | + $filterObjectType = WebRequest::getString('filterObjectType'); |
|
| 31 | + $filterObjectId = WebRequest::getInt('filterObjectId'); |
|
| 32 | + |
|
| 33 | + $database = $this->getDatabase(); |
|
| 34 | + |
|
| 35 | + if (!array_key_exists($filterObjectType, LogHelper::getObjectTypes())) { |
|
| 36 | + $filterObjectType = null; |
|
| 37 | + } |
|
| 38 | + |
|
| 39 | + $this->addJs("/api.php?action=users&all=true&targetVariable=typeaheaddata"); |
|
| 40 | + |
|
| 41 | + // FIXME: domains |
|
| 42 | + $logSearch = LogSearchHelper::get($database, 1); |
|
| 43 | + |
|
| 44 | + if ($filterUser !== null) { |
|
| 45 | + $userObj = User::getByUsername($filterUser, $database); |
|
| 46 | + if ($userObj !== false) { |
|
| 47 | + $logSearch->byUser($userObj->getId()); |
|
| 48 | + } |
|
| 49 | + else { |
|
| 50 | + $logSearch->byUser(-1); |
|
| 51 | + } |
|
| 52 | + } |
|
| 53 | + if ($filterAction !== null) { |
|
| 54 | + $logSearch->byAction($filterAction); |
|
| 55 | + } |
|
| 56 | + if ($filterObjectType !== null) { |
|
| 57 | + $logSearch->byObjectType($filterObjectType); |
|
| 58 | + } |
|
| 59 | + if ($filterObjectId !== null) { |
|
| 60 | + $logSearch->byObjectId($filterObjectId); |
|
| 61 | + } |
|
| 62 | + |
|
| 63 | + $this->setSearchHelper($logSearch); |
|
| 64 | + $this->setupLimits(); |
|
| 65 | + |
|
| 66 | + /** @var Log[] $logs */ |
|
| 67 | + $logs = $logSearch->getRecordCount($count)->fetch(); |
|
| 68 | + |
|
| 69 | + list($users, $logData) = LogHelper::prepareLogsForTemplate($logs, $database, $this->getSiteConfiguration(), $this->getSecurityManager()); |
|
| 70 | + |
|
| 71 | + $this->setupPageData($count, array('filterUser' => $filterUser, 'filterAction' => $filterAction, 'filterObjectType' => $filterObjectType, 'filterObjectId' => $filterObjectId)); |
|
| 72 | + |
|
| 73 | + $this->assign("logs", $logData); |
|
| 74 | + $this->assign("users", $users); |
|
| 75 | + |
|
| 76 | + $this->assign('allLogActions', LogHelper::getLogActions($this->getDatabase())); |
|
| 77 | + $this->assign('allObjectTypes', LogHelper::getObjectTypes()); |
|
| 78 | + |
|
| 79 | + $this->setTemplate("logs/main.tpl"); |
|
| 80 | + } |
|
| 81 | 81 | } |
@@ -61,28 +61,23 @@ |
||
| 61 | 61 | |
| 62 | 62 | if ($request->getReserved() === $currentUser->getId()) { |
| 63 | 63 | $data['hiddenText'] = false; |
| 64 | - } |
|
| 65 | - else { |
|
| 64 | + } else { |
|
| 66 | 65 | $data['hiddenText'] = true; |
| 67 | 66 | } |
| 68 | 67 | } |
| 69 | 68 | |
| 70 | 69 | if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') { |
| 71 | 70 | $data['hidden'] = false; |
| 72 | - } |
|
| 73 | - elseif ($object->getVisibility() == 'admin') { |
|
| 71 | + } elseif ($object->getVisibility() == 'admin') { |
|
| 74 | 72 | if ($seeRestrictedComments) { |
| 75 | 73 | $data['hidden'] = false; |
| 76 | - } |
|
| 77 | - else { |
|
| 74 | + } else { |
|
| 78 | 75 | $data['hidden'] = true; |
| 79 | 76 | } |
| 80 | - } |
|
| 81 | - elseif ($object->getVisibility() == 'checkuser') { |
|
| 77 | + } elseif ($object->getVisibility() == 'checkuser') { |
|
| 82 | 78 | if ($seeCheckuserComments) { |
| 83 | 79 | $data['hidden'] = false; |
| 84 | - } |
|
| 85 | - else { |
|
| 80 | + } else { |
|
| 86 | 81 | $data['hidden'] = true; |
| 87 | 82 | } |
| 88 | 83 | } |
@@ -18,112 +18,112 @@ |
||
| 18 | 18 | |
| 19 | 19 | class PageListFlaggedComments extends InternalPageBase |
| 20 | 20 | { |
| 21 | - /** |
|
| 22 | - * @inheritDoc |
|
| 23 | - */ |
|
| 24 | - protected function main() |
|
| 25 | - { |
|
| 26 | - $this->setHtmlTitle('Flagged comments'); |
|
| 27 | - $this->setTemplate('flagged-comments.tpl'); |
|
| 28 | - |
|
| 29 | - $database = $this->getDatabase(); |
|
| 30 | - $this->assignCSRFToken(); |
|
| 31 | - |
|
| 32 | - /** @var Comment[] $commentObjects */ |
|
| 33 | - $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains |
|
| 34 | - $comments = []; |
|
| 35 | - |
|
| 36 | - $currentUser = User::getCurrent($database); |
|
| 37 | - |
|
| 38 | - $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData'); |
|
| 39 | - $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData'); |
|
| 40 | - $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData'); |
|
| 41 | - |
|
| 42 | - foreach ($commentObjects as $object) { |
|
| 43 | - $data = [ |
|
| 44 | - 'visibility' => $object->getVisibility(), |
|
| 45 | - 'hidden' => false, |
|
| 46 | - 'hiddenText' => false, |
|
| 47 | - ]; |
|
| 48 | - |
|
| 49 | - if (!$alwaysSeePrivateData) { |
|
| 50 | - // tl;dr: This is a stupid configuration, but let's account for it anyway. |
|
| 51 | - // |
|
| 52 | - // Flagged comments are treated as private data. If you don't have the privilege |
|
| 53 | - // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here. |
|
| 54 | - // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness |
|
| 55 | - // of this page. Still, we need to handle the case where we have access to this page, but not access |
|
| 56 | - // to private data. |
|
| 57 | - // At the time of writing, this case does not exist in the current role configuration, but for the role |
|
| 58 | - // configuration to be free of assumptions, we need this code. |
|
| 59 | - |
|
| 60 | - /** @var Request $request */ |
|
| 61 | - $request = Request::getById($object->getRequest(), $database); |
|
| 62 | - |
|
| 63 | - if ($request->getReserved() === $currentUser->getId()) { |
|
| 64 | - $data['hiddenText'] = false; |
|
| 65 | - } |
|
| 66 | - else { |
|
| 67 | - $data['hiddenText'] = true; |
|
| 68 | - } |
|
| 69 | - } |
|
| 70 | - |
|
| 71 | - if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') { |
|
| 72 | - $data['hidden'] = false; |
|
| 73 | - } |
|
| 74 | - elseif ($object->getVisibility() == 'admin') { |
|
| 75 | - if ($seeRestrictedComments) { |
|
| 76 | - $data['hidden'] = false; |
|
| 77 | - } |
|
| 78 | - else { |
|
| 79 | - $data['hidden'] = true; |
|
| 80 | - } |
|
| 81 | - } |
|
| 82 | - elseif ($object->getVisibility() == 'checkuser') { |
|
| 83 | - if ($seeCheckuserComments) { |
|
| 84 | - $data['hidden'] = false; |
|
| 85 | - } |
|
| 86 | - else { |
|
| 87 | - $data['hidden'] = true; |
|
| 88 | - } |
|
| 89 | - } |
|
| 90 | - |
|
| 91 | - $this->copyCommentData($object, $data, $database); |
|
| 92 | - |
|
| 93 | - $comments[] = $data; |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - $this->assign('comments', $comments); |
|
| 97 | - $this->assign('seeRestrictedComments', $seeRestrictedComments); |
|
| 98 | - $this->assign('seeCheckuserComments', $seeCheckuserComments); |
|
| 99 | - |
|
| 100 | - $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class)); |
|
| 101 | - $this->assign('editComments', $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageEditComment::class)); |
|
| 102 | - $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageFlagComment::class)); |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void |
|
| 106 | - { |
|
| 107 | - if ($data['hidden']) { |
|
| 108 | - // All details hidden, so don't copy anything. |
|
| 109 | - return; |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - /** @var Request $request */ |
|
| 113 | - $request = Request::getById($object->getRequest(), $database); |
|
| 114 | - |
|
| 115 | - if (!$data['hiddenText']) { |
|
| 116 | - // Comment text is hidden, but presence of the comment is visible. |
|
| 117 | - $data['comment'] = $object->getComment(); |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - $data['id'] = $object->getId(); |
|
| 121 | - $data['updateversion'] = $object->getUpdateVersion(); |
|
| 122 | - $data['time'] = $object->getTime(); |
|
| 123 | - $data['requestid'] = $object->getRequest(); |
|
| 124 | - $data['request'] = $request->getName(); |
|
| 125 | - $data['requeststatus'] = $request->getStatus(); |
|
| 126 | - $data['userid'] = $object->getUser(); |
|
| 127 | - $data['user'] = User::getById($object->getUser(), $database)->getUsername(); |
|
| 128 | - } |
|
| 21 | + /** |
|
| 22 | + * @inheritDoc |
|
| 23 | + */ |
|
| 24 | + protected function main() |
|
| 25 | + { |
|
| 26 | + $this->setHtmlTitle('Flagged comments'); |
|
| 27 | + $this->setTemplate('flagged-comments.tpl'); |
|
| 28 | + |
|
| 29 | + $database = $this->getDatabase(); |
|
| 30 | + $this->assignCSRFToken(); |
|
| 31 | + |
|
| 32 | + /** @var Comment[] $commentObjects */ |
|
| 33 | + $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains |
|
| 34 | + $comments = []; |
|
| 35 | + |
|
| 36 | + $currentUser = User::getCurrent($database); |
|
| 37 | + |
|
| 38 | + $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData'); |
|
| 39 | + $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData'); |
|
| 40 | + $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData'); |
|
| 41 | + |
|
| 42 | + foreach ($commentObjects as $object) { |
|
| 43 | + $data = [ |
|
| 44 | + 'visibility' => $object->getVisibility(), |
|
| 45 | + 'hidden' => false, |
|
| 46 | + 'hiddenText' => false, |
|
| 47 | + ]; |
|
| 48 | + |
|
| 49 | + if (!$alwaysSeePrivateData) { |
|
| 50 | + // tl;dr: This is a stupid configuration, but let's account for it anyway. |
|
| 51 | + // |
|
| 52 | + // Flagged comments are treated as private data. If you don't have the privilege |
|
| 53 | + // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here. |
|
| 54 | + // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness |
|
| 55 | + // of this page. Still, we need to handle the case where we have access to this page, but not access |
|
| 56 | + // to private data. |
|
| 57 | + // At the time of writing, this case does not exist in the current role configuration, but for the role |
|
| 58 | + // configuration to be free of assumptions, we need this code. |
|
| 59 | + |
|
| 60 | + /** @var Request $request */ |
|
| 61 | + $request = Request::getById($object->getRequest(), $database); |
|
| 62 | + |
|
| 63 | + if ($request->getReserved() === $currentUser->getId()) { |
|
| 64 | + $data['hiddenText'] = false; |
|
| 65 | + } |
|
| 66 | + else { |
|
| 67 | + $data['hiddenText'] = true; |
|
| 68 | + } |
|
| 69 | + } |
|
| 70 | + |
|
| 71 | + if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') { |
|
| 72 | + $data['hidden'] = false; |
|
| 73 | + } |
|
| 74 | + elseif ($object->getVisibility() == 'admin') { |
|
| 75 | + if ($seeRestrictedComments) { |
|
| 76 | + $data['hidden'] = false; |
|
| 77 | + } |
|
| 78 | + else { |
|
| 79 | + $data['hidden'] = true; |
|
| 80 | + } |
|
| 81 | + } |
|
| 82 | + elseif ($object->getVisibility() == 'checkuser') { |
|
| 83 | + if ($seeCheckuserComments) { |
|
| 84 | + $data['hidden'] = false; |
|
| 85 | + } |
|
| 86 | + else { |
|
| 87 | + $data['hidden'] = true; |
|
| 88 | + } |
|
| 89 | + } |
|
| 90 | + |
|
| 91 | + $this->copyCommentData($object, $data, $database); |
|
| 92 | + |
|
| 93 | + $comments[] = $data; |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + $this->assign('comments', $comments); |
|
| 97 | + $this->assign('seeRestrictedComments', $seeRestrictedComments); |
|
| 98 | + $this->assign('seeCheckuserComments', $seeCheckuserComments); |
|
| 99 | + |
|
| 100 | + $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class)); |
|
| 101 | + $this->assign('editComments', $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageEditComment::class)); |
|
| 102 | + $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageFlagComment::class)); |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void |
|
| 106 | + { |
|
| 107 | + if ($data['hidden']) { |
|
| 108 | + // All details hidden, so don't copy anything. |
|
| 109 | + return; |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + /** @var Request $request */ |
|
| 113 | + $request = Request::getById($object->getRequest(), $database); |
|
| 114 | + |
|
| 115 | + if (!$data['hiddenText']) { |
|
| 116 | + // Comment text is hidden, but presence of the comment is visible. |
|
| 117 | + $data['comment'] = $object->getComment(); |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + $data['id'] = $object->getId(); |
|
| 121 | + $data['updateversion'] = $object->getUpdateVersion(); |
|
| 122 | + $data['time'] = $object->getTime(); |
|
| 123 | + $data['requestid'] = $object->getRequest(); |
|
| 124 | + $data['request'] = $request->getName(); |
|
| 125 | + $data['requeststatus'] = $request->getStatus(); |
|
| 126 | + $data['userid'] = $object->getUser(); |
|
| 127 | + $data['user'] = User::getById($object->getUser(), $database)->getUsername(); |
|
| 128 | + } |
|
| 129 | 129 | } |
| 130 | 130 | \ No newline at end of file |
@@ -22,292 +22,292 @@ |
||
| 22 | 22 | |
| 23 | 23 | class PageRequestFormManagement extends InternalPageBase |
| 24 | 24 | { |
| 25 | - protected function main() |
|
| 26 | - { |
|
| 27 | - $this->setHtmlTitle('Request Form Management'); |
|
| 28 | - |
|
| 29 | - $database = $this->getDatabase(); |
|
| 30 | - $domainId = Domain::getCurrent($database)->getId(); |
|
| 31 | - $forms = RequestForm::getAllForms($database, $domainId); |
|
| 32 | - $this->assign('forms', $forms); |
|
| 33 | - |
|
| 34 | - $queues = []; |
|
| 35 | - foreach ($forms as $f) { |
|
| 36 | - $queueId = $f->getOverrideQueue(); |
|
| 37 | - if ($queueId !== null) { |
|
| 38 | - if (!isset($queues[$queueId])) { |
|
| 39 | - /** @var RequestQueue $queue */ |
|
| 40 | - $queue = RequestQueue::getById($queueId, $this->getDatabase()); |
|
| 41 | - |
|
| 42 | - if ($queue->getDomain() == $domainId) { |
|
| 43 | - $queues[$queueId] = $queue; |
|
| 44 | - } |
|
| 45 | - } |
|
| 46 | - } |
|
| 47 | - } |
|
| 48 | - |
|
| 49 | - $this->assign('queues', $queues); |
|
| 50 | - |
|
| 51 | - $user = User::getCurrent($database); |
|
| 52 | - $this->assign('canCreate', $this->barrierTest('create', $user)); |
|
| 53 | - $this->assign('canEdit', $this->barrierTest('edit', $user)); |
|
| 54 | - $this->assign('canView', $this->barrierTest('view', $user)); |
|
| 55 | - |
|
| 56 | - $this->setTemplate('form-management/main.tpl'); |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - protected function preview() { |
|
| 60 | - $previewContent = WebRequest::getSessionContext('preview'); |
|
| 61 | - |
|
| 62 | - $renderer = new MarkdownRenderingHelper(); |
|
| 63 | - $this->assign('renderedContent', $renderer->doRender($previewContent['main'])); |
|
| 64 | - $this->assign('username', $renderer->doRenderInline($previewContent['username'])); |
|
| 65 | - $this->assign('email', $renderer->doRenderInline($previewContent['email'])); |
|
| 66 | - $this->assign('comment', $renderer->doRenderInline($previewContent['comment'])); |
|
| 67 | - |
|
| 68 | - $this->setTemplate('form-management/preview.tpl'); |
|
| 69 | - } |
|
| 70 | - |
|
| 71 | - protected function create() |
|
| 72 | - { |
|
| 73 | - if (WebRequest::wasPosted()) { |
|
| 74 | - $this->validateCSRFToken(); |
|
| 75 | - $database = $this->getDatabase(); |
|
| 76 | - $domainId = Domain::getCurrent($database)->getId(); |
|
| 77 | - |
|
| 78 | - $form = new RequestForm(); |
|
| 79 | - |
|
| 80 | - $form->setDatabase($database); |
|
| 81 | - $form->setDomain($domainId); |
|
| 82 | - |
|
| 83 | - $this->setupObjectFromPost($form); |
|
| 84 | - $form->setPublicEndpoint(WebRequest::postString('endpoint')); |
|
| 85 | - |
|
| 86 | - if (WebRequest::postString("preview") === "preview") { |
|
| 87 | - $this->populateFromObject($form); |
|
| 88 | - |
|
| 89 | - WebRequest::setSessionContext('preview', [ |
|
| 90 | - 'main' => $form->getFormContent(), |
|
| 91 | - 'username' => $form->getUsernameHelp(), |
|
| 92 | - 'email' => $form->getEmailHelp(), |
|
| 93 | - 'comment' => $form->getCommentHelp(), |
|
| 94 | - ]); |
|
| 95 | - |
|
| 96 | - $this->assign('createMode', true); |
|
| 97 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 98 | - |
|
| 99 | - return; |
|
| 100 | - } |
|
| 101 | - |
|
| 102 | - $proceed = true; |
|
| 103 | - |
|
| 104 | - if (RequestForm::getByPublicEndpoint($database, $form->getPublicEndpoint(), $domainId) !== false) { |
|
| 105 | - SessionAlert::error("The chosen public endpoint is already in use. Please choose another."); |
|
| 106 | - $proceed = false; |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - if (preg_match('/^[A-Za-z][a-zA-Z0-9-]*$/', $form->getPublicEndpoint()) !== 1) { |
|
| 110 | - SessionAlert::error("The chosen public endpoint contains invalid characters"); |
|
| 111 | - $proceed = false; |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - if (RequestForm::getByName($database, $form->getName(), $domainId) !== false) { |
|
| 115 | - SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 116 | - $proceed = false; |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - if ($form->getOverrideQueue() !== null) { |
|
| 120 | - /** @var RequestQueue|bool $queue */ |
|
| 121 | - $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 122 | - if ($queue === false || $queue->getDomain() !== $domainId || !$queue->isEnabled()) { |
|
| 123 | - SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 124 | - $proceed = false; |
|
| 125 | - } |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - if ($proceed) { |
|
| 129 | - $form->save(); |
|
| 130 | - Logger::requestFormCreated($database, $form); |
|
| 131 | - $this->redirect('requestFormManagement'); |
|
| 132 | - } |
|
| 133 | - else { |
|
| 134 | - $this->populateFromObject($form); |
|
| 135 | - WebRequest::setSessionContext('preview', [ |
|
| 136 | - 'main' => $form->getFormContent(), |
|
| 137 | - 'username' => $form->getUsernameHelp(), |
|
| 138 | - 'email' => $form->getEmailHelp(), |
|
| 139 | - 'comment' => $form->getCommentHelp(), |
|
| 140 | - ]); |
|
| 141 | - |
|
| 142 | - $this->assign('createMode', true); |
|
| 143 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 144 | - } |
|
| 145 | - } |
|
| 146 | - else { |
|
| 147 | - $this->populateFromObject(new RequestForm()); |
|
| 148 | - WebRequest::setSessionContext('preview', null); |
|
| 149 | - $this->assign('hidePreview', true); |
|
| 150 | - |
|
| 151 | - $this->assignCSRFToken(); |
|
| 152 | - $this->assign('createMode', true); |
|
| 153 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 154 | - } |
|
| 155 | - } |
|
| 156 | - |
|
| 157 | - protected function view() |
|
| 158 | - { |
|
| 159 | - $database = $this->getDatabase(); |
|
| 160 | - |
|
| 161 | - /** @var RequestForm $form */ |
|
| 162 | - $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 163 | - |
|
| 164 | - if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 165 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 166 | - } |
|
| 167 | - |
|
| 168 | - $this->populateFromObject($form); |
|
| 169 | - |
|
| 170 | - if ($form->getOverrideQueue() !== null) { |
|
| 171 | - $this->assign('queueObject', RequestQueue::getById($form->getOverrideQueue(), $database)); |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - WebRequest::setSessionContext('preview', [ |
|
| 175 | - 'main' => $form->getFormContent(), |
|
| 176 | - 'username' => $form->getUsernameHelp(), |
|
| 177 | - 'email' => $form->getEmailHelp(), |
|
| 178 | - 'comment' => $form->getCommentHelp(), |
|
| 179 | - ]); |
|
| 180 | - |
|
| 181 | - $renderer = new MarkdownRenderingHelper(); |
|
| 182 | - $this->assign('renderedContent', $renderer->doRender($form->getFormContent())); |
|
| 183 | - |
|
| 184 | - $this->setTemplate('form-management/view.tpl'); |
|
| 185 | - } |
|
| 186 | - |
|
| 187 | - protected function edit() |
|
| 188 | - { |
|
| 189 | - $database = $this->getDatabase(); |
|
| 190 | - |
|
| 191 | - /** @var RequestForm $form */ |
|
| 192 | - $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 193 | - |
|
| 194 | - if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 195 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 196 | - } |
|
| 197 | - |
|
| 198 | - if (WebRequest::wasPosted()) { |
|
| 199 | - $this->validateCSRFToken(); |
|
| 200 | - |
|
| 201 | - $this->setupObjectFromPost($form); |
|
| 202 | - |
|
| 203 | - if (WebRequest::postString("preview") === "preview") { |
|
| 204 | - $this->populateFromObject($form); |
|
| 205 | - |
|
| 206 | - WebRequest::setSessionContext('preview', [ |
|
| 207 | - 'main' => $form->getFormContent(), |
|
| 208 | - 'username' => $form->getUsernameHelp(), |
|
| 209 | - 'email' => $form->getEmailHelp(), |
|
| 210 | - 'comment' => $form->getCommentHelp(), |
|
| 211 | - ]); |
|
| 212 | - |
|
| 213 | - $this->assign('createMode', false); |
|
| 214 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 215 | - |
|
| 216 | - return; |
|
| 217 | - } |
|
| 218 | - |
|
| 219 | - $proceed = true; |
|
| 220 | - |
|
| 221 | - $foundForm = RequestForm::getByName($database, $form->getName(), $form->getDomain()); |
|
| 222 | - if ($foundForm !== false && $foundForm->getId() !== $form->getId()) { |
|
| 223 | - SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 224 | - $proceed = false; |
|
| 225 | - } |
|
| 226 | - |
|
| 227 | - if ($form->getOverrideQueue() !== null) { |
|
| 228 | - /** @var RequestQueue $queue */ |
|
| 229 | - $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 230 | - if ($queue === false || $queue->getDomain() !== $form->getDomain() || !$queue->isEnabled()) { |
|
| 231 | - SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 232 | - $proceed = false; |
|
| 233 | - } |
|
| 234 | - } |
|
| 235 | - |
|
| 236 | - if ($proceed) { |
|
| 237 | - Logger::requestFormEdited($database, $form); |
|
| 238 | - $form->save(); |
|
| 239 | - $this->redirect('requestFormManagement'); |
|
| 240 | - } |
|
| 241 | - else { |
|
| 242 | - $this->populateFromObject($form); |
|
| 243 | - WebRequest::setSessionContext('preview', [ |
|
| 244 | - 'main' => $form->getFormContent(), |
|
| 245 | - 'username' => $form->getUsernameHelp(), |
|
| 246 | - 'email' => $form->getEmailHelp(), |
|
| 247 | - 'comment' => $form->getCommentHelp(), |
|
| 248 | - ]); |
|
| 249 | - |
|
| 250 | - $this->assign('createMode', false); |
|
| 251 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 252 | - } |
|
| 253 | - } |
|
| 254 | - else { |
|
| 255 | - $this->populateFromObject($form); |
|
| 256 | - WebRequest::setSessionContext('preview', [ |
|
| 257 | - 'main' => $form->getFormContent(), |
|
| 258 | - 'username' => $form->getUsernameHelp(), |
|
| 259 | - 'email' => $form->getEmailHelp(), |
|
| 260 | - 'comment' => $form->getCommentHelp(), |
|
| 261 | - ]); |
|
| 262 | - |
|
| 263 | - $this->assign('createMode', false); |
|
| 264 | - $this->setTemplate('form-management/edit.tpl'); |
|
| 265 | - } |
|
| 266 | - } |
|
| 267 | - |
|
| 268 | - /** |
|
| 269 | - * @param RequestForm $form |
|
| 270 | - */ |
|
| 271 | - protected function populateFromObject(RequestForm $form): void |
|
| 272 | - { |
|
| 273 | - $this->assignCSRFToken(); |
|
| 274 | - |
|
| 275 | - $this->assign('name', $form->getName()); |
|
| 276 | - $this->assign('enabled', $form->isEnabled()); |
|
| 277 | - $this->assign('endpoint', $form->getPublicEndpoint()); |
|
| 278 | - $this->assign('queue', $form->getOverrideQueue()); |
|
| 279 | - $this->assign('content', $form->getFormContent()); |
|
| 280 | - $this->assign('username', $form->getUsernameHelp()); |
|
| 281 | - $this->assign('email', $form->getEmailHelp()); |
|
| 282 | - $this->assign('comment', $form->getCommentHelp()); |
|
| 283 | - |
|
| 284 | - $this->assign('domain', $form->getDomainObject()); |
|
| 285 | - |
|
| 286 | - $this->assign('availableQueues', RequestQueue::getEnabledQueues($this->getDatabase())); |
|
| 287 | - } |
|
| 288 | - |
|
| 289 | - /** |
|
| 290 | - * @param RequestForm $form |
|
| 291 | - * |
|
| 292 | - * @return void |
|
| 293 | - * @throws ApplicationLogicException |
|
| 294 | - */ |
|
| 295 | - protected function setupObjectFromPost(RequestForm $form): void |
|
| 296 | - { |
|
| 297 | - if (WebRequest::postString('content') === null |
|
| 298 | - || WebRequest::postString('username') === null |
|
| 299 | - || WebRequest::postString('email') === null |
|
| 300 | - || WebRequest::postString('comment') === null |
|
| 301 | - ) { |
|
| 302 | - throw new ApplicationLogicException("Form content, username help, email help, and comment help are all required fields."); |
|
| 303 | - } |
|
| 304 | - |
|
| 305 | - $form->setName(WebRequest::postString('name')); |
|
| 306 | - $form->setEnabled(WebRequest::postBoolean('enabled')); |
|
| 307 | - $form->setFormContent(WebRequest::postString('content')); |
|
| 308 | - $form->setOverrideQueue(WebRequest::postInt('queue')); |
|
| 309 | - $form->setUsernameHelp(WebRequest::postString('username')); |
|
| 310 | - $form->setEmailHelp(WebRequest::postString('email')); |
|
| 311 | - $form->setCommentHelp(WebRequest::postString('comment')); |
|
| 312 | - } |
|
| 25 | + protected function main() |
|
| 26 | + { |
|
| 27 | + $this->setHtmlTitle('Request Form Management'); |
|
| 28 | + |
|
| 29 | + $database = $this->getDatabase(); |
|
| 30 | + $domainId = Domain::getCurrent($database)->getId(); |
|
| 31 | + $forms = RequestForm::getAllForms($database, $domainId); |
|
| 32 | + $this->assign('forms', $forms); |
|
| 33 | + |
|
| 34 | + $queues = []; |
|
| 35 | + foreach ($forms as $f) { |
|
| 36 | + $queueId = $f->getOverrideQueue(); |
|
| 37 | + if ($queueId !== null) { |
|
| 38 | + if (!isset($queues[$queueId])) { |
|
| 39 | + /** @var RequestQueue $queue */ |
|
| 40 | + $queue = RequestQueue::getById($queueId, $this->getDatabase()); |
|
| 41 | + |
|
| 42 | + if ($queue->getDomain() == $domainId) { |
|
| 43 | + $queues[$queueId] = $queue; |
|
| 44 | + } |
|
| 45 | + } |
|
| 46 | + } |
|
| 47 | + } |
|
| 48 | + |
|
| 49 | + $this->assign('queues', $queues); |
|
| 50 | + |
|
| 51 | + $user = User::getCurrent($database); |
|
| 52 | + $this->assign('canCreate', $this->barrierTest('create', $user)); |
|
| 53 | + $this->assign('canEdit', $this->barrierTest('edit', $user)); |
|
| 54 | + $this->assign('canView', $this->barrierTest('view', $user)); |
|
| 55 | + |
|
| 56 | + $this->setTemplate('form-management/main.tpl'); |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + protected function preview() { |
|
| 60 | + $previewContent = WebRequest::getSessionContext('preview'); |
|
| 61 | + |
|
| 62 | + $renderer = new MarkdownRenderingHelper(); |
|
| 63 | + $this->assign('renderedContent', $renderer->doRender($previewContent['main'])); |
|
| 64 | + $this->assign('username', $renderer->doRenderInline($previewContent['username'])); |
|
| 65 | + $this->assign('email', $renderer->doRenderInline($previewContent['email'])); |
|
| 66 | + $this->assign('comment', $renderer->doRenderInline($previewContent['comment'])); |
|
| 67 | + |
|
| 68 | + $this->setTemplate('form-management/preview.tpl'); |
|
| 69 | + } |
|
| 70 | + |
|
| 71 | + protected function create() |
|
| 72 | + { |
|
| 73 | + if (WebRequest::wasPosted()) { |
|
| 74 | + $this->validateCSRFToken(); |
|
| 75 | + $database = $this->getDatabase(); |
|
| 76 | + $domainId = Domain::getCurrent($database)->getId(); |
|
| 77 | + |
|
| 78 | + $form = new RequestForm(); |
|
| 79 | + |
|
| 80 | + $form->setDatabase($database); |
|
| 81 | + $form->setDomain($domainId); |
|
| 82 | + |
|
| 83 | + $this->setupObjectFromPost($form); |
|
| 84 | + $form->setPublicEndpoint(WebRequest::postString('endpoint')); |
|
| 85 | + |
|
| 86 | + if (WebRequest::postString("preview") === "preview") { |
|
| 87 | + $this->populateFromObject($form); |
|
| 88 | + |
|
| 89 | + WebRequest::setSessionContext('preview', [ |
|
| 90 | + 'main' => $form->getFormContent(), |
|
| 91 | + 'username' => $form->getUsernameHelp(), |
|
| 92 | + 'email' => $form->getEmailHelp(), |
|
| 93 | + 'comment' => $form->getCommentHelp(), |
|
| 94 | + ]); |
|
| 95 | + |
|
| 96 | + $this->assign('createMode', true); |
|
| 97 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 98 | + |
|
| 99 | + return; |
|
| 100 | + } |
|
| 101 | + |
|
| 102 | + $proceed = true; |
|
| 103 | + |
|
| 104 | + if (RequestForm::getByPublicEndpoint($database, $form->getPublicEndpoint(), $domainId) !== false) { |
|
| 105 | + SessionAlert::error("The chosen public endpoint is already in use. Please choose another."); |
|
| 106 | + $proceed = false; |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + if (preg_match('/^[A-Za-z][a-zA-Z0-9-]*$/', $form->getPublicEndpoint()) !== 1) { |
|
| 110 | + SessionAlert::error("The chosen public endpoint contains invalid characters"); |
|
| 111 | + $proceed = false; |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + if (RequestForm::getByName($database, $form->getName(), $domainId) !== false) { |
|
| 115 | + SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 116 | + $proceed = false; |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + if ($form->getOverrideQueue() !== null) { |
|
| 120 | + /** @var RequestQueue|bool $queue */ |
|
| 121 | + $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 122 | + if ($queue === false || $queue->getDomain() !== $domainId || !$queue->isEnabled()) { |
|
| 123 | + SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 124 | + $proceed = false; |
|
| 125 | + } |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + if ($proceed) { |
|
| 129 | + $form->save(); |
|
| 130 | + Logger::requestFormCreated($database, $form); |
|
| 131 | + $this->redirect('requestFormManagement'); |
|
| 132 | + } |
|
| 133 | + else { |
|
| 134 | + $this->populateFromObject($form); |
|
| 135 | + WebRequest::setSessionContext('preview', [ |
|
| 136 | + 'main' => $form->getFormContent(), |
|
| 137 | + 'username' => $form->getUsernameHelp(), |
|
| 138 | + 'email' => $form->getEmailHelp(), |
|
| 139 | + 'comment' => $form->getCommentHelp(), |
|
| 140 | + ]); |
|
| 141 | + |
|
| 142 | + $this->assign('createMode', true); |
|
| 143 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 144 | + } |
|
| 145 | + } |
|
| 146 | + else { |
|
| 147 | + $this->populateFromObject(new RequestForm()); |
|
| 148 | + WebRequest::setSessionContext('preview', null); |
|
| 149 | + $this->assign('hidePreview', true); |
|
| 150 | + |
|
| 151 | + $this->assignCSRFToken(); |
|
| 152 | + $this->assign('createMode', true); |
|
| 153 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 154 | + } |
|
| 155 | + } |
|
| 156 | + |
|
| 157 | + protected function view() |
|
| 158 | + { |
|
| 159 | + $database = $this->getDatabase(); |
|
| 160 | + |
|
| 161 | + /** @var RequestForm $form */ |
|
| 162 | + $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 163 | + |
|
| 164 | + if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 165 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 166 | + } |
|
| 167 | + |
|
| 168 | + $this->populateFromObject($form); |
|
| 169 | + |
|
| 170 | + if ($form->getOverrideQueue() !== null) { |
|
| 171 | + $this->assign('queueObject', RequestQueue::getById($form->getOverrideQueue(), $database)); |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + WebRequest::setSessionContext('preview', [ |
|
| 175 | + 'main' => $form->getFormContent(), |
|
| 176 | + 'username' => $form->getUsernameHelp(), |
|
| 177 | + 'email' => $form->getEmailHelp(), |
|
| 178 | + 'comment' => $form->getCommentHelp(), |
|
| 179 | + ]); |
|
| 180 | + |
|
| 181 | + $renderer = new MarkdownRenderingHelper(); |
|
| 182 | + $this->assign('renderedContent', $renderer->doRender($form->getFormContent())); |
|
| 183 | + |
|
| 184 | + $this->setTemplate('form-management/view.tpl'); |
|
| 185 | + } |
|
| 186 | + |
|
| 187 | + protected function edit() |
|
| 188 | + { |
|
| 189 | + $database = $this->getDatabase(); |
|
| 190 | + |
|
| 191 | + /** @var RequestForm $form */ |
|
| 192 | + $form = RequestForm::getById(WebRequest::getInt('form'), $database); |
|
| 193 | + |
|
| 194 | + if ($form->getDomain() !== Domain::getCurrent($database)->getId()) { |
|
| 195 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 196 | + } |
|
| 197 | + |
|
| 198 | + if (WebRequest::wasPosted()) { |
|
| 199 | + $this->validateCSRFToken(); |
|
| 200 | + |
|
| 201 | + $this->setupObjectFromPost($form); |
|
| 202 | + |
|
| 203 | + if (WebRequest::postString("preview") === "preview") { |
|
| 204 | + $this->populateFromObject($form); |
|
| 205 | + |
|
| 206 | + WebRequest::setSessionContext('preview', [ |
|
| 207 | + 'main' => $form->getFormContent(), |
|
| 208 | + 'username' => $form->getUsernameHelp(), |
|
| 209 | + 'email' => $form->getEmailHelp(), |
|
| 210 | + 'comment' => $form->getCommentHelp(), |
|
| 211 | + ]); |
|
| 212 | + |
|
| 213 | + $this->assign('createMode', false); |
|
| 214 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 215 | + |
|
| 216 | + return; |
|
| 217 | + } |
|
| 218 | + |
|
| 219 | + $proceed = true; |
|
| 220 | + |
|
| 221 | + $foundForm = RequestForm::getByName($database, $form->getName(), $form->getDomain()); |
|
| 222 | + if ($foundForm !== false && $foundForm->getId() !== $form->getId()) { |
|
| 223 | + SessionAlert::error("The chosen name is already in use. Please choose another."); |
|
| 224 | + $proceed = false; |
|
| 225 | + } |
|
| 226 | + |
|
| 227 | + if ($form->getOverrideQueue() !== null) { |
|
| 228 | + /** @var RequestQueue $queue */ |
|
| 229 | + $queue = RequestQueue::getById($form->getOverrideQueue(), $database); |
|
| 230 | + if ($queue === false || $queue->getDomain() !== $form->getDomain() || !$queue->isEnabled()) { |
|
| 231 | + SessionAlert::error("The chosen queue does not exist or is disabled."); |
|
| 232 | + $proceed = false; |
|
| 233 | + } |
|
| 234 | + } |
|
| 235 | + |
|
| 236 | + if ($proceed) { |
|
| 237 | + Logger::requestFormEdited($database, $form); |
|
| 238 | + $form->save(); |
|
| 239 | + $this->redirect('requestFormManagement'); |
|
| 240 | + } |
|
| 241 | + else { |
|
| 242 | + $this->populateFromObject($form); |
|
| 243 | + WebRequest::setSessionContext('preview', [ |
|
| 244 | + 'main' => $form->getFormContent(), |
|
| 245 | + 'username' => $form->getUsernameHelp(), |
|
| 246 | + 'email' => $form->getEmailHelp(), |
|
| 247 | + 'comment' => $form->getCommentHelp(), |
|
| 248 | + ]); |
|
| 249 | + |
|
| 250 | + $this->assign('createMode', false); |
|
| 251 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 252 | + } |
|
| 253 | + } |
|
| 254 | + else { |
|
| 255 | + $this->populateFromObject($form); |
|
| 256 | + WebRequest::setSessionContext('preview', [ |
|
| 257 | + 'main' => $form->getFormContent(), |
|
| 258 | + 'username' => $form->getUsernameHelp(), |
|
| 259 | + 'email' => $form->getEmailHelp(), |
|
| 260 | + 'comment' => $form->getCommentHelp(), |
|
| 261 | + ]); |
|
| 262 | + |
|
| 263 | + $this->assign('createMode', false); |
|
| 264 | + $this->setTemplate('form-management/edit.tpl'); |
|
| 265 | + } |
|
| 266 | + } |
|
| 267 | + |
|
| 268 | + /** |
|
| 269 | + * @param RequestForm $form |
|
| 270 | + */ |
|
| 271 | + protected function populateFromObject(RequestForm $form): void |
|
| 272 | + { |
|
| 273 | + $this->assignCSRFToken(); |
|
| 274 | + |
|
| 275 | + $this->assign('name', $form->getName()); |
|
| 276 | + $this->assign('enabled', $form->isEnabled()); |
|
| 277 | + $this->assign('endpoint', $form->getPublicEndpoint()); |
|
| 278 | + $this->assign('queue', $form->getOverrideQueue()); |
|
| 279 | + $this->assign('content', $form->getFormContent()); |
|
| 280 | + $this->assign('username', $form->getUsernameHelp()); |
|
| 281 | + $this->assign('email', $form->getEmailHelp()); |
|
| 282 | + $this->assign('comment', $form->getCommentHelp()); |
|
| 283 | + |
|
| 284 | + $this->assign('domain', $form->getDomainObject()); |
|
| 285 | + |
|
| 286 | + $this->assign('availableQueues', RequestQueue::getEnabledQueues($this->getDatabase())); |
|
| 287 | + } |
|
| 288 | + |
|
| 289 | + /** |
|
| 290 | + * @param RequestForm $form |
|
| 291 | + * |
|
| 292 | + * @return void |
|
| 293 | + * @throws ApplicationLogicException |
|
| 294 | + */ |
|
| 295 | + protected function setupObjectFromPost(RequestForm $form): void |
|
| 296 | + { |
|
| 297 | + if (WebRequest::postString('content') === null |
|
| 298 | + || WebRequest::postString('username') === null |
|
| 299 | + || WebRequest::postString('email') === null |
|
| 300 | + || WebRequest::postString('comment') === null |
|
| 301 | + ) { |
|
| 302 | + throw new ApplicationLogicException("Form content, username help, email help, and comment help are all required fields."); |
|
| 303 | + } |
|
| 304 | + |
|
| 305 | + $form->setName(WebRequest::postString('name')); |
|
| 306 | + $form->setEnabled(WebRequest::postBoolean('enabled')); |
|
| 307 | + $form->setFormContent(WebRequest::postString('content')); |
|
| 308 | + $form->setOverrideQueue(WebRequest::postInt('queue')); |
|
| 309 | + $form->setUsernameHelp(WebRequest::postString('username')); |
|
| 310 | + $form->setEmailHelp(WebRequest::postString('email')); |
|
| 311 | + $form->setCommentHelp(WebRequest::postString('comment')); |
|
| 312 | + } |
|
| 313 | 313 | } |
@@ -56,7 +56,8 @@ discard block |
||
| 56 | 56 | $this->setTemplate('form-management/main.tpl'); |
| 57 | 57 | } |
| 58 | 58 | |
| 59 | - protected function preview() { |
|
| 59 | + protected function preview() |
|
| 60 | + { |
|
| 60 | 61 | $previewContent = WebRequest::getSessionContext('preview'); |
| 61 | 62 | |
| 62 | 63 | $renderer = new MarkdownRenderingHelper(); |
@@ -129,8 +130,7 @@ discard block |
||
| 129 | 130 | $form->save(); |
| 130 | 131 | Logger::requestFormCreated($database, $form); |
| 131 | 132 | $this->redirect('requestFormManagement'); |
| 132 | - } |
|
| 133 | - else { |
|
| 133 | + } else { |
|
| 134 | 134 | $this->populateFromObject($form); |
| 135 | 135 | WebRequest::setSessionContext('preview', [ |
| 136 | 136 | 'main' => $form->getFormContent(), |
@@ -142,8 +142,7 @@ discard block |
||
| 142 | 142 | $this->assign('createMode', true); |
| 143 | 143 | $this->setTemplate('form-management/edit.tpl'); |
| 144 | 144 | } |
| 145 | - } |
|
| 146 | - else { |
|
| 145 | + } else { |
|
| 147 | 146 | $this->populateFromObject(new RequestForm()); |
| 148 | 147 | WebRequest::setSessionContext('preview', null); |
| 149 | 148 | $this->assign('hidePreview', true); |
@@ -237,8 +236,7 @@ discard block |
||
| 237 | 236 | Logger::requestFormEdited($database, $form); |
| 238 | 237 | $form->save(); |
| 239 | 238 | $this->redirect('requestFormManagement'); |
| 240 | - } |
|
| 241 | - else { |
|
| 239 | + } else { |
|
| 242 | 240 | $this->populateFromObject($form); |
| 243 | 241 | WebRequest::setSessionContext('preview', [ |
| 244 | 242 | 'main' => $form->getFormContent(), |
@@ -250,8 +248,7 @@ discard block |
||
| 250 | 248 | $this->assign('createMode', false); |
| 251 | 249 | $this->setTemplate('form-management/edit.tpl'); |
| 252 | 250 | } |
| 253 | - } |
|
| 254 | - else { |
|
| 251 | + } else { |
|
| 255 | 252 | $this->populateFromObject($form); |
| 256 | 253 | WebRequest::setSessionContext('preview', [ |
| 257 | 254 | 'main' => $form->getFormContent(), |
@@ -13,31 +13,31 @@ |
||
| 13 | 13 | |
| 14 | 14 | class PagePasswordLogin extends LoginCredentialPageBase |
| 15 | 15 | { |
| 16 | - protected function providerSpecificSetup() |
|
| 17 | - { |
|
| 18 | - list($partialId, $partialStage) = WebRequest::getAuthPartialLogin(); |
|
| 19 | - |
|
| 20 | - if ($partialId !== null && $partialStage > 1) { |
|
| 21 | - $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority'; |
|
| 22 | - $statement = $this->getDatabase()->prepare($sql); |
|
| 23 | - $statement->execute(array(':user' => $partialId, ':stage' => $partialStage)); |
|
| 24 | - $nextStage = $statement->fetchColumn(); |
|
| 25 | - $statement->closeCursor(); |
|
| 26 | - |
|
| 27 | - $this->redirect("login/" . $this->nextPageMap[$nextStage]); |
|
| 28 | - return; |
|
| 29 | - } |
|
| 30 | - |
|
| 31 | - $this->setTemplate('login/password.tpl'); |
|
| 32 | - } |
|
| 33 | - |
|
| 34 | - protected function getProviderCredentials() |
|
| 35 | - { |
|
| 36 | - $password = WebRequest::postString("password"); |
|
| 37 | - if ($password === null || $password === "") { |
|
| 38 | - throw new ApplicationLogicException("No password specified"); |
|
| 39 | - } |
|
| 40 | - |
|
| 41 | - return $password; |
|
| 42 | - } |
|
| 16 | + protected function providerSpecificSetup() |
|
| 17 | + { |
|
| 18 | + list($partialId, $partialStage) = WebRequest::getAuthPartialLogin(); |
|
| 19 | + |
|
| 20 | + if ($partialId !== null && $partialStage > 1) { |
|
| 21 | + $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority'; |
|
| 22 | + $statement = $this->getDatabase()->prepare($sql); |
|
| 23 | + $statement->execute(array(':user' => $partialId, ':stage' => $partialStage)); |
|
| 24 | + $nextStage = $statement->fetchColumn(); |
|
| 25 | + $statement->closeCursor(); |
|
| 26 | + |
|
| 27 | + $this->redirect("login/" . $this->nextPageMap[$nextStage]); |
|
| 28 | + return; |
|
| 29 | + } |
|
| 30 | + |
|
| 31 | + $this->setTemplate('login/password.tpl'); |
|
| 32 | + } |
|
| 33 | + |
|
| 34 | + protected function getProviderCredentials() |
|
| 35 | + { |
|
| 36 | + $password = WebRequest::postString("password"); |
|
| 37 | + if ($password === null || $password === "") { |
|
| 38 | + throw new ApplicationLogicException("No password specified"); |
|
| 39 | + } |
|
| 40 | + |
|
| 41 | + return $password; |
|
| 42 | + } |
|
| 43 | 43 | } |
| 44 | 44 | \ No newline at end of file |
@@ -37,9 +37,9 @@ |
||
| 37 | 37 | if (WebRequest::wasPosted()) { |
| 38 | 38 | $this->validateCSRFToken(); |
| 39 | 39 | |
| 40 | - $this->setPreference($preferencesManager,PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 41 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 42 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 40 | + $this->setPreference($preferencesManager, PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 41 | + $this->setPreferenceWithValue($preferencesManager, PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 42 | + $this->setPreferenceWithValue($preferencesManager, PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 43 | 43 | $this->setCreationMode($user, $preferencesManager); |
| 44 | 44 | $this->setSkin($preferencesManager); |
| 45 | 45 | $preferencesManager->setGlobalPreference(PreferenceManager::PREF_DEFAULT_DOMAIN, WebRequest::postInt('defaultDomain')); |
@@ -21,170 +21,170 @@ |
||
| 21 | 21 | |
| 22 | 22 | class PagePreferences extends InternalPageBase |
| 23 | 23 | { |
| 24 | - /** |
|
| 25 | - * Main function for this page, when no specific actions are called. |
|
| 26 | - * @return void |
|
| 27 | - */ |
|
| 28 | - protected function main() |
|
| 29 | - { |
|
| 30 | - $this->setHtmlTitle('Preferences'); |
|
| 31 | - |
|
| 32 | - $enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth(); |
|
| 33 | - $database = $this->getDatabase(); |
|
| 34 | - $user = User::getCurrent($database); |
|
| 35 | - $preferencesManager = PreferenceManager::getForCurrent($database); |
|
| 36 | - |
|
| 37 | - // Dual mode |
|
| 38 | - if (WebRequest::wasPosted()) { |
|
| 39 | - $this->validateCSRFToken(); |
|
| 40 | - |
|
| 41 | - $this->setPreference($preferencesManager,PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 42 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 43 | - $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 44 | - $this->setCreationMode($user, $preferencesManager); |
|
| 45 | - $this->setSkin($preferencesManager); |
|
| 46 | - $preferencesManager->setGlobalPreference(PreferenceManager::PREF_DEFAULT_DOMAIN, WebRequest::postInt('defaultDomain')); |
|
| 47 | - |
|
| 48 | - $email = WebRequest::postEmail('email'); |
|
| 49 | - if ($email !== null) { |
|
| 50 | - $user->setEmail($email); |
|
| 51 | - } |
|
| 52 | - |
|
| 53 | - $user->save(); |
|
| 54 | - SessionAlert::success("Preferences updated!"); |
|
| 55 | - |
|
| 56 | - if ($this->barrierTest(RoleConfigurationBase::MAIN, $user, PageMain::class)) { |
|
| 57 | - $this->redirect(''); |
|
| 58 | - } |
|
| 59 | - else { |
|
| 60 | - $this->redirect('preferences'); |
|
| 61 | - } |
|
| 62 | - } |
|
| 63 | - else { |
|
| 64 | - $this->assignCSRFToken(); |
|
| 65 | - $this->setTemplate('preferences/prefs.tpl'); |
|
| 66 | - |
|
| 67 | - // FIXME: domains! |
|
| 68 | - /** @var Domain $domain */ |
|
| 69 | - $domain = Domain::getById(1, $this->getDatabase()); |
|
| 70 | - $this->assign('mediawikiScriptPath', $domain->getWikiArticlePath()); |
|
| 71 | - |
|
| 72 | - $this->assign("enforceOAuth", $enforceOAuth); |
|
| 73 | - |
|
| 74 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature', false); |
|
| 75 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_CREATION_MODE, 'creationMode', false); |
|
| 76 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin', true); |
|
| 77 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', false); |
|
| 78 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', false, true); |
|
| 79 | - $this->assignPreference($preferencesManager, PreferenceManager::PREF_DEFAULT_DOMAIN, 'defaultDomain', true); |
|
| 80 | - |
|
| 81 | - $this->assign('canManualCreate', |
|
| 82 | - $this->barrierTest(PreferenceManager::CREATION_MANUAL, $user, 'RequestCreation')); |
|
| 83 | - $this->assign('canOauthCreate', |
|
| 84 | - $this->barrierTest(PreferenceManager::CREATION_OAUTH, $user, 'RequestCreation')); |
|
| 85 | - $this->assign('canBotCreate', |
|
| 86 | - $this->barrierTest(PreferenceManager::CREATION_BOT, $user, 'RequestCreation')); |
|
| 87 | - |
|
| 88 | - $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), |
|
| 89 | - $this->getSiteConfiguration()); |
|
| 90 | - $this->assign('oauth', $oauth); |
|
| 91 | - |
|
| 92 | - $identity = null; |
|
| 93 | - if ($oauth->isFullyLinked()) { |
|
| 94 | - $identity = $oauth->getIdentity(true); |
|
| 95 | - } |
|
| 96 | - |
|
| 97 | - $this->assign('identity', $identity); |
|
| 98 | - $this->assign('graceTime', $this->getSiteConfiguration()->getOauthIdentityGraceTime()); |
|
| 99 | - } |
|
| 100 | - } |
|
| 101 | - |
|
| 102 | - private function assignPreference( |
|
| 103 | - PreferenceManager $preferencesManager, |
|
| 104 | - string $preference, |
|
| 105 | - string $fieldName, |
|
| 106 | - bool $defaultGlobal, |
|
| 107 | - $defaultValue = null |
|
| 108 | - ): void { |
|
| 109 | - $this->assign($fieldName, $preferencesManager->getPreference($preference) ?? $defaultValue); |
|
| 110 | - $this->assign($fieldName . 'Global', $preferencesManager->isGlobalPreference($preference) ?? $defaultGlobal); |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - private function setPreferenceWithValue( |
|
| 114 | - PreferenceManager $preferencesManager, |
|
| 115 | - string $preferenceName, |
|
| 116 | - string $fieldName, |
|
| 117 | - $value |
|
| 118 | - ): void { |
|
| 119 | - $globalDefinition = WebRequest::postBoolean($fieldName . 'Global'); |
|
| 120 | - if ($globalDefinition) { |
|
| 121 | - $preferencesManager->setGlobalPreference($preferenceName, $value); |
|
| 122 | - } |
|
| 123 | - else { |
|
| 124 | - $preferencesManager->setLocalPreference($preferenceName, $value); |
|
| 125 | - } |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - private function setPreference( |
|
| 129 | - PreferenceManager $preferencesManager, |
|
| 130 | - string $preferenceName, |
|
| 131 | - string $fieldName |
|
| 132 | - ): void { |
|
| 133 | - $this->setPreferenceWithValue($preferencesManager, $preferenceName, $fieldName, WebRequest::postString($fieldName)); |
|
| 134 | - } |
|
| 135 | - |
|
| 136 | - protected function refreshOAuth() |
|
| 137 | - { |
|
| 138 | - if (!WebRequest::wasPosted()) { |
|
| 139 | - $this->redirect('preferences'); |
|
| 140 | - |
|
| 141 | - return; |
|
| 142 | - } |
|
| 143 | - |
|
| 144 | - $database = $this->getDatabase(); |
|
| 145 | - $oauth = new OAuthUserHelper(User::getCurrent($database), $database, $this->getOAuthProtocolHelper(), |
|
| 146 | - $this->getSiteConfiguration()); |
|
| 147 | - |
|
| 148 | - // token is for old consumer, run through the approval workflow again |
|
| 149 | - if ($oauth->getIdentity(true)->getAudience() !== $this->getSiteConfiguration()->getOAuthConsumerToken()) { |
|
| 150 | - $authoriseUrl = $oauth->getRequestToken(); |
|
| 151 | - $this->redirectUrl($authoriseUrl); |
|
| 152 | - |
|
| 153 | - return; |
|
| 154 | - } |
|
| 155 | - |
|
| 156 | - if ($oauth->isFullyLinked()) { |
|
| 157 | - $oauth->refreshIdentity(); |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - $this->redirect('preferences'); |
|
| 161 | - |
|
| 162 | - return; |
|
| 163 | - } |
|
| 164 | - |
|
| 165 | - private function setCreationMode(User $user, PreferenceManager $preferenceManager) |
|
| 166 | - { |
|
| 167 | - // if the user is selecting a creation mode that they are not allowed, do nothing. |
|
| 168 | - // this has the side effect of allowing them to keep a selected mode that either has been changed for them, |
|
| 169 | - // or that they have kept from when they previously had certain access. |
|
| 170 | - // This setting is only settable locally, as ACLs may change between domains. |
|
| 171 | - $creationMode = WebRequest::postInt('creationMode'); |
|
| 172 | - |
|
| 173 | - if ($creationMode === null) { |
|
| 174 | - return; |
|
| 175 | - } |
|
| 176 | - |
|
| 177 | - if ($this->barrierTest($creationMode, $user, 'RequestCreation')) { |
|
| 178 | - $preferenceManager->setLocalPreference(PreferenceManager::PREF_CREATION_MODE, WebRequest::postString('creationMode')); |
|
| 179 | - } |
|
| 180 | - } |
|
| 181 | - |
|
| 182 | - private function setSkin(PreferenceManager $preferencesManager): void |
|
| 183 | - { |
|
| 184 | - $newSkin = WebRequest::postString('skin'); |
|
| 185 | - $allowedSkins = ['main', 'alt', 'auto']; |
|
| 186 | - if (in_array($newSkin, $allowedSkins)) { |
|
| 187 | - $this->setPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin'); |
|
| 188 | - } |
|
| 189 | - } |
|
| 24 | + /** |
|
| 25 | + * Main function for this page, when no specific actions are called. |
|
| 26 | + * @return void |
|
| 27 | + */ |
|
| 28 | + protected function main() |
|
| 29 | + { |
|
| 30 | + $this->setHtmlTitle('Preferences'); |
|
| 31 | + |
|
| 32 | + $enforceOAuth = $this->getSiteConfiguration()->getEnforceOAuth(); |
|
| 33 | + $database = $this->getDatabase(); |
|
| 34 | + $user = User::getCurrent($database); |
|
| 35 | + $preferencesManager = PreferenceManager::getForCurrent($database); |
|
| 36 | + |
|
| 37 | + // Dual mode |
|
| 38 | + if (WebRequest::wasPosted()) { |
|
| 39 | + $this->validateCSRFToken(); |
|
| 40 | + |
|
| 41 | + $this->setPreference($preferencesManager,PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature'); |
|
| 42 | + $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', WebRequest::postBoolean('skipJsAbort') ? 1 : 0); |
|
| 43 | + $this->setPreferenceWithValue($preferencesManager,PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', WebRequest::postBoolean('showQueueHelp') ? 1 : 0); |
|
| 44 | + $this->setCreationMode($user, $preferencesManager); |
|
| 45 | + $this->setSkin($preferencesManager); |
|
| 46 | + $preferencesManager->setGlobalPreference(PreferenceManager::PREF_DEFAULT_DOMAIN, WebRequest::postInt('defaultDomain')); |
|
| 47 | + |
|
| 48 | + $email = WebRequest::postEmail('email'); |
|
| 49 | + if ($email !== null) { |
|
| 50 | + $user->setEmail($email); |
|
| 51 | + } |
|
| 52 | + |
|
| 53 | + $user->save(); |
|
| 54 | + SessionAlert::success("Preferences updated!"); |
|
| 55 | + |
|
| 56 | + if ($this->barrierTest(RoleConfigurationBase::MAIN, $user, PageMain::class)) { |
|
| 57 | + $this->redirect(''); |
|
| 58 | + } |
|
| 59 | + else { |
|
| 60 | + $this->redirect('preferences'); |
|
| 61 | + } |
|
| 62 | + } |
|
| 63 | + else { |
|
| 64 | + $this->assignCSRFToken(); |
|
| 65 | + $this->setTemplate('preferences/prefs.tpl'); |
|
| 66 | + |
|
| 67 | + // FIXME: domains! |
|
| 68 | + /** @var Domain $domain */ |
|
| 69 | + $domain = Domain::getById(1, $this->getDatabase()); |
|
| 70 | + $this->assign('mediawikiScriptPath', $domain->getWikiArticlePath()); |
|
| 71 | + |
|
| 72 | + $this->assign("enforceOAuth", $enforceOAuth); |
|
| 73 | + |
|
| 74 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_EMAIL_SIGNATURE, 'emailSignature', false); |
|
| 75 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_CREATION_MODE, 'creationMode', false); |
|
| 76 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin', true); |
|
| 77 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_SKIP_JS_ABORT, 'skipJsAbort', false); |
|
| 78 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_QUEUE_HELP, 'showQueueHelp', false, true); |
|
| 79 | + $this->assignPreference($preferencesManager, PreferenceManager::PREF_DEFAULT_DOMAIN, 'defaultDomain', true); |
|
| 80 | + |
|
| 81 | + $this->assign('canManualCreate', |
|
| 82 | + $this->barrierTest(PreferenceManager::CREATION_MANUAL, $user, 'RequestCreation')); |
|
| 83 | + $this->assign('canOauthCreate', |
|
| 84 | + $this->barrierTest(PreferenceManager::CREATION_OAUTH, $user, 'RequestCreation')); |
|
| 85 | + $this->assign('canBotCreate', |
|
| 86 | + $this->barrierTest(PreferenceManager::CREATION_BOT, $user, 'RequestCreation')); |
|
| 87 | + |
|
| 88 | + $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), |
|
| 89 | + $this->getSiteConfiguration()); |
|
| 90 | + $this->assign('oauth', $oauth); |
|
| 91 | + |
|
| 92 | + $identity = null; |
|
| 93 | + if ($oauth->isFullyLinked()) { |
|
| 94 | + $identity = $oauth->getIdentity(true); |
|
| 95 | + } |
|
| 96 | + |
|
| 97 | + $this->assign('identity', $identity); |
|
| 98 | + $this->assign('graceTime', $this->getSiteConfiguration()->getOauthIdentityGraceTime()); |
|
| 99 | + } |
|
| 100 | + } |
|
| 101 | + |
|
| 102 | + private function assignPreference( |
|
| 103 | + PreferenceManager $preferencesManager, |
|
| 104 | + string $preference, |
|
| 105 | + string $fieldName, |
|
| 106 | + bool $defaultGlobal, |
|
| 107 | + $defaultValue = null |
|
| 108 | + ): void { |
|
| 109 | + $this->assign($fieldName, $preferencesManager->getPreference($preference) ?? $defaultValue); |
|
| 110 | + $this->assign($fieldName . 'Global', $preferencesManager->isGlobalPreference($preference) ?? $defaultGlobal); |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + private function setPreferenceWithValue( |
|
| 114 | + PreferenceManager $preferencesManager, |
|
| 115 | + string $preferenceName, |
|
| 116 | + string $fieldName, |
|
| 117 | + $value |
|
| 118 | + ): void { |
|
| 119 | + $globalDefinition = WebRequest::postBoolean($fieldName . 'Global'); |
|
| 120 | + if ($globalDefinition) { |
|
| 121 | + $preferencesManager->setGlobalPreference($preferenceName, $value); |
|
| 122 | + } |
|
| 123 | + else { |
|
| 124 | + $preferencesManager->setLocalPreference($preferenceName, $value); |
|
| 125 | + } |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + private function setPreference( |
|
| 129 | + PreferenceManager $preferencesManager, |
|
| 130 | + string $preferenceName, |
|
| 131 | + string $fieldName |
|
| 132 | + ): void { |
|
| 133 | + $this->setPreferenceWithValue($preferencesManager, $preferenceName, $fieldName, WebRequest::postString($fieldName)); |
|
| 134 | + } |
|
| 135 | + |
|
| 136 | + protected function refreshOAuth() |
|
| 137 | + { |
|
| 138 | + if (!WebRequest::wasPosted()) { |
|
| 139 | + $this->redirect('preferences'); |
|
| 140 | + |
|
| 141 | + return; |
|
| 142 | + } |
|
| 143 | + |
|
| 144 | + $database = $this->getDatabase(); |
|
| 145 | + $oauth = new OAuthUserHelper(User::getCurrent($database), $database, $this->getOAuthProtocolHelper(), |
|
| 146 | + $this->getSiteConfiguration()); |
|
| 147 | + |
|
| 148 | + // token is for old consumer, run through the approval workflow again |
|
| 149 | + if ($oauth->getIdentity(true)->getAudience() !== $this->getSiteConfiguration()->getOAuthConsumerToken()) { |
|
| 150 | + $authoriseUrl = $oauth->getRequestToken(); |
|
| 151 | + $this->redirectUrl($authoriseUrl); |
|
| 152 | + |
|
| 153 | + return; |
|
| 154 | + } |
|
| 155 | + |
|
| 156 | + if ($oauth->isFullyLinked()) { |
|
| 157 | + $oauth->refreshIdentity(); |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + $this->redirect('preferences'); |
|
| 161 | + |
|
| 162 | + return; |
|
| 163 | + } |
|
| 164 | + |
|
| 165 | + private function setCreationMode(User $user, PreferenceManager $preferenceManager) |
|
| 166 | + { |
|
| 167 | + // if the user is selecting a creation mode that they are not allowed, do nothing. |
|
| 168 | + // this has the side effect of allowing them to keep a selected mode that either has been changed for them, |
|
| 169 | + // or that they have kept from when they previously had certain access. |
|
| 170 | + // This setting is only settable locally, as ACLs may change between domains. |
|
| 171 | + $creationMode = WebRequest::postInt('creationMode'); |
|
| 172 | + |
|
| 173 | + if ($creationMode === null) { |
|
| 174 | + return; |
|
| 175 | + } |
|
| 176 | + |
|
| 177 | + if ($this->barrierTest($creationMode, $user, 'RequestCreation')) { |
|
| 178 | + $preferenceManager->setLocalPreference(PreferenceManager::PREF_CREATION_MODE, WebRequest::postString('creationMode')); |
|
| 179 | + } |
|
| 180 | + } |
|
| 181 | + |
|
| 182 | + private function setSkin(PreferenceManager $preferencesManager): void |
|
| 183 | + { |
|
| 184 | + $newSkin = WebRequest::postString('skin'); |
|
| 185 | + $allowedSkins = ['main', 'alt', 'auto']; |
|
| 186 | + if (in_array($newSkin, $allowedSkins)) { |
|
| 187 | + $this->setPreference($preferencesManager, PreferenceManager::PREF_SKIN, 'skin'); |
|
| 188 | + } |
|
| 189 | + } |
|
| 190 | 190 | } |
@@ -55,12 +55,10 @@ discard block |
||
| 55 | 55 | |
| 56 | 56 | if ($this->barrierTest(RoleConfigurationBase::MAIN, $user, PageMain::class)) { |
| 57 | 57 | $this->redirect(''); |
| 58 | - } |
|
| 59 | - else { |
|
| 58 | + } else { |
|
| 60 | 59 | $this->redirect('preferences'); |
| 61 | 60 | } |
| 62 | - } |
|
| 63 | - else { |
|
| 61 | + } else { |
|
| 64 | 62 | $this->assignCSRFToken(); |
| 65 | 63 | $this->setTemplate('preferences/prefs.tpl'); |
| 66 | 64 | |
@@ -119,8 +117,7 @@ discard block |
||
| 119 | 117 | $globalDefinition = WebRequest::postBoolean($fieldName . 'Global'); |
| 120 | 118 | if ($globalDefinition) { |
| 121 | 119 | $preferencesManager->setGlobalPreference($preferenceName, $value); |
| 122 | - } |
|
| 123 | - else { |
|
| 120 | + } else { |
|
| 124 | 121 | $preferencesManager->setLocalPreference($preferenceName, $value); |
| 125 | 122 | } |
| 126 | 123 | } |
@@ -26,297 +26,297 @@ |
||
| 26 | 26 | |
| 27 | 27 | class PageMultiFactor extends InternalPageBase |
| 28 | 28 | { |
| 29 | - /** |
|
| 30 | - * Main function for this page, when no specific actions are called. |
|
| 31 | - * @return void |
|
| 32 | - */ |
|
| 33 | - protected function main() |
|
| 34 | - { |
|
| 35 | - $database = $this->getDatabase(); |
|
| 36 | - $currentUser = User::getCurrent($database); |
|
| 37 | - |
|
| 38 | - $yubikeyOtpCredentialProvider = new YubikeyOtpCredentialProvider($database, $this->getSiteConfiguration(), |
|
| 39 | - $this->getHttpHelper()); |
|
| 40 | - $this->assign('yubikeyOtpIdentity', $yubikeyOtpCredentialProvider->getYubikeyData($currentUser->getId())); |
|
| 41 | - $this->assign('yubikeyOtpEnrolled', $yubikeyOtpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 42 | - |
|
| 43 | - $totpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 44 | - $this->assign('totpEnrolled', $totpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 45 | - |
|
| 46 | - $scratchCredentialProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 47 | - $this->assign('scratchEnrolled', $scratchCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 48 | - $this->assign('scratchRemaining', $scratchCredentialProvider->getRemaining($currentUser->getId())); |
|
| 49 | - |
|
| 50 | - $this->assign('allowedTotp', $this->barrierTest('enableTotp', $currentUser)); |
|
| 51 | - $this->assign('allowedYubikey', $this->barrierTest('enableYubikeyOtp', $currentUser)); |
|
| 52 | - |
|
| 53 | - $this->setTemplate('mfa/mfa.tpl'); |
|
| 54 | - } |
|
| 55 | - |
|
| 56 | - protected function enableYubikeyOtp() |
|
| 57 | - { |
|
| 58 | - $database = $this->getDatabase(); |
|
| 59 | - $currentUser = User::getCurrent($database); |
|
| 60 | - |
|
| 61 | - $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 62 | - $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 63 | - |
|
| 64 | - if (WebRequest::wasPosted()) { |
|
| 65 | - $this->validateCSRFToken(); |
|
| 66 | - |
|
| 67 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 68 | - $this->getSiteConfiguration()); |
|
| 69 | - |
|
| 70 | - $password = WebRequest::postString('password'); |
|
| 71 | - $otp = WebRequest::postString('otp'); |
|
| 72 | - |
|
| 73 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 74 | - |
|
| 75 | - if ($result) { |
|
| 76 | - try { |
|
| 77 | - $otpCredentialProvider->setCredential($currentUser, 2, $otp); |
|
| 78 | - SessionAlert::success('Enabled YubiKey OTP.'); |
|
| 79 | - |
|
| 80 | - $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 81 | - if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 82 | - $scratchProvider->setCredential($currentUser, 2, null); |
|
| 83 | - $tokens = $scratchProvider->getTokens(); |
|
| 84 | - $this->assign('tokens', $tokens); |
|
| 85 | - $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 86 | - return; |
|
| 87 | - } |
|
| 88 | - } |
|
| 89 | - catch (ApplicationLogicException $ex) { |
|
| 90 | - SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage()); |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - $this->redirect('multiFactor'); |
|
| 94 | - } |
|
| 95 | - else { |
|
| 96 | - SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.'); |
|
| 97 | - $this->redirect('multiFactor'); |
|
| 98 | - } |
|
| 99 | - } |
|
| 100 | - else { |
|
| 101 | - if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 102 | - // user is not enrolled, we shouldn't have got here. |
|
| 103 | - throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - $this->assignCSRFToken(); |
|
| 107 | - $this->setTemplate('mfa/enableYubikey.tpl'); |
|
| 108 | - } |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - protected function disableYubikeyOtp() |
|
| 112 | - { |
|
| 113 | - $database = $this->getDatabase(); |
|
| 114 | - $currentUser = User::getCurrent($database); |
|
| 115 | - |
|
| 116 | - $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 117 | - $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 118 | - |
|
| 119 | - $factorType = 'YubiKey OTP'; |
|
| 120 | - |
|
| 121 | - $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 122 | - } |
|
| 123 | - |
|
| 124 | - protected function enableTotp() |
|
| 125 | - { |
|
| 126 | - $database = $this->getDatabase(); |
|
| 127 | - $currentUser = User::getCurrent($database); |
|
| 128 | - |
|
| 129 | - $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 130 | - |
|
| 131 | - if (WebRequest::wasPosted()) { |
|
| 132 | - $this->validateCSRFToken(); |
|
| 133 | - |
|
| 134 | - // used for routing only, not security |
|
| 135 | - $stage = WebRequest::postString('stage'); |
|
| 136 | - |
|
| 137 | - if ($stage === "auth") { |
|
| 138 | - $password = WebRequest::postString('password'); |
|
| 139 | - |
|
| 140 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 141 | - $this->getSiteConfiguration()); |
|
| 142 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 143 | - |
|
| 144 | - if ($result) { |
|
| 145 | - $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 146 | - |
|
| 147 | - $provisioningUrl = $otpCredentialProvider->getProvisioningUrl($currentUser); |
|
| 148 | - |
|
| 149 | - $renderer = new ImageRenderer( |
|
| 150 | - new RendererStyle(256), |
|
| 151 | - new SvgImageBackEnd() |
|
| 152 | - ); |
|
| 153 | - |
|
| 154 | - $writer = new Writer($renderer); |
|
| 155 | - $svg = $writer->writeString($provisioningUrl); |
|
| 156 | - |
|
| 157 | - $this->assign('svg', $svg); |
|
| 158 | - $this->assign('secret', $otpCredentialProvider->getSecret($currentUser)); |
|
| 159 | - |
|
| 160 | - $this->assignCSRFToken(); |
|
| 161 | - $this->setTemplate('mfa/enableTotpEnroll.tpl'); |
|
| 162 | - |
|
| 163 | - return; |
|
| 164 | - } |
|
| 165 | - else { |
|
| 166 | - SessionAlert::error('Error enabling TOTP - invalid credentials.'); |
|
| 167 | - $this->redirect('multiFactor'); |
|
| 168 | - |
|
| 169 | - return; |
|
| 170 | - } |
|
| 171 | - } |
|
| 172 | - |
|
| 173 | - if ($stage === "enroll") { |
|
| 174 | - // we *must* have a defined credential already here, |
|
| 175 | - if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) { |
|
| 176 | - $otp = WebRequest::postString('otp'); |
|
| 177 | - $result = $otpCredentialProvider->verifyEnable($currentUser, $otp); |
|
| 178 | - |
|
| 179 | - if ($result) { |
|
| 180 | - SessionAlert::success('Enabled TOTP.'); |
|
| 181 | - |
|
| 182 | - $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 183 | - if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 184 | - $scratchProvider->setCredential($currentUser, 2, null); |
|
| 185 | - $tokens = $scratchProvider->getTokens(); |
|
| 186 | - $this->assign('tokens', $tokens); |
|
| 187 | - $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 188 | - return; |
|
| 189 | - } |
|
| 190 | - } |
|
| 191 | - else { |
|
| 192 | - $otpCredentialProvider->deleteCredential($currentUser); |
|
| 193 | - SessionAlert::error('Error enabling TOTP: invalid token provided'); |
|
| 194 | - } |
|
| 195 | - |
|
| 196 | - |
|
| 197 | - $this->redirect('multiFactor'); |
|
| 198 | - return; |
|
| 199 | - } |
|
| 200 | - else { |
|
| 201 | - SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.'); |
|
| 202 | - $this->redirect('multiFactor'); |
|
| 203 | - |
|
| 204 | - return; |
|
| 205 | - } |
|
| 206 | - } |
|
| 207 | - |
|
| 208 | - // urgh, dunno what happened, but it's not something expected. |
|
| 209 | - throw new ApplicationLogicException(); |
|
| 210 | - } |
|
| 211 | - else { |
|
| 212 | - if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 213 | - // user is not enrolled, we shouldn't have got here. |
|
| 214 | - throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 215 | - } |
|
| 216 | - |
|
| 217 | - $this->assignCSRFToken(); |
|
| 218 | - |
|
| 219 | - $this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing your tool password below.'); |
|
| 220 | - $this->assign('alertheader', 'Provide credentials'); |
|
| 221 | - $this->assign('continueText', 'Verify password'); |
|
| 222 | - $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 223 | - } |
|
| 224 | - } |
|
| 225 | - |
|
| 226 | - protected function disableTotp() |
|
| 227 | - { |
|
| 228 | - $database = $this->getDatabase(); |
|
| 229 | - $currentUser = User::getCurrent($database); |
|
| 230 | - |
|
| 231 | - $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 232 | - |
|
| 233 | - $factorType = 'TOTP'; |
|
| 234 | - |
|
| 235 | - $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 236 | - } |
|
| 237 | - |
|
| 238 | - protected function scratch() |
|
| 239 | - { |
|
| 240 | - $database = $this->getDatabase(); |
|
| 241 | - $currentUser = User::getCurrent($database); |
|
| 242 | - |
|
| 243 | - if (WebRequest::wasPosted()) { |
|
| 244 | - $this->validateCSRFToken(); |
|
| 245 | - |
|
| 246 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 247 | - $this->getSiteConfiguration()); |
|
| 248 | - |
|
| 249 | - $otpCredentialProvider = new ScratchTokenCredentialProvider($database, |
|
| 250 | - $this->getSiteConfiguration()); |
|
| 251 | - |
|
| 252 | - $password = WebRequest::postString('password'); |
|
| 253 | - |
|
| 254 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 255 | - |
|
| 256 | - if ($result) { |
|
| 257 | - $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 258 | - $tokens = $otpCredentialProvider->getTokens(); |
|
| 259 | - $this->assign('tokens', $tokens); |
|
| 260 | - $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 261 | - } |
|
| 262 | - else { |
|
| 263 | - SessionAlert::error('Error refreshing scratch tokens - invalid credentials.'); |
|
| 264 | - $this->redirect('multiFactor'); |
|
| 265 | - } |
|
| 266 | - } |
|
| 267 | - else { |
|
| 268 | - $this->assignCSRFToken(); |
|
| 269 | - |
|
| 270 | - $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing your tool password below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.'); |
|
| 271 | - $this->assign('alertheader', 'Re-generate scratch tokens'); |
|
| 272 | - $this->assign('continueText', 'Regenerate Scratch Tokens'); |
|
| 273 | - |
|
| 274 | - $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 275 | - } |
|
| 276 | - } |
|
| 277 | - |
|
| 278 | - /** |
|
| 279 | - * @param PdoDatabase $database |
|
| 280 | - * @param User $currentUser |
|
| 281 | - * @param ICredentialProvider $otpCredentialProvider |
|
| 282 | - * @param string $factorType |
|
| 283 | - * |
|
| 284 | - * @throws ApplicationLogicException |
|
| 285 | - */ |
|
| 286 | - private function deleteCredential( |
|
| 287 | - PdoDatabase $database, |
|
| 288 | - User $currentUser, |
|
| 289 | - ICredentialProvider $otpCredentialProvider, |
|
| 290 | - $factorType |
|
| 291 | - ) { |
|
| 292 | - if (WebRequest::wasPosted()) { |
|
| 293 | - $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 294 | - $this->getSiteConfiguration()); |
|
| 295 | - |
|
| 296 | - $this->validateCSRFToken(); |
|
| 297 | - |
|
| 298 | - $password = WebRequest::postString('password'); |
|
| 299 | - $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 300 | - |
|
| 301 | - if ($result) { |
|
| 302 | - $otpCredentialProvider->deleteCredential($currentUser); |
|
| 303 | - SessionAlert::success('Disabled ' . $factorType . '.'); |
|
| 304 | - $this->redirect('multiFactor'); |
|
| 305 | - } |
|
| 306 | - else { |
|
| 307 | - SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.'); |
|
| 308 | - $this->redirect('multiFactor'); |
|
| 309 | - } |
|
| 310 | - } |
|
| 311 | - else { |
|
| 312 | - if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 313 | - // user is not enrolled, we shouldn't have got here. |
|
| 314 | - throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism'); |
|
| 315 | - } |
|
| 316 | - |
|
| 317 | - $this->assignCSRFToken(); |
|
| 318 | - $this->assign('otpType', $factorType); |
|
| 319 | - $this->setTemplate('mfa/disableOtp.tpl'); |
|
| 320 | - } |
|
| 321 | - } |
|
| 29 | + /** |
|
| 30 | + * Main function for this page, when no specific actions are called. |
|
| 31 | + * @return void |
|
| 32 | + */ |
|
| 33 | + protected function main() |
|
| 34 | + { |
|
| 35 | + $database = $this->getDatabase(); |
|
| 36 | + $currentUser = User::getCurrent($database); |
|
| 37 | + |
|
| 38 | + $yubikeyOtpCredentialProvider = new YubikeyOtpCredentialProvider($database, $this->getSiteConfiguration(), |
|
| 39 | + $this->getHttpHelper()); |
|
| 40 | + $this->assign('yubikeyOtpIdentity', $yubikeyOtpCredentialProvider->getYubikeyData($currentUser->getId())); |
|
| 41 | + $this->assign('yubikeyOtpEnrolled', $yubikeyOtpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 42 | + |
|
| 43 | + $totpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 44 | + $this->assign('totpEnrolled', $totpCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 45 | + |
|
| 46 | + $scratchCredentialProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 47 | + $this->assign('scratchEnrolled', $scratchCredentialProvider->userIsEnrolled($currentUser->getId())); |
|
| 48 | + $this->assign('scratchRemaining', $scratchCredentialProvider->getRemaining($currentUser->getId())); |
|
| 49 | + |
|
| 50 | + $this->assign('allowedTotp', $this->barrierTest('enableTotp', $currentUser)); |
|
| 51 | + $this->assign('allowedYubikey', $this->barrierTest('enableYubikeyOtp', $currentUser)); |
|
| 52 | + |
|
| 53 | + $this->setTemplate('mfa/mfa.tpl'); |
|
| 54 | + } |
|
| 55 | + |
|
| 56 | + protected function enableYubikeyOtp() |
|
| 57 | + { |
|
| 58 | + $database = $this->getDatabase(); |
|
| 59 | + $currentUser = User::getCurrent($database); |
|
| 60 | + |
|
| 61 | + $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 62 | + $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 63 | + |
|
| 64 | + if (WebRequest::wasPosted()) { |
|
| 65 | + $this->validateCSRFToken(); |
|
| 66 | + |
|
| 67 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 68 | + $this->getSiteConfiguration()); |
|
| 69 | + |
|
| 70 | + $password = WebRequest::postString('password'); |
|
| 71 | + $otp = WebRequest::postString('otp'); |
|
| 72 | + |
|
| 73 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 74 | + |
|
| 75 | + if ($result) { |
|
| 76 | + try { |
|
| 77 | + $otpCredentialProvider->setCredential($currentUser, 2, $otp); |
|
| 78 | + SessionAlert::success('Enabled YubiKey OTP.'); |
|
| 79 | + |
|
| 80 | + $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 81 | + if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 82 | + $scratchProvider->setCredential($currentUser, 2, null); |
|
| 83 | + $tokens = $scratchProvider->getTokens(); |
|
| 84 | + $this->assign('tokens', $tokens); |
|
| 85 | + $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 86 | + return; |
|
| 87 | + } |
|
| 88 | + } |
|
| 89 | + catch (ApplicationLogicException $ex) { |
|
| 90 | + SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage()); |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + $this->redirect('multiFactor'); |
|
| 94 | + } |
|
| 95 | + else { |
|
| 96 | + SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.'); |
|
| 97 | + $this->redirect('multiFactor'); |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + else { |
|
| 101 | + if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 102 | + // user is not enrolled, we shouldn't have got here. |
|
| 103 | + throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + $this->assignCSRFToken(); |
|
| 107 | + $this->setTemplate('mfa/enableYubikey.tpl'); |
|
| 108 | + } |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + protected function disableYubikeyOtp() |
|
| 112 | + { |
|
| 113 | + $database = $this->getDatabase(); |
|
| 114 | + $currentUser = User::getCurrent($database); |
|
| 115 | + |
|
| 116 | + $otpCredentialProvider = new YubikeyOtpCredentialProvider($database, |
|
| 117 | + $this->getSiteConfiguration(), $this->getHttpHelper()); |
|
| 118 | + |
|
| 119 | + $factorType = 'YubiKey OTP'; |
|
| 120 | + |
|
| 121 | + $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 122 | + } |
|
| 123 | + |
|
| 124 | + protected function enableTotp() |
|
| 125 | + { |
|
| 126 | + $database = $this->getDatabase(); |
|
| 127 | + $currentUser = User::getCurrent($database); |
|
| 128 | + |
|
| 129 | + $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 130 | + |
|
| 131 | + if (WebRequest::wasPosted()) { |
|
| 132 | + $this->validateCSRFToken(); |
|
| 133 | + |
|
| 134 | + // used for routing only, not security |
|
| 135 | + $stage = WebRequest::postString('stage'); |
|
| 136 | + |
|
| 137 | + if ($stage === "auth") { |
|
| 138 | + $password = WebRequest::postString('password'); |
|
| 139 | + |
|
| 140 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 141 | + $this->getSiteConfiguration()); |
|
| 142 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 143 | + |
|
| 144 | + if ($result) { |
|
| 145 | + $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 146 | + |
|
| 147 | + $provisioningUrl = $otpCredentialProvider->getProvisioningUrl($currentUser); |
|
| 148 | + |
|
| 149 | + $renderer = new ImageRenderer( |
|
| 150 | + new RendererStyle(256), |
|
| 151 | + new SvgImageBackEnd() |
|
| 152 | + ); |
|
| 153 | + |
|
| 154 | + $writer = new Writer($renderer); |
|
| 155 | + $svg = $writer->writeString($provisioningUrl); |
|
| 156 | + |
|
| 157 | + $this->assign('svg', $svg); |
|
| 158 | + $this->assign('secret', $otpCredentialProvider->getSecret($currentUser)); |
|
| 159 | + |
|
| 160 | + $this->assignCSRFToken(); |
|
| 161 | + $this->setTemplate('mfa/enableTotpEnroll.tpl'); |
|
| 162 | + |
|
| 163 | + return; |
|
| 164 | + } |
|
| 165 | + else { |
|
| 166 | + SessionAlert::error('Error enabling TOTP - invalid credentials.'); |
|
| 167 | + $this->redirect('multiFactor'); |
|
| 168 | + |
|
| 169 | + return; |
|
| 170 | + } |
|
| 171 | + } |
|
| 172 | + |
|
| 173 | + if ($stage === "enroll") { |
|
| 174 | + // we *must* have a defined credential already here, |
|
| 175 | + if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) { |
|
| 176 | + $otp = WebRequest::postString('otp'); |
|
| 177 | + $result = $otpCredentialProvider->verifyEnable($currentUser, $otp); |
|
| 178 | + |
|
| 179 | + if ($result) { |
|
| 180 | + SessionAlert::success('Enabled TOTP.'); |
|
| 181 | + |
|
| 182 | + $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 183 | + if ($scratchProvider->getRemaining($currentUser->getId()) < 3) { |
|
| 184 | + $scratchProvider->setCredential($currentUser, 2, null); |
|
| 185 | + $tokens = $scratchProvider->getTokens(); |
|
| 186 | + $this->assign('tokens', $tokens); |
|
| 187 | + $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 188 | + return; |
|
| 189 | + } |
|
| 190 | + } |
|
| 191 | + else { |
|
| 192 | + $otpCredentialProvider->deleteCredential($currentUser); |
|
| 193 | + SessionAlert::error('Error enabling TOTP: invalid token provided'); |
|
| 194 | + } |
|
| 195 | + |
|
| 196 | + |
|
| 197 | + $this->redirect('multiFactor'); |
|
| 198 | + return; |
|
| 199 | + } |
|
| 200 | + else { |
|
| 201 | + SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.'); |
|
| 202 | + $this->redirect('multiFactor'); |
|
| 203 | + |
|
| 204 | + return; |
|
| 205 | + } |
|
| 206 | + } |
|
| 207 | + |
|
| 208 | + // urgh, dunno what happened, but it's not something expected. |
|
| 209 | + throw new ApplicationLogicException(); |
|
| 210 | + } |
|
| 211 | + else { |
|
| 212 | + if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 213 | + // user is not enrolled, we shouldn't have got here. |
|
| 214 | + throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
|
| 215 | + } |
|
| 216 | + |
|
| 217 | + $this->assignCSRFToken(); |
|
| 218 | + |
|
| 219 | + $this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing your tool password below.'); |
|
| 220 | + $this->assign('alertheader', 'Provide credentials'); |
|
| 221 | + $this->assign('continueText', 'Verify password'); |
|
| 222 | + $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | + |
|
| 226 | + protected function disableTotp() |
|
| 227 | + { |
|
| 228 | + $database = $this->getDatabase(); |
|
| 229 | + $currentUser = User::getCurrent($database); |
|
| 230 | + |
|
| 231 | + $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration()); |
|
| 232 | + |
|
| 233 | + $factorType = 'TOTP'; |
|
| 234 | + |
|
| 235 | + $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType); |
|
| 236 | + } |
|
| 237 | + |
|
| 238 | + protected function scratch() |
|
| 239 | + { |
|
| 240 | + $database = $this->getDatabase(); |
|
| 241 | + $currentUser = User::getCurrent($database); |
|
| 242 | + |
|
| 243 | + if (WebRequest::wasPosted()) { |
|
| 244 | + $this->validateCSRFToken(); |
|
| 245 | + |
|
| 246 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 247 | + $this->getSiteConfiguration()); |
|
| 248 | + |
|
| 249 | + $otpCredentialProvider = new ScratchTokenCredentialProvider($database, |
|
| 250 | + $this->getSiteConfiguration()); |
|
| 251 | + |
|
| 252 | + $password = WebRequest::postString('password'); |
|
| 253 | + |
|
| 254 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 255 | + |
|
| 256 | + if ($result) { |
|
| 257 | + $otpCredentialProvider->setCredential($currentUser, 2, null); |
|
| 258 | + $tokens = $otpCredentialProvider->getTokens(); |
|
| 259 | + $this->assign('tokens', $tokens); |
|
| 260 | + $this->setTemplate('mfa/regenScratchTokens.tpl'); |
|
| 261 | + } |
|
| 262 | + else { |
|
| 263 | + SessionAlert::error('Error refreshing scratch tokens - invalid credentials.'); |
|
| 264 | + $this->redirect('multiFactor'); |
|
| 265 | + } |
|
| 266 | + } |
|
| 267 | + else { |
|
| 268 | + $this->assignCSRFToken(); |
|
| 269 | + |
|
| 270 | + $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing your tool password below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.'); |
|
| 271 | + $this->assign('alertheader', 'Re-generate scratch tokens'); |
|
| 272 | + $this->assign('continueText', 'Regenerate Scratch Tokens'); |
|
| 273 | + |
|
| 274 | + $this->setTemplate('mfa/enableAuth.tpl'); |
|
| 275 | + } |
|
| 276 | + } |
|
| 277 | + |
|
| 278 | + /** |
|
| 279 | + * @param PdoDatabase $database |
|
| 280 | + * @param User $currentUser |
|
| 281 | + * @param ICredentialProvider $otpCredentialProvider |
|
| 282 | + * @param string $factorType |
|
| 283 | + * |
|
| 284 | + * @throws ApplicationLogicException |
|
| 285 | + */ |
|
| 286 | + private function deleteCredential( |
|
| 287 | + PdoDatabase $database, |
|
| 288 | + User $currentUser, |
|
| 289 | + ICredentialProvider $otpCredentialProvider, |
|
| 290 | + $factorType |
|
| 291 | + ) { |
|
| 292 | + if (WebRequest::wasPosted()) { |
|
| 293 | + $passwordCredentialProvider = new PasswordCredentialProvider($database, |
|
| 294 | + $this->getSiteConfiguration()); |
|
| 295 | + |
|
| 296 | + $this->validateCSRFToken(); |
|
| 297 | + |
|
| 298 | + $password = WebRequest::postString('password'); |
|
| 299 | + $result = $passwordCredentialProvider->authenticate($currentUser, $password); |
|
| 300 | + |
|
| 301 | + if ($result) { |
|
| 302 | + $otpCredentialProvider->deleteCredential($currentUser); |
|
| 303 | + SessionAlert::success('Disabled ' . $factorType . '.'); |
|
| 304 | + $this->redirect('multiFactor'); |
|
| 305 | + } |
|
| 306 | + else { |
|
| 307 | + SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.'); |
|
| 308 | + $this->redirect('multiFactor'); |
|
| 309 | + } |
|
| 310 | + } |
|
| 311 | + else { |
|
| 312 | + if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
|
| 313 | + // user is not enrolled, we shouldn't have got here. |
|
| 314 | + throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism'); |
|
| 315 | + } |
|
| 316 | + |
|
| 317 | + $this->assignCSRFToken(); |
|
| 318 | + $this->assign('otpType', $factorType); |
|
| 319 | + $this->setTemplate('mfa/disableOtp.tpl'); |
|
| 320 | + } |
|
| 321 | + } |
|
| 322 | 322 | } |
@@ -91,13 +91,11 @@ discard block |
||
| 91 | 91 | } |
| 92 | 92 | |
| 93 | 93 | $this->redirect('multiFactor'); |
| 94 | - } |
|
| 95 | - else { |
|
| 94 | + } else { |
|
| 96 | 95 | SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.'); |
| 97 | 96 | $this->redirect('multiFactor'); |
| 98 | 97 | } |
| 99 | - } |
|
| 100 | - else { |
|
| 98 | + } else { |
|
| 101 | 99 | if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
| 102 | 100 | // user is not enrolled, we shouldn't have got here. |
| 103 | 101 | throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
@@ -161,8 +159,7 @@ discard block |
||
| 161 | 159 | $this->setTemplate('mfa/enableTotpEnroll.tpl'); |
| 162 | 160 | |
| 163 | 161 | return; |
| 164 | - } |
|
| 165 | - else { |
|
| 162 | + } else { |
|
| 166 | 163 | SessionAlert::error('Error enabling TOTP - invalid credentials.'); |
| 167 | 164 | $this->redirect('multiFactor'); |
| 168 | 165 | |
@@ -187,8 +184,7 @@ discard block |
||
| 187 | 184 | $this->setTemplate('mfa/regenScratchTokens.tpl'); |
| 188 | 185 | return; |
| 189 | 186 | } |
| 190 | - } |
|
| 191 | - else { |
|
| 187 | + } else { |
|
| 192 | 188 | $otpCredentialProvider->deleteCredential($currentUser); |
| 193 | 189 | SessionAlert::error('Error enabling TOTP: invalid token provided'); |
| 194 | 190 | } |
@@ -196,8 +192,7 @@ discard block |
||
| 196 | 192 | |
| 197 | 193 | $this->redirect('multiFactor'); |
| 198 | 194 | return; |
| 199 | - } |
|
| 200 | - else { |
|
| 195 | + } else { |
|
| 201 | 196 | SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.'); |
| 202 | 197 | $this->redirect('multiFactor'); |
| 203 | 198 | |
@@ -207,8 +202,7 @@ discard block |
||
| 207 | 202 | |
| 208 | 203 | // urgh, dunno what happened, but it's not something expected. |
| 209 | 204 | throw new ApplicationLogicException(); |
| 210 | - } |
|
| 211 | - else { |
|
| 205 | + } else { |
|
| 212 | 206 | if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
| 213 | 207 | // user is not enrolled, we shouldn't have got here. |
| 214 | 208 | throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism'); |
@@ -258,13 +252,11 @@ discard block |
||
| 258 | 252 | $tokens = $otpCredentialProvider->getTokens(); |
| 259 | 253 | $this->assign('tokens', $tokens); |
| 260 | 254 | $this->setTemplate('mfa/regenScratchTokens.tpl'); |
| 261 | - } |
|
| 262 | - else { |
|
| 255 | + } else { |
|
| 263 | 256 | SessionAlert::error('Error refreshing scratch tokens - invalid credentials.'); |
| 264 | 257 | $this->redirect('multiFactor'); |
| 265 | 258 | } |
| 266 | - } |
|
| 267 | - else { |
|
| 259 | + } else { |
|
| 268 | 260 | $this->assignCSRFToken(); |
| 269 | 261 | |
| 270 | 262 | $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing your tool password below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.'); |
@@ -302,13 +294,11 @@ discard block |
||
| 302 | 294 | $otpCredentialProvider->deleteCredential($currentUser); |
| 303 | 295 | SessionAlert::success('Disabled ' . $factorType . '.'); |
| 304 | 296 | $this->redirect('multiFactor'); |
| 305 | - } |
|
| 306 | - else { |
|
| 297 | + } else { |
|
| 307 | 298 | SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.'); |
| 308 | 299 | $this->redirect('multiFactor'); |
| 309 | 300 | } |
| 310 | - } |
|
| 311 | - else { |
|
| 301 | + } else { |
|
| 312 | 302 | if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) { |
| 313 | 303 | // user is not enrolled, we shouldn't have got here. |
| 314 | 304 | throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism'); |
@@ -14,22 +14,22 @@ |
||
| 14 | 14 | |
| 15 | 15 | class PageLogout extends InternalPageBase |
| 16 | 16 | { |
| 17 | - /** |
|
| 18 | - * Main function for this page, when no specific actions are called. |
|
| 19 | - */ |
|
| 20 | - protected function main() |
|
| 21 | - { |
|
| 22 | - if (WebRequest::wasPosted()) { |
|
| 23 | - Session::destroy(); |
|
| 24 | - $this->redirect("login"); |
|
| 25 | - return; |
|
| 26 | - } |
|
| 17 | + /** |
|
| 18 | + * Main function for this page, when no specific actions are called. |
|
| 19 | + */ |
|
| 20 | + protected function main() |
|
| 21 | + { |
|
| 22 | + if (WebRequest::wasPosted()) { |
|
| 23 | + Session::destroy(); |
|
| 24 | + $this->redirect("login"); |
|
| 25 | + return; |
|
| 26 | + } |
|
| 27 | 27 | |
| 28 | - $this->redirect(); |
|
| 29 | - } |
|
| 28 | + $this->redirect(); |
|
| 29 | + } |
|
| 30 | 30 | |
| 31 | - protected function isProtectedPage() |
|
| 32 | - { |
|
| 33 | - return false; |
|
| 34 | - } |
|
| 31 | + protected function isProtectedPage() |
|
| 32 | + { |
|
| 33 | + return false; |
|
| 34 | + } |
|
| 35 | 35 | } |
@@ -22,81 +22,81 @@ |
||
| 22 | 22 | |
| 23 | 23 | class PageOAuth extends InternalPageBase |
| 24 | 24 | { |
| 25 | - /** |
|
| 26 | - * Attach entry point |
|
| 27 | - * |
|
| 28 | - * must be posted, or will redirect to preferences |
|
| 29 | - */ |
|
| 30 | - protected function attach() |
|
| 31 | - { |
|
| 32 | - if (!WebRequest::wasPosted()) { |
|
| 33 | - $this->redirect('preferences'); |
|
| 34 | - |
|
| 35 | - return; |
|
| 36 | - } |
|
| 37 | - |
|
| 38 | - $database = $this->getDatabase(); |
|
| 39 | - |
|
| 40 | - $this->validateCSRFToken(); |
|
| 41 | - |
|
| 42 | - $oauthProtocolHelper = $this->getOAuthProtocolHelper(); |
|
| 43 | - $user = User::getCurrent($database); |
|
| 44 | - $oauth = new OAuthUserHelper($user, $database, $oauthProtocolHelper, $this->getSiteConfiguration()); |
|
| 45 | - |
|
| 46 | - try { |
|
| 47 | - $authoriseUrl = $oauth->getRequestToken(); |
|
| 48 | - $this->redirectUrl($authoriseUrl); |
|
| 49 | - } |
|
| 50 | - catch (CurlException $ex) { |
|
| 51 | - throw new ApplicationLogicException($ex->getMessage(), 0, $ex); |
|
| 52 | - } |
|
| 53 | - } |
|
| 54 | - |
|
| 55 | - /** |
|
| 56 | - * Detach account entry point |
|
| 57 | - * @throws Exception |
|
| 58 | - */ |
|
| 59 | - protected function detach() |
|
| 60 | - { |
|
| 61 | - if ($this->getSiteConfiguration()->getEnforceOAuth()) { |
|
| 62 | - throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - $database = $this->getDatabase(); |
|
| 66 | - $user = User::getCurrent($database); |
|
| 67 | - $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration()); |
|
| 68 | - |
|
| 69 | - try { |
|
| 70 | - $oauth->refreshIdentity(); |
|
| 71 | - } |
|
| 72 | - catch (CurlException $ex) { |
|
| 73 | - // do nothing. The user's already revoked this access anyway. |
|
| 74 | - } |
|
| 75 | - catch (OAuthException $ex) { |
|
| 76 | - // do nothing. The user's already revoked this access anyway. |
|
| 77 | - } |
|
| 78 | - catch (OptimisticLockFailedException $e) { |
|
| 79 | - // do nothing. The user's already revoked this access anyway. |
|
| 80 | - } |
|
| 81 | - |
|
| 82 | - $oauth->detach(); |
|
| 83 | - |
|
| 84 | - // TODO: figure out why we need to force logout after a detach. |
|
| 85 | - $user->setForcelogout(true); |
|
| 86 | - $user->save(); |
|
| 87 | - |
|
| 88 | - // force the user to log out |
|
| 89 | - Session::destroy(); |
|
| 90 | - |
|
| 91 | - $this->redirect('login'); |
|
| 92 | - } |
|
| 93 | - |
|
| 94 | - /** |
|
| 95 | - * Main function for this page, when no specific actions are called. |
|
| 96 | - * @return void |
|
| 97 | - */ |
|
| 98 | - protected function main() |
|
| 99 | - { |
|
| 100 | - $this->redirect('preferences'); |
|
| 101 | - } |
|
| 25 | + /** |
|
| 26 | + * Attach entry point |
|
| 27 | + * |
|
| 28 | + * must be posted, or will redirect to preferences |
|
| 29 | + */ |
|
| 30 | + protected function attach() |
|
| 31 | + { |
|
| 32 | + if (!WebRequest::wasPosted()) { |
|
| 33 | + $this->redirect('preferences'); |
|
| 34 | + |
|
| 35 | + return; |
|
| 36 | + } |
|
| 37 | + |
|
| 38 | + $database = $this->getDatabase(); |
|
| 39 | + |
|
| 40 | + $this->validateCSRFToken(); |
|
| 41 | + |
|
| 42 | + $oauthProtocolHelper = $this->getOAuthProtocolHelper(); |
|
| 43 | + $user = User::getCurrent($database); |
|
| 44 | + $oauth = new OAuthUserHelper($user, $database, $oauthProtocolHelper, $this->getSiteConfiguration()); |
|
| 45 | + |
|
| 46 | + try { |
|
| 47 | + $authoriseUrl = $oauth->getRequestToken(); |
|
| 48 | + $this->redirectUrl($authoriseUrl); |
|
| 49 | + } |
|
| 50 | + catch (CurlException $ex) { |
|
| 51 | + throw new ApplicationLogicException($ex->getMessage(), 0, $ex); |
|
| 52 | + } |
|
| 53 | + } |
|
| 54 | + |
|
| 55 | + /** |
|
| 56 | + * Detach account entry point |
|
| 57 | + * @throws Exception |
|
| 58 | + */ |
|
| 59 | + protected function detach() |
|
| 60 | + { |
|
| 61 | + if ($this->getSiteConfiguration()->getEnforceOAuth()) { |
|
| 62 | + throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager()); |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + $database = $this->getDatabase(); |
|
| 66 | + $user = User::getCurrent($database); |
|
| 67 | + $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration()); |
|
| 68 | + |
|
| 69 | + try { |
|
| 70 | + $oauth->refreshIdentity(); |
|
| 71 | + } |
|
| 72 | + catch (CurlException $ex) { |
|
| 73 | + // do nothing. The user's already revoked this access anyway. |
|
| 74 | + } |
|
| 75 | + catch (OAuthException $ex) { |
|
| 76 | + // do nothing. The user's already revoked this access anyway. |
|
| 77 | + } |
|
| 78 | + catch (OptimisticLockFailedException $e) { |
|
| 79 | + // do nothing. The user's already revoked this access anyway. |
|
| 80 | + } |
|
| 81 | + |
|
| 82 | + $oauth->detach(); |
|
| 83 | + |
|
| 84 | + // TODO: figure out why we need to force logout after a detach. |
|
| 85 | + $user->setForcelogout(true); |
|
| 86 | + $user->save(); |
|
| 87 | + |
|
| 88 | + // force the user to log out |
|
| 89 | + Session::destroy(); |
|
| 90 | + |
|
| 91 | + $this->redirect('login'); |
|
| 92 | + } |
|
| 93 | + |
|
| 94 | + /** |
|
| 95 | + * Main function for this page, when no specific actions are called. |
|
| 96 | + * @return void |
|
| 97 | + */ |
|
| 98 | + protected function main() |
|
| 99 | + { |
|
| 100 | + $this->redirect('preferences'); |
|
| 101 | + } |
|
| 102 | 102 | } |
