nextcloud /
server
| Total Complexity | 62 |
| Total Lines | 545 |
| Duplicated Lines | 0 % |
| Changes | 0 | ||
Complex classes like UsersController often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use UsersController, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 72 | class UsersController extends Controller { |
||
| 73 | /** @var UserManager */ |
||
| 74 | private $userManager; |
||
| 75 | /** @var GroupManager */ |
||
| 76 | private $groupManager; |
||
| 77 | /** @var IUserSession */ |
||
| 78 | private $userSession; |
||
| 79 | /** @var IConfig */ |
||
| 80 | private $config; |
||
| 81 | /** @var bool */ |
||
| 82 | private $isAdmin; |
||
| 83 | /** @var IL10N */ |
||
| 84 | private $l10n; |
||
| 85 | /** @var IMailer */ |
||
| 86 | private $mailer; |
||
| 87 | /** @var Factory */ |
||
| 88 | private $l10nFactory; |
||
| 89 | /** @var IAppManager */ |
||
| 90 | private $appManager; |
||
| 91 | /** @var AccountManager */ |
||
| 92 | private $accountManager; |
||
| 93 | /** @var Manager */ |
||
| 94 | private $keyManager; |
||
| 95 | /** @var IJobList */ |
||
| 96 | private $jobList; |
||
| 97 | /** @var IManager */ |
||
| 98 | private $encryptionManager; |
||
| 99 | /** @var KnownUserService */ |
||
| 100 | private $knownUserService; |
||
| 101 | /** @var IEventDispatcher */ |
||
| 102 | private $dispatcher; |
||
| 103 | |||
| 104 | |||
| 105 | public function __construct( |
||
| 106 | string $appName, |
||
| 107 | IRequest $request, |
||
| 108 | IUserManager $userManager, |
||
| 109 | IGroupManager $groupManager, |
||
| 110 | IUserSession $userSession, |
||
| 111 | IConfig $config, |
||
| 112 | bool $isAdmin, |
||
| 113 | IL10N $l10n, |
||
| 114 | IMailer $mailer, |
||
| 115 | IFactory $l10nFactory, |
||
| 116 | IAppManager $appManager, |
||
| 117 | AccountManager $accountManager, |
||
| 118 | Manager $keyManager, |
||
| 119 | IJobList $jobList, |
||
| 120 | IManager $encryptionManager, |
||
| 121 | KnownUserService $knownUserService, |
||
| 122 | IEventDispatcher $dispatcher |
||
| 123 | ) { |
||
| 124 | parent::__construct($appName, $request); |
||
| 125 | $this->userManager = $userManager; |
||
|
|
|||
| 126 | $this->groupManager = $groupManager; |
||
| 127 | $this->userSession = $userSession; |
||
| 128 | $this->config = $config; |
||
| 129 | $this->isAdmin = $isAdmin; |
||
| 130 | $this->l10n = $l10n; |
||
| 131 | $this->mailer = $mailer; |
||
| 132 | $this->l10nFactory = $l10nFactory; |
||
| 133 | $this->appManager = $appManager; |
||
| 134 | $this->accountManager = $accountManager; |
||
| 135 | $this->keyManager = $keyManager; |
||
| 136 | $this->jobList = $jobList; |
||
| 137 | $this->encryptionManager = $encryptionManager; |
||
| 138 | $this->knownUserService = $knownUserService; |
||
| 139 | $this->dispatcher = $dispatcher; |
||
| 140 | } |
||
| 141 | |||
| 142 | |||
| 143 | /** |
||
| 144 | * @NoCSRFRequired |
||
| 145 | * @NoAdminRequired |
||
| 146 | * |
||
| 147 | * Display users list template |
||
| 148 | * |
||
| 149 | * @return TemplateResponse |
||
| 150 | */ |
||
| 151 | public function usersListByGroup(): TemplateResponse { |
||
| 152 | return $this->usersList(); |
||
| 153 | } |
||
| 154 | |||
| 155 | /** |
||
| 156 | * @NoCSRFRequired |
||
| 157 | * @NoAdminRequired |
||
| 158 | * |
||
| 159 | * Display users list template |
||
| 160 | * |
||
| 161 | * @return TemplateResponse |
||
| 162 | */ |
||
| 163 | public function usersList(): TemplateResponse { |
||
| 164 | $user = $this->userSession->getUser(); |
||
| 165 | $uid = $user->getUID(); |
||
| 166 | |||
| 167 | \OC::$server->getNavigationManager()->setActiveEntry('core_users'); |
||
| 168 | |||
| 169 | /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */ |
||
| 170 | $sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT; |
||
| 171 | $isLDAPUsed = false; |
||
| 172 | if ($this->config->getSystemValue('sort_groups_by_name', false)) { |
||
| 173 | $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME; |
||
| 174 | } else { |
||
| 175 | if ($this->appManager->isEnabledForUser('user_ldap')) { |
||
| 176 | $isLDAPUsed = |
||
| 177 | $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy'); |
||
| 178 | if ($isLDAPUsed) { |
||
| 179 | // LDAP user count can be slow, so we sort by group name here |
||
| 180 | $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME; |
||
| 181 | } |
||
| 182 | } |
||
| 183 | } |
||
| 184 | |||
| 185 | $canChangePassword = $this->canAdminChangeUserPasswords(); |
||
| 186 | |||
| 187 | /* GROUPS */ |
||
| 188 | $groupsInfo = new \OC\Group\MetaData( |
||
| 189 | $uid, |
||
| 190 | $this->isAdmin, |
||
| 191 | $this->groupManager, |
||
| 192 | $this->userSession |
||
| 193 | ); |
||
| 194 | |||
| 195 | $groupsInfo->setSorting($sortGroupsBy); |
||
| 196 | [$adminGroup, $groups] = $groupsInfo->get(); |
||
| 197 | |||
| 198 | if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) { |
||
| 199 | $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) { |
||
| 200 | return $ldapFound || $backend instanceof User_Proxy; |
||
| 201 | }); |
||
| 202 | } |
||
| 203 | |||
| 204 | $disabledUsers = -1; |
||
| 205 | $userCount = 0; |
||
| 206 | |||
| 207 | if (!$isLDAPUsed) { |
||
| 208 | if ($this->isAdmin) { |
||
| 209 | $disabledUsers = $this->userManager->countDisabledUsers(); |
||
| 210 | $userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) { |
||
| 211 | return $v + (int)$w; |
||
| 212 | }, 0); |
||
| 213 | } else { |
||
| 214 | // User is subadmin ! |
||
| 215 | // Map group list to names to retrieve the countDisabledUsersOfGroups |
||
| 216 | $userGroups = $this->groupManager->getUserGroups($user); |
||
| 217 | $groupsNames = []; |
||
| 218 | |||
| 219 | foreach ($groups as $key => $group) { |
||
| 220 | // $userCount += (int)$group['usercount']; |
||
| 221 | array_push($groupsNames, $group['name']); |
||
| 222 | // we prevent subadmins from looking up themselves |
||
| 223 | // so we lower the count of the groups he belongs to |
||
| 224 | if (array_key_exists($group['id'], $userGroups)) { |
||
| 225 | $groups[$key]['usercount']--; |
||
| 226 | $userCount -= 1; // we also lower from one the total count |
||
| 227 | } |
||
| 228 | } |
||
| 229 | $userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups()); |
||
| 230 | $disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames); |
||
| 231 | } |
||
| 232 | |||
| 233 | $userCount -= $disabledUsers; |
||
| 234 | } |
||
| 235 | |||
| 236 | $disabledUsersGroup = [ |
||
| 237 | 'id' => 'disabled', |
||
| 238 | 'name' => 'Disabled users', |
||
| 239 | 'usercount' => $disabledUsers |
||
| 240 | ]; |
||
| 241 | |||
| 242 | /* QUOTAS PRESETS */ |
||
| 243 | $quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB')); |
||
| 244 | $defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none'); |
||
| 245 | |||
| 246 | $event = new BeforeTemplateRenderedEvent(); |
||
| 247 | $this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event); |
||
| 248 | $this->dispatcher->dispatchTyped($event); |
||
| 249 | |||
| 250 | /* LANGUAGES */ |
||
| 251 | $languages = $this->l10nFactory->getLanguages(); |
||
| 252 | |||
| 253 | /* FINAL DATA */ |
||
| 254 | $serverData = []; |
||
| 255 | // groups |
||
| 256 | $serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups); |
||
| 257 | // Various data |
||
| 258 | $serverData['isAdmin'] = $this->isAdmin; |
||
| 259 | $serverData['sortGroups'] = $sortGroupsBy; |
||
| 260 | $serverData['quotaPreset'] = $quotaPreset; |
||
| 261 | $serverData['userCount'] = $userCount; |
||
| 262 | $serverData['languages'] = $languages; |
||
| 263 | $serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en'); |
||
| 264 | $serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false); |
||
| 265 | // Settings |
||
| 266 | $serverData['defaultQuota'] = $defaultQuota; |
||
| 267 | $serverData['canChangePassword'] = $canChangePassword; |
||
| 268 | $serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes'; |
||
| 269 | $serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes'; |
||
| 270 | $serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes'; |
||
| 271 | |||
| 272 | return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]); |
||
| 273 | } |
||
| 274 | |||
| 275 | /** |
||
| 276 | * @param string $key |
||
| 277 | * @param string $value |
||
| 278 | * |
||
| 279 | * @return JSONResponse |
||
| 280 | */ |
||
| 281 | public function setPreference(string $key, string $value): JSONResponse { |
||
| 282 | $allowed = ['newUser.sendEmail']; |
||
| 283 | if (!in_array($key, $allowed, true)) { |
||
| 284 | return new JSONResponse([], Http::STATUS_FORBIDDEN); |
||
| 285 | } |
||
| 286 | |||
| 287 | $this->config->setAppValue('core', $key, $value); |
||
| 288 | |||
| 289 | return new JSONResponse([]); |
||
| 290 | } |
||
| 291 | |||
| 292 | /** |
||
| 293 | * Parse the app value for quota_present |
||
| 294 | * |
||
| 295 | * @param string $quotaPreset |
||
| 296 | * @return array |
||
| 297 | */ |
||
| 298 | protected function parseQuotaPreset(string $quotaPreset): array { |
||
| 303 | } |
||
| 304 | |||
| 305 | /** |
||
| 306 | * check if the admin can change the users password |
||
| 307 | * |
||
| 308 | * The admin can change the passwords if: |
||
| 309 | * |
||
| 310 | * - no encryption module is loaded and encryption is disabled |
||
| 311 | * - encryption module is loaded but it doesn't require per user keys |
||
| 312 | * |
||
| 313 | * The admin can not change the passwords if: |
||
| 314 | * |
||
| 315 | * - an encryption module is loaded and it uses per-user keys |
||
| 316 | * - encryption is enabled but no encryption modules are loaded |
||
| 317 | * |
||
| 318 | * @return bool |
||
| 319 | */ |
||
| 320 | protected function canAdminChangeUserPasswords(): bool { |
||
| 333 | } |
||
| 334 | |||
| 335 | /** |
||
| 336 | * @NoAdminRequired |
||
| 337 | * @NoSubAdminRequired |
||
| 338 | * @PasswordConfirmationRequired |
||
| 339 | * |
||
| 340 | * @param string|null $avatarScope |
||
| 341 | * @param string|null $displayname |
||
| 342 | * @param string|null $displaynameScope |
||
| 343 | * @param string|null $phone |
||
| 344 | * @param string|null $phoneScope |
||
| 345 | * @param string|null $email |
||
| 346 | * @param string|null $emailScope |
||
| 347 | * @param string|null $website |
||
| 348 | * @param string|null $websiteScope |
||
| 349 | * @param string|null $address |
||
| 350 | * @param string|null $addressScope |
||
| 351 | * @param string|null $twitter |
||
| 352 | * @param string|null $twitterScope |
||
| 353 | * |
||
| 354 | * @return DataResponse |
||
| 355 | */ |
||
| 356 | public function setUserSettings(?string $avatarScope = null, |
||
| 480 | ], |
||
| 481 | ]); |
||
| 482 | } |
||
| 483 | } |
||
| 484 | /** |
||
| 485 | * update account manager with new user data |
||
| 486 | * |
||
| 487 | * @param IUser $user |
||
| 488 | * @param array $data |
||
| 489 | * @return array |
||
| 490 | * @throws ForbiddenException |
||
| 491 | * @throws \InvalidArgumentException |
||
| 492 | */ |
||
| 493 | protected function saveUserSettings(IUser $user, array $data): array { |
||
| 494 | // keep the user back-end up-to-date with the latest display name and email |
||
| 495 | // address |
||
| 496 | $oldDisplayName = $user->getDisplayName(); |
||
| 497 | $oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName; |
||
| 498 | if (isset($data[IAccountManager::PROPERTY_DISPLAYNAME]['value']) |
||
| 499 | && $oldDisplayName !== $data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] |
||
| 500 | ) { |
||
| 501 | $result = $user->setDisplayName($data[IAccountManager::PROPERTY_DISPLAYNAME]['value']); |
||
| 502 | if ($result === false) { |
||
| 503 | throw new ForbiddenException($this->l10n->t('Unable to change full name')); |
||
| 504 | } |
||
| 505 | } |
||
| 506 | |||
| 507 | $oldEmailAddress = $user->getEMailAddress(); |
||
| 508 | $oldEmailAddress = is_null($oldEmailAddress) ? '' : strtolower($oldEmailAddress); |
||
| 509 | if (isset($data[IAccountManager::PROPERTY_EMAIL]['value']) |
||
| 510 | && $oldEmailAddress !== $data[IAccountManager::PROPERTY_EMAIL]['value'] |
||
| 511 | ) { |
||
| 512 | // this is the only permission a backend provides and is also used |
||
| 513 | // for the permission of setting a email address |
||
| 514 | if (!$user->canChangeDisplayName()) { |
||
| 515 | throw new ForbiddenException($this->l10n->t('Unable to change email address')); |
||
| 516 | } |
||
| 517 | $user->setEMailAddress($data[IAccountManager::PROPERTY_EMAIL]['value']); |
||
| 518 | } |
||
| 519 | |||
| 520 | try { |
||
| 521 | return $this->accountManager->updateUser($user, $data, true); |
||
| 522 | } catch (\InvalidArgumentException $e) { |
||
| 523 | if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) { |
||
| 524 | throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid phone number')); |
||
| 525 | } |
||
| 526 | if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) { |
||
| 527 | throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid website')); |
||
| 528 | } |
||
| 529 | throw new \InvalidArgumentException($this->l10n->t('Some account data was invalid')); |
||
| 530 | } |
||
| 531 | } |
||
| 532 | |||
| 533 | /** |
||
| 534 | * Set the mail address of a user |
||
| 535 | * |
||
| 536 | * @NoAdminRequired |
||
| 537 | * @NoSubAdminRequired |
||
| 538 | * @PasswordConfirmationRequired |
||
| 539 | * |
||
| 540 | * @param string $account |
||
| 541 | * @param bool $onlyVerificationCode only return verification code without updating the data |
||
| 542 | * @return DataResponse |
||
| 543 | */ |
||
| 544 | public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse { |
||
| 545 | $user = $this->userSession->getUser(); |
||
| 546 | |||
| 547 | if ($user === null) { |
||
| 548 | return new DataResponse([], Http::STATUS_BAD_REQUEST); |
||
| 549 | } |
||
| 550 | |||
| 551 | $accountData = $this->accountManager->getUser($user); |
||
| 552 | $cloudId = $user->getCloudId(); |
||
| 553 | $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId; |
||
| 554 | $signature = $this->signMessage($user, $message); |
||
| 555 | |||
| 556 | $code = $message . ' ' . $signature; |
||
| 557 | $codeMd5 = $message . ' ' . md5($signature); |
||
| 558 | |||
| 559 | switch ($account) { |
||
| 560 | case 'verify-twitter': |
||
| 561 | $accountData[IAccountManager::PROPERTY_TWITTER]['verified'] = IAccountManager::VERIFICATION_IN_PROGRESS; |
||
| 562 | $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):'); |
||
| 563 | $code = $codeMd5; |
||
| 564 | $type = IAccountManager::PROPERTY_TWITTER; |
||
| 565 | $accountData[IAccountManager::PROPERTY_TWITTER]['signature'] = $signature; |
||
| 566 | break; |
||
| 567 | case 'verify-website': |
||
| 568 | $accountData[IAccountManager::PROPERTY_WEBSITE]['verified'] = IAccountManager::VERIFICATION_IN_PROGRESS; |
||
| 569 | $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):'); |
||
| 570 | $type = IAccountManager::PROPERTY_WEBSITE; |
||
| 571 | $accountData[IAccountManager::PROPERTY_WEBSITE]['signature'] = $signature; |
||
| 572 | break; |
||
| 573 | default: |
||
| 574 | return new DataResponse([], Http::STATUS_BAD_REQUEST); |
||
| 575 | } |
||
| 576 | |||
| 577 | if ($onlyVerificationCode === false) { |
||
| 578 | $accountData = $this->accountManager->updateUser($user, $accountData); |
||
| 579 | $data = $accountData[$type]['value']; |
||
| 580 | |||
| 581 | $this->jobList->add(VerifyUserData::class, |
||
| 582 | [ |
||
| 583 | 'verificationCode' => $code, |
||
| 584 | 'data' => $data, |
||
| 585 | 'type' => $type, |
||
| 586 | 'uid' => $user->getUID(), |
||
| 587 | 'try' => 0, |
||
| 588 | 'lastRun' => $this->getCurrentTime() |
||
| 589 | ] |
||
| 590 | ); |
||
| 591 | } |
||
| 592 | |||
| 593 | return new DataResponse(['msg' => $msg, 'code' => $code]); |
||
| 594 | } |
||
| 595 | |||
| 596 | /** |
||
| 597 | * get current timestamp |
||
| 598 | * |
||
| 599 | * @return int |
||
| 600 | */ |
||
| 601 | protected function getCurrentTime(): int { |
||
| 603 | } |
||
| 604 | |||
| 605 | /** |
||
| 606 | * sign message with users private key |
||
| 607 | * |
||
| 608 | * @param IUser $user |
||
| 609 | * @param string $message |
||
| 610 | * |
||
| 611 | * @return string base64 encoded signature |
||
| 612 | */ |
||
| 613 | protected function signMessage(IUser $user, string $message): string { |
||
| 619 |
Loading history...
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly.
Either this assignment is in error or an instanceof check should be added for that assignment.