<?php
/**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
namespace Friendica\Model;
+use DivineOmega\DOFileCachePSR6\CacheItemPool;
use DivineOmega\PasswordExposed;
+use ErrorException;
use Exception;
use Friendica\Content\Pager;
use Friendica\Core\Hook;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\DI;
-use Friendica\Model\TwoFactor\AppSpecificPassword;
-use Friendica\Network\HTTPException\InternalServerErrorException;
+use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
+use Friendica\Network\HTTPException;
use Friendica\Object\Image;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Images;
use Friendica\Util\Network;
+use Friendica\Util\Proxy;
use Friendica\Util\Strings;
use Friendica\Worker\Delivery;
+use ImagickException;
use LightOpenID;
/**
const ACCOUNT_TYPE_NEWS = 2;
const ACCOUNT_TYPE_COMMUNITY = 3;
const ACCOUNT_TYPE_RELAY = 4;
+ const ACCOUNT_TYPE_DELETED = 127;
/**
* @}
*/
private static $owner;
+ /**
+ * Returns the numeric account type by their string
+ *
+ * @param string $accounttype as string constant
+ * @return int|null Numeric account type - or null when not set
+ */
+ public static function getAccountTypeByString(string $accounttype)
+ {
+ switch ($accounttype) {
+ case 'person':
+ return User::ACCOUNT_TYPE_PERSON;
+ case 'organisation':
+ return User::ACCOUNT_TYPE_ORGANISATION;
+ case 'news':
+ return User::ACCOUNT_TYPE_NEWS;
+ case 'community':
+ return User::ACCOUNT_TYPE_COMMUNITY;
+ default:
+ return null;
+ break;
+ }
+ }
+
/**
* Fetch the system account
*
}
}
- $system['spubkey'] = $system['uprvkey'] = $system['prvkey'];
- $system['username'] = $system['name'];
+ $system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
+ $system['spubkey'] = $system['upubkey'] = $system['pubkey'];
$system['nickname'] = $system['nick'];
+
+ // Ensure that the user contains data
+ $user = DBA::selectFirst('user', ['prvkey'], ['uid' => 0]);
+ if (empty($user['prvkey'])) {
+ $fields = [
+ 'username' => $system['name'],
+ 'nickname' => $system['nick'],
+ 'register_date' => $system['created'],
+ 'pubkey' => $system['pubkey'],
+ 'prvkey' => $system['prvkey'],
+ 'spubkey' => $system['spubkey'],
+ 'sprvkey' => $system['sprvkey'],
+ 'verified' => true,
+ 'page-flags' => User::PAGE_FLAGS_SOAPBOX,
+ 'account-type' => User::ACCOUNT_TYPE_RELAY,
+ ];
+
+ DBA::update('user', $fields, ['uid' => 0]);
+ }
+
return $system;
}
$system['name'] = 'System Account';
$system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
$system['nick'] = $system_actor_name;
- $system['avatar'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO;
- $system['photo'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO;
- $system['thumb'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_THUMB;
- $system['micro'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_MICRO;
$system['url'] = DI::baseUrl() . '/friendica';
+
+ $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
+ $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
+ $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
+
$system['nurl'] = Strings::normaliseLink($system['url']);
$system['pubkey'] = $keys['pubkey'];
$system['prvkey'] = $keys['prvkey'];
{
$system_actor_name = DI::config()->get('system', 'actor_name');
if (!empty($system_actor_name)) {
+ $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
+ if (!empty($self['nick'])) {
+ if ($self['nick'] != $system_actor_name) {
+ // Reset the actor name to the already used name
+ DI::config()->set('system', 'actor_name', $self['nick']);
+ $system_actor_name = $self['nick'];
+ }
+ }
return $system_actor_name;
}
// List of possible actor names
$possible_accounts = ['friendica', 'actor', 'system', 'internal'];
foreach ($possible_accounts as $name) {
- if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire']) &&
+ if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
!DBA::exists('userd', ['username' => $name])) {
DI::config()->set('system', 'actor_name', $name);
return $name;
*/
public static function getById($uid, array $fields = [])
{
- return DBA::selectFirst('user', $fields, ['uid' => $uid]);
+ return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
}
/**
*/
public static function getIdForURL(string $url)
{
- // Avoid any database requests when the hostname isn't even part of the url.
- if (!strpos($url, DI::baseUrl()->getHostname())) {
+ // Avoid database queries when the local node hostname isn't even part of the url.
+ if (!Contact::isLocal($url)) {
return 0;
}
/**
* Get owner data by user id
*
- * @param int $uid
- * @param boolean $check_valid Test if data is invalid and correct it
+ * @param int $uid
+ * @param boolean $repairMissing Repair the owner data if it's missing
* @return boolean|array
* @throws Exception
*/
- public static function getOwnerDataById(int $uid, bool $check_valid = true)
+ public static function getOwnerDataById(int $uid, bool $repairMissing = true)
{
+ if ($uid == 0) {
+ return self::getSystemAccount();
+ }
+
if (!empty(self::$owner[$uid])) {
return self::$owner[$uid];
}
$owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
if (!DBA::isResult($owner)) {
- if (!DBA::exists('user', ['uid' => $uid]) || !$check_valid) {
+ if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
return false;
}
Contact::createSelfFromUserId($uid);
return false;
}
- if (!$check_valid) {
+ if (!$repairMissing || $owner['account_expired']) {
return $owner;
}
if (!$repair) {
// Check if "addr" is present and correct
$addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
- $repair = ($addr != $owner['addr']);
+ $repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
}
if (!$repair) {
/**
* Returns the default group for a given user and network
*
- * @param int $uid User id
+ * @param int $uid User id
* @param string $network network name
*
* @return int group id
- * @throws InternalServerErrorException
+ * @throws Exception
*/
public static function getDefaultGroup($uid, $network = '')
{
* @param string $password
* @param bool $third_party
* @return int User Id if authentication is successful
- * @throws Exception
+ * @throws HTTPException\ForbiddenException
+ * @throws HTTPException\NotFoundException
*/
public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
{
- $user = self::getAuthenticationInfo($user_info);
+ // Addons registered with the "authenticate" hook may create the user on the
+ // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
+ // the user doesn't exist, we should give the addons a chance to create the
+ // user in our database, if applicable, before re-throwing the exception if
+ // they fail.
+ try {
+ $user = self::getAuthenticationInfo($user_info);
+ } catch (Exception $e) {
+ $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
+
+ // Addons can create users, and since this 'catch' branch should only
+ // execute if getAuthenticationInfo can't find an existing user, that's
+ // exactly what will happen here. Creating a numeric username would create
+ // abiguity with user IDs, possibly opening up an attack vector.
+ // So let's be very careful about that.
+ if (empty($username) || is_numeric($username)) {
+ throw $e;
+ }
+
+ return self::getIdFromAuthenticateHooks($username, $password);
+ }
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
}
return $user['uid'];
+ } else {
+ return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
}
- throw new Exception(DI::l10n()->t('Login failed'));
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
+ }
+
+ /**
+ * Try to obtain a user ID via "authenticate" hook addons
+ *
+ * Returns the user id associated with a successful password authentication
+ *
+ * @param string $username
+ * @param string $password
+ * @return int User Id if authentication is successful
+ * @throws HTTPException\ForbiddenException
+ */
+ public static function getIdFromAuthenticateHooks($username, $password)
+ {
+ $addon_auth = [
+ 'username' => $username,
+ 'password' => $password,
+ 'authenticated' => 0,
+ 'user_record' => null
+ ];
+
+ /*
+ * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+ * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
+ * and later addons should not interfere with an earlier one that succeeded.
+ */
+ Hook::callAll('authenticate', $addon_auth);
+
+ if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
+ return $addon_auth['user_record']['uid'];
+ }
+
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
}
/**
*
* @param mixed $user_info
* @return array
- * @throws Exception
+ * @throws HTTPException\NotFoundException
*/
- private static function getAuthenticationInfo($user_info)
+ public static function getAuthenticationInfo($user_info)
{
$user = null;
if (is_int($user_info)) {
$user = DBA::selectFirst(
'user',
- ['uid', 'password', 'legacy_password'],
+ ['uid', 'nickname', 'password', 'legacy_password'],
[
'uid' => $user_info,
'blocked' => 0,
]
);
} else {
- $fields = ['uid', 'password', 'legacy_password'];
+ $fields = ['uid', 'nickname', 'password', 'legacy_password'];
$condition = [
"(`email` = ? OR `username` = ? OR `nickname` = ?)
AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
}
if (!DBA::isResult($user)) {
- throw new Exception(DI::l10n()->t('User not found'));
+ throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
}
}
* Generates a human-readable random password
*
* @return string
+ * @throws Exception
*/
public static function generateNewPassword()
{
*/
public static function isPasswordExposed($password)
{
- $cache = new \DivineOmega\DOFileCachePSR6\CacheItemPool();
+ $cache = new CacheItemPool();
$cache->changeConfig([
'cacheDirectory' => get_temppath() . '/password-exposed-cache/',
]);
$passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
- } catch (\Exception $e) {
+ } catch (Exception $e) {
Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
'code' => $e->getCode(),
'file' => $e->getFile(),
*
* @param string $nickname The nickname that should be checked
* @return boolean True is the nickname is blocked on the node
- * @throws InternalServerErrorException
*/
public static function isNicknameBlocked($nickname)
{
$forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
if (!empty($forbidden_nicknames)) {
- // check if the nickname is in the list of blocked nicknames
$forbidden = explode(',', $forbidden_nicknames);
$forbidden = array_map('trim', $forbidden);
} else {
return false;
}
+ // check if the nickname is in the list of blocked nicknames
if (in_array(strtolower($nickname), $forbidden)) {
return true;
}
*
* @param array $data
* @return array
- * @throws \ErrorException
- * @throws InternalServerErrorException
- * @throws \ImagickException
+ * @throws ErrorException
+ * @throws HTTPException\InternalServerErrorException
+ * @throws ImagickException
* @throws Exception
*/
public static function create(array $data)
$nickname = $data['nickname'] = strtolower($nickname);
- if (!preg_match('/^[a-z0-9][a-z0-9\_]*$/', $nickname)) {
+ if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
}
$photo_failure = false;
$filename = basename($photo);
- $curlResult = DI::httpRequest()->get($photo, true);
+ $curlResult = DI::httpRequest()->get($photo);
if ($curlResult->isSuccess()) {
$img_str = $curlResult->getBody();
$type = $curlResult->getContentType();
Photo::update(['profile' => 1], ['resource-id' => $resource_id]);
}
}
+
+ Contact::updateSelfFromUserID($uid, true);
}
Hook::callAll('register_account', $uid);
*
* @return bool True, if the allow was successful
*
- * @throws InternalServerErrorException
+ * @throws HTTPException\InternalServerErrorException
* @throws Exception
*/
public static function allow(string $hash)
return false;
}
+ // Delete the avatar
+ Photo::delete(['uid' => $register['uid']]);
+
return DBA::delete('user', ['uid' => $register['uid']]) &&
Register::deleteByHash($register['hash']);
}
* @param string $lang The user's language (default is english)
*
* @return bool True, if the user was created successfully
- * @throws InternalServerErrorException
- * @throws \ErrorException
- * @throws \ImagickException
+ * @throws HTTPException\InternalServerErrorException
+ * @throws ErrorException
+ * @throws ImagickException
*/
public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT)
{
if (empty($name) ||
empty($email) ||
empty($nick)) {
- throw new InternalServerErrorException('Invalid arguments.');
+ throw new HTTPException\InternalServerErrorException('Invalid arguments.');
}
$result = self::create([
* @param string $siteurl
* @param string $password Plaintext password
* @return NULL|boolean from notification() and email() inherited
- * @throws InternalServerErrorException
+ * @throws HTTPException\InternalServerErrorException
*/
public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
{
*
* It's here as a function because the mail is sent from different parts
*
- * @param \Friendica\Core\L10n $l10n The used language
- * @param array $user User record array
- * @param string $sitename
- * @param string $siteurl
- * @param string $password Plaintext password
+ * @param L10n $l10n The used language
+ * @param array $user User record array
+ * @param string $sitename
+ * @param string $siteurl
+ * @param string $password Plaintext password
*
* @return NULL|boolean from notification() and email() inherited
- * @throws InternalServerErrorException
+ * @throws HTTPException\InternalServerErrorException
*/
- public static function sendRegisterOpenEmail(\Friendica\Core\L10n $l10n, $user, $sitename, $siteurl, $password)
+ public static function sendRegisterOpenEmail(L10n $l10n, $user, $sitename, $siteurl, $password)
{
$preamble = Strings::deindent($l10n->t(
'
/**
* @param int $uid user to remove
* @return bool
- * @throws InternalServerErrorException
+ * @throws HTTPException\InternalServerErrorException
*/
public static function remove(int $uid)
{
- if (!$uid) {
+ if (empty($uid)) {
return false;
}
// unique), so it cannot be re-registered in the future.
DBA::insert('userd', ['username' => $user['nickname']]);
+ // Remove all personal settings, especially connector settings
+ DBA::delete('pconfig', ['uid' => $uid]);
+
// The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
$condition['blocked'] = false;
break;
case 'blocked':
+ $condition['account_removed'] = false;
$condition['blocked'] = true;
+ $condition['verified'] = true;
break;
case 'removed':
$condition['account_removed'] = true;
projects / friendica.git / blobdiff