<?php
/**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\DI;
-use Friendica\Model\TwoFactor\AppSpecificPassword;
+use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
use Friendica\Network\HTTPException;
use Friendica\Object\Image;
use Friendica\Util\Crypto;
const ACCOUNT_TYPE_NEWS = 2;
const ACCOUNT_TYPE_COMMUNITY = 3;
const ACCOUNT_TYPE_RELAY = 4;
+ const ACCOUNT_TYPE_DELETED = 127;
/**
* @}
*/
$system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
$system['spubkey'] = $system['upubkey'] = $system['pubkey'];
$system['nickname'] = $system['nick'];
+ $system['page-flags'] = User::PAGE_FLAGS_SOAPBOX;
+ $system['account-type'] = $system['contact-type'];
+ $system['guid'] = '';
+ $system['picdate'] = '';
+ $system['theme'] = '';
+ $system['publish'] = false;
+ $system['net-publish'] = false;
+ $system['hide-friends'] = true;
+ $system['prv_keywords'] = '';
+ $system['pub_keywords'] = '';
+ $system['address'] = '';
+ $system['locality'] = '';
+ $system['region'] = '';
+ $system['postal-code'] = '';
+ $system['country-name'] = '';
+ $system['homepage'] = DI::baseUrl()->get();
+ $system['dob'] = '0000-00-00';
// Ensure that the user contains data
- $user = DBA::selectFirst('user', ['prvkey'], ['uid' => 0]);
- if (empty($user['prvkey'])) {
+ $user = DBA::selectFirst('user', ['prvkey', 'guid'], ['uid' => 0]);
+ if (empty($user['prvkey']) || empty($user['guid'])) {
$fields = [
'username' => $system['name'],
'nickname' => $system['nick'],
'prvkey' => $system['prvkey'],
'spubkey' => $system['spubkey'],
'sprvkey' => $system['sprvkey'],
+ 'guid' => System::createUUID(),
'verified' => true,
'page-flags' => User::PAGE_FLAGS_SOAPBOX,
'account-type' => User::ACCOUNT_TYPE_RELAY,
];
DBA::update('user', $fields, ['uid' => 0]);
+
+ $system['guid'] = $fields['guid'];
+ } else {
+ $system['guid'] = $user['guid'];
}
return $system;
$system['closeness'] = 0;
$system['baseurl'] = DI::baseUrl();
$system['gsid'] = GServer::getID($system['baseurl']);
- DBA::insert('contact', $system);
+ Contact::insert($system);
}
/**
*/
public static function getIdForURL(string $url)
{
- // Avoid any database requests when the hostname isn't even part of the url.
- if (!strpos($url, DI::baseUrl()->getHostname())) {
+ // Avoid database queries when the local node hostname isn't even part of the url.
+ if (!Contact::isLocal($url)) {
return 0;
}
if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
return false;
}
- Contact::createSelfFromUserId($uid);
+ if (!DBA::exists('profile', ['uid' => $uid])) {
+ DBA::insert('profile', ['uid' => $uid]);
+ }
+ if (!DBA::exists('contact', ['uid' => $uid, 'self' => true])) {
+ Contact::createSelfFromUserId($uid);
+ }
$owner = self::getOwnerDataById($uid, false);
}
return false;
}
- if (!$repairMissing) {
+ if (!$repairMissing || $owner['account_expired']) {
return $owner;
}
// Check for correct url and normalised nurl
$url = DI::baseUrl() . '/profile/' . $owner['nickname'];
- $repair = ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
+ $repair = empty($owner['network']) || ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
if (!$repair) {
// Check if "addr" is present and correct
/**
* Returns the default group for a given user and network
*
- * @param int $uid User id
- * @param string $network network name
+ * @param int $uid User id
*
* @return int group id
* @throws Exception
*/
- public static function getDefaultGroup($uid, $network = '')
+ public static function getDefaultGroup($uid)
{
- $default_group = 0;
-
- if ($network == Protocol::OSTATUS) {
- $default_group = DI::pConfig()->get($uid, "ostatus", "default_group");
- }
-
- if ($default_group != 0) {
- return $default_group;
- }
-
$user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
-
if (DBA::isResult($user)) {
$default_group = $user["def_gid"];
+ } else {
+ $default_group = 0;
}
return $default_group;
}
-
- /**
- * Authenticate a user with a clear text password
- *
- * @param mixed $user_info
- * @param string $password
- * @param bool $third_party
- * @return int|boolean
- * @deprecated since version 3.6
- * @see User::getIdFromPasswordAuthentication()
- */
- public static function authenticate($user_info, $password, $third_party = false)
- {
- try {
- return self::getIdFromPasswordAuthentication($user_info, $password, $third_party);
- } catch (Exception $ex) {
- return false;
- }
- }
-
/**
* Authenticate a user with a clear text password
*
*/
public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
{
- $user = self::getAuthenticationInfo($user_info);
+ // Addons registered with the "authenticate" hook may create the user on the
+ // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
+ // the user doesn't exist, we should give the addons a chance to create the
+ // user in our database, if applicable, before re-throwing the exception if
+ // they fail.
+ try {
+ $user = self::getAuthenticationInfo($user_info);
+ } catch (Exception $e) {
+ $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
+
+ // Addons can create users, and since this 'catch' branch should only
+ // execute if getAuthenticationInfo can't find an existing user, that's
+ // exactly what will happen here. Creating a numeric username would create
+ // abiguity with user IDs, possibly opening up an attack vector.
+ // So let's be very careful about that.
+ if (empty($username) || is_numeric($username)) {
+ throw $e;
+ }
+
+ return self::getIdFromAuthenticateHooks($username, $password);
+ }
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
}
return $user['uid'];
+ } else {
+ return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
+ }
+
+ throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
+ }
+
+ /**
+ * Try to obtain a user ID via "authenticate" hook addons
+ *
+ * Returns the user id associated with a successful password authentication
+ *
+ * @param string $username
+ * @param string $password
+ * @return int User Id if authentication is successful
+ * @throws HTTPException\ForbiddenException
+ */
+ public static function getIdFromAuthenticateHooks($username, $password)
+ {
+ $addon_auth = [
+ 'username' => $username,
+ 'password' => $password,
+ 'authenticated' => 0,
+ 'user_record' => null
+ ];
+
+ /*
+ * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+ * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
+ * and later addons should not interfere with an earlier one that succeeded.
+ */
+ Hook::callAll('authenticate', $addon_auth);
+
+ if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
+ return $addon_auth['user_record']['uid'];
}
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
if (is_int($user_info)) {
$user = DBA::selectFirst(
'user',
- ['uid', 'password', 'legacy_password'],
+ ['uid', 'nickname', 'password', 'legacy_password'],
[
'uid' => $user_info,
'blocked' => 0,
]
);
} else {
- $fields = ['uid', 'password', 'legacy_password'];
+ $fields = ['uid', 'nickname', 'password', 'legacy_password'];
$condition = [
"(`email` = ? OR `username` = ? OR `nickname` = ?)
AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
{
$cache = new CacheItemPool();
$cache->changeConfig([
- 'cacheDirectory' => get_temppath() . '/password-exposed-cache/',
+ 'cacheDirectory' => System::getTempPath() . '/password-exposed-cache/',
]);
try {
return false;
}
+ /**
+ * Get avatar link for given user
+ *
+ * @param array $user
+ * @param string $size One of the Proxy::SIZE_* constants
+ * @return string avatar link
+ * @throws Exception
+ */
+ public static function getAvatarUrl(array $user, string $size = ''):string
+ {
+ if (empty($user['nickname'])) {
+ DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
+ }
+
+ $url = DI::baseUrl() . '/photo/';
+
+ switch ($size) {
+ case Proxy::SIZE_MICRO:
+ $url .= 'micro/';
+ $scale = 6;
+ break;
+ case Proxy::SIZE_THUMB:
+ $url .= 'avatar/';
+ $scale = 5;
+ break;
+ default:
+ $url .= 'profile/';
+ $scale = 4;
+ break;
+ }
+
+ $updated = '';
+ $mimetype = '';
+
+ $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => $scale, 'uid' => $user['uid'], 'profile' => true]);
+ if (!empty($photo)) {
+ $updated = max($photo['created'], $photo['edited'], $photo['updated']);
+ $mimetype = $photo['type'];
+ }
+
+ return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
+ }
+
+ /**
+ * Get banner link for given user
+ *
+ * @param array $user
+ * @return string banner link
+ * @throws Exception
+ */
+ public static function getBannerUrl(array $user):string
+ {
+ if (empty($user['nickname'])) {
+ DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
+ }
+
+ $url = DI::baseUrl() . '/photo/banner/';
+
+ $updated = '';
+ $mimetype = '';
+
+ $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => 3, 'uid' => $user['uid'], 'photo-type' => Photo::USER_BANNER]);
+ if (!empty($photo)) {
+ $updated = max($photo['created'], $photo['edited'], $photo['updated']);
+ $mimetype = $photo['type'];
+ } else {
+ // Only for the RC phase: Don't return an image link for the default picture
+ return '';
+ }
+
+ return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
+ }
+
/**
* Catch-all user creation function
*
$using_invites = DI::config()->get('system', 'invitation_only');
- $invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : '';
- $username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : '';
- $nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : '';
- $email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : '';
- $openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
- $photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : '';
- $password = !empty($data['password']) ? trim($data['password']) : '';
- $password1 = !empty($data['password1']) ? trim($data['password1']) : '';
- $confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
+ $invite_id = !empty($data['invite_id']) ? trim($data['invite_id']) : '';
+ $username = !empty($data['username']) ? trim($data['username']) : '';
+ $nickname = !empty($data['nickname']) ? trim($data['nickname']) : '';
+ $email = !empty($data['email']) ? trim($data['email']) : '';
+ $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
+ $photo = !empty($data['photo']) ? trim($data['photo']) : '';
+ $password = !empty($data['password']) ? trim($data['password']) : '';
+ $password1 = !empty($data['password1']) ? trim($data['password1']) : '';
+ $confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
$blocked = !empty($data['blocked']);
$verified = !empty($data['verified']);
- $language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en';
+ $language = !empty($data['language']) ? trim($data['language']) : 'en';
$netpublish = $publish = !empty($data['profile_publish_reg']);
$username_max_length = max(1, min(64, intval(DI::config()->get('system', 'username_max_length', 48))));
if ($username_min_length > $username_max_length) {
- Logger::log(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length), Logger::WARNING);
+ Logger::error(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length));
$tmp = $username_min_length;
$username_min_length = $username_max_length;
$username_max_length = $tmp;
$insert_result = DBA::insert('profile', [
'uid' => $uid,
'name' => $username,
- 'photo' => DI::baseUrl() . "/photo/profile/{$uid}.jpg",
- 'thumb' => DI::baseUrl() . "/photo/avatar/{$uid}.jpg",
+ 'photo' => self::getAvatarUrl($user),
+ 'thumb' => self::getAvatarUrl($user, Proxy::SIZE_THUMB),
'publish' => $publish,
'net-publish' => $netpublish,
]);
$photo_failure = false;
$filename = basename($photo);
- $curlResult = DI::httpRequest()->get($photo);
+ $curlResult = DI::httpClient()->get($photo);
if ($curlResult->isSuccess()) {
$img_str = $curlResult->getBody();
$type = $curlResult->getContentType();
$resource_id = Photo::newResource();
- $r = Photo::store($Image, $uid, 0, $resource_id, $filename, DI::l10n()->t('Profile Photos'), 4);
+ // Not using Photo::PROFILE_PHOTOS here, so that it is discovered as translateble string
+ $profile_album = DI::l10n()->t('Profile Photos');
+
+ $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 4);
if ($r === false) {
$photo_failure = true;
$Image->scaleDown(80);
- $r = Photo::store($Image, $uid, 0, $resource_id, $filename, DI::l10n()->t('Profile Photos'), 5);
+ $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 5);
if ($r === false) {
$photo_failure = true;
$Image->scaleDown(48);
- $r = Photo::store($Image, $uid, 0, $resource_id, $filename, DI::l10n()->t('Profile Photos'), 6);
+ $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 6);
if ($r === false) {
$photo_failure = true;
}
if (!$photo_failure) {
- Photo::update(['profile' => 1], ['resource-id' => $resource_id]);
+ Photo::update(['profile' => true, 'photo-type' => Photo::USER_AVATAR], ['resource-id' => $resource_id]);
}
}
+
+ Contact::updateSelfFromUserID($uid, true);
}
Hook::callAll('register_account', $uid);
return $return;
}
+ /**
+ * Update a user entry and distribute the changes if needed
+ *
+ * @param array $fields
+ * @param integer $uid
+ * @return boolean
+ */
+ public static function update(array $fields, int $uid): bool
+ {
+ $old_owner = self::getOwnerDataById($uid);
+ if (empty($old_owner)) {
+ return false;
+ }
+
+ if (!DBA::update('user', $fields, ['uid' => $uid])) {
+ return false;
+ }
+
+ $update = Contact::updateSelfFromUserID($uid);
+
+ $owner = self::getOwnerDataById($uid);
+ if (empty($owner)) {
+ return false;
+ }
+
+ if ($old_owner['name'] != $owner['name']) {
+ Profile::update(['name' => $owner['name']], $uid);
+ }
+
+ if ($update) {
+ Profile::publishUpdate($uid);
+ }
+
+ return true;
+ }
+
/**
* Sets block state for a given user
*
return false;
}
+ // Delete the avatar
+ Photo::delete(['uid' => $register['uid']]);
+
return DBA::delete('user', ['uid' => $register['uid']]) &&
Register::deleteByHash($register['hash']);
}
*/
public static function remove(int $uid)
{
- if (!$uid) {
+ if (empty($uid)) {
return false;
}
- Logger::log('Removing user: ' . $uid);
+ Logger::notice('Removing user', ['user' => $uid]);
$user = DBA::selectFirst('user', [], ['uid' => $uid]);
// unique), so it cannot be re-registered in the future.
DBA::insert('userd', ['username' => $user['nickname']]);
+ // Remove all personal settings, especially connector settings
+ DBA::delete('pconfig', ['uid' => $uid]);
+
// The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
*/
public static function identities($uid)
{
+ if (empty($uid)) {
+ return [];
+ }
+
$identities = [];
$user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
return $identities;
}
+ /**
+ * Check if the given user id has delegations or is delegated
+ *
+ * @param int $uid
+ * @return bool
+ */
+ public static function hasIdentities(int $uid):bool
+ {
+ if (empty($uid)) {
+ return false;
+ }
+
+ $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => $uid, 'account_removed' => false]);
+ if (!DBA::isResult($user)) {
+ return false;
+ }
+
+ if ($user['parent-uid'] != 0) {
+ return true;
+ }
+
+ if (DBA::exists('user', ['parent-uid' => $uid, 'account_removed' => false])) {
+ return true;
+ }
+
+ if (DBA::exists('manage', ['uid' => $uid])) {
+ return true;
+ }
+
+ return false;
+ }
+
/**
* Returns statistical information about the current users of this node
*