X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=2131406d4a5f8cf2be7432c66b57f2839936224c;hb=8c99d3acc1b65bd7645d69f430d5fd9604d6b3b5;hp=39f9dc2a15109530f8892e68cdc6d39f8a0c7766;hpb=c92a333b174db8a5971b39ad93da4e075d4635eb;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index 39f9dc2a15..2131406d4a 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -34,13 +34,14 @@ use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\DI;
-use Friendica\Model\TwoFactor\AppSpecificPassword;
+use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
 use Friendica\Network\HTTPException;
 use Friendica\Object\Image;
 use Friendica\Util\Crypto;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Images;
 use Friendica\Util\Network;
+use Friendica\Util\Proxy;
 use Friendica\Util\Strings;
 use Friendica\Worker\Delivery;
 use ImagickException;
@@ -96,6 +97,7 @@ class User
 	const ACCOUNT_TYPE_NEWS =         2;
 	const ACCOUNT_TYPE_COMMUNITY =    3;
 	const ACCOUNT_TYPE_RELAY =        4;
+	const ACCOUNT_TYPE_DELETED =    127;
 	/**
 	 * @}
 	 */
@@ -144,6 +146,26 @@ class User
 		$system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
 		$system['spubkey'] = $system['upubkey'] = $system['pubkey'];
 		$system['nickname'] = $system['nick'];
+
+		// Ensure that the user contains data
+		$user = DBA::selectFirst('user', ['prvkey'], ['uid' => 0]);
+		if (empty($user['prvkey'])) {
+			$fields = [
+				'username' => $system['name'],
+				'nickname' => $system['nick'],
+				'register_date' => $system['created'],
+				'pubkey' => $system['pubkey'],
+				'prvkey' => $system['prvkey'],
+				'spubkey' => $system['spubkey'],
+				'sprvkey' => $system['sprvkey'],
+				'verified' => true,
+				'page-flags' => User::PAGE_FLAGS_SOAPBOX,
+				'account-type' => User::ACCOUNT_TYPE_RELAY,
+			];
+
+			DBA::update('user', $fields, ['uid' => 0]);
+		}
+
 		return $system;
 	}
 
@@ -172,11 +194,12 @@ class User
 		$system['name'] = 'System Account';
 		$system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
 		$system['nick'] = $system_actor_name;
-		$system['avatar'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO;
-		$system['photo'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO;
-		$system['thumb'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_THUMB;
-		$system['micro'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_MICRO;
 		$system['url'] = DI::baseUrl() . '/friendica';
+
+		$system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
+		$system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
+		$system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
+
 		$system['nurl'] = Strings::normaliseLink($system['url']);
 		$system['pubkey'] = $keys['pubkey'];
 		$system['prvkey'] = $keys['prvkey'];
@@ -215,7 +238,7 @@ class User
 		// List of possible actor names
 		$possible_accounts = ['friendica', 'actor', 'system', 'internal'];
 		foreach ($possible_accounts as $name) {
-			if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire']) &&
+			if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
 				!DBA::exists('userd', ['username' => $name])) {
 				DI::config()->set('system', 'actor_name', $name);
 				return $name;
@@ -244,7 +267,7 @@ class User
 	 */
 	public static function getById($uid, array $fields = [])
 	{
-		return DBA::selectFirst('user', $fields, ['uid' => $uid]);
+		return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
 	}
 
 	/**
@@ -289,8 +312,8 @@ class User
 	 */
 	public static function getIdForURL(string $url)
 	{
-		// Avoid any database requests when the hostname isn't even part of the url.
-		if (!strpos($url, DI::baseUrl()->getHostname())) {
+		// Avoid database queries when the local node hostname isn't even part of the url.
+		if (!Contact::isLocal($url)) {
 			return 0;
 		}
 
@@ -348,12 +371,12 @@ class User
 	/**
 	 * Get owner data by user id
 	 *
-	 * @param int $uid
-	 * @param boolean $check_valid Test if data is invalid and correct it
+	 * @param int     $uid
+	 * @param boolean $repairMissing Repair the owner data if it's missing
 	 * @return boolean|array
 	 * @throws Exception
 	 */
-	public static function getOwnerDataById(int $uid, bool $check_valid = true)
+	public static function getOwnerDataById(int $uid, bool $repairMissing = true)
 	{
 		if ($uid == 0) {
 			return self::getSystemAccount();
@@ -365,7 +388,7 @@ class User
 
 		$owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
 		if (!DBA::isResult($owner)) {
-			if (!DBA::exists('user', ['uid' => $uid]) || !$check_valid) {
+			if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
 				return false;
 			}
 			Contact::createSelfFromUserId($uid);
@@ -376,7 +399,7 @@ class User
 			return false;
 		}
 
-		if (!$check_valid) {
+		if (!$repairMissing || $owner['account_expired']) {
 			return $owner;
 		}
 
@@ -492,7 +515,27 @@ class User
 	 */
 	public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
 	{
-		$user = self::getAuthenticationInfo($user_info);
+		// Addons registered with the "authenticate" hook may create the user on the
+		// fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
+		// the user doesn't exist, we should give the addons a chance to create the
+		// user in our database, if applicable, before re-throwing the exception if
+		// they fail.
+		try {
+			$user = self::getAuthenticationInfo($user_info);
+		} catch (Exception $e) {
+			$username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
+
+			// Addons can create users, and since this 'catch' branch should only
+			// execute if getAuthenticationInfo can't find an existing user, that's
+			// exactly what will happen here. Creating a numeric username would create
+			// abiguity with user IDs, possibly opening up an attack vector.
+			// So let's be very careful about that.
+			if (empty($username) || is_numeric($username)) {
+				throw $e;
+			}
+
+			return self::getIdFromAuthenticateHooks($username, $password);
+		}
 
 		if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
 			// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
@@ -521,6 +564,41 @@ class User
 			}
 
 			return $user['uid'];
+		} else {
+			return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
+		}
+
+		throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
+	}
+
+	/**
+	 * Try to obtain a user ID via "authenticate" hook addons
+	 *
+	 * Returns the user id associated with a successful password authentication
+	 *
+	 * @param string $username
+	 * @param string $password
+	 * @return int User Id if authentication is successful
+	 * @throws HTTPException\ForbiddenException
+	 */
+	public static function getIdFromAuthenticateHooks($username, $password)
+	{
+		$addon_auth = [
+			'username'      => $username,
+			'password'      => $password,
+			'authenticated' => 0,
+			'user_record'   => null
+		];
+
+		/*
+		 * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+		 * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
+		 * and later addons should not interfere with an earlier one that succeeded.
+		 */
+		Hook::callAll('authenticate', $addon_auth);
+
+		if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
+			return $addon_auth['user_record']['uid'];
 		}
 
 		throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
@@ -539,7 +617,7 @@ class User
 	 * @return array
 	 * @throws HTTPException\NotFoundException
 	 */
-	private static function getAuthenticationInfo($user_info)
+	public static function getAuthenticationInfo($user_info)
 	{
 		$user = null;
 
@@ -561,7 +639,7 @@ class User
 			if (is_int($user_info)) {
 				$user = DBA::selectFirst(
 					'user',
-					['uid', 'password', 'legacy_password'],
+					['uid', 'nickname', 'password', 'legacy_password'],
 					[
 						'uid' => $user_info,
 						'blocked' => 0,
@@ -571,7 +649,7 @@ class User
 					]
 				);
 			} else {
-				$fields = ['uid', 'password', 'legacy_password'];
+				$fields = ['uid', 'nickname', 'password', 'legacy_password'];
 				$condition = [
 					"(`email` = ? OR `username` = ? OR `nickname` = ?)
 					AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
@@ -1136,6 +1214,9 @@ class User
 			return false;
 		}
 
+		// Delete the avatar
+		Photo::delete(['uid' => $register['uid']]);
+
 		return DBA::delete('user', ['uid' => $register['uid']]) &&
 		       Register::deleteByHash($register['hash']);
 	}
@@ -1327,7 +1408,7 @@ class User
 	 */
 	public static function remove(int $uid)
 	{
-		if (!$uid) {
+		if (empty($uid)) {
 			return false;
 		}
 
@@ -1341,6 +1422,9 @@ class User
 		// unique), so it cannot be re-registered in the future.
 		DBA::insert('userd', ['username' => $user['nickname']]);
 
+		// Remove all personal settings, especially connector settings
+		DBA::delete('pconfig', ['uid' => $uid]);
+
 		// The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
 		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
 		Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);