X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=278b541fa897222f24fd45165aa92aae15a2e93e;hb=531ef6e6e2a7c5968036ce1e7b8a0caaca7accea;hp=b4ada344e16deaa659569511d7f64333776947e6;hpb=2a1e6e1a74c9a6836b8528a76fdd382d7d7a5160;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index b4ada344e1..278b541fa8 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -21,7 +21,9 @@
 
 namespace Friendica\Model;
 
+use DivineOmega\DOFileCachePSR6\CacheItemPool;
 use DivineOmega\PasswordExposed;
+use ErrorException;
 use Exception;
 use Friendica\Content\Pager;
 use Friendica\Core\Hook;
@@ -32,15 +34,17 @@ use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\DI;
-use Friendica\Model\TwoFactor\AppSpecificPassword;
-use Friendica\Network\HTTPException\InternalServerErrorException;
+use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
+use Friendica\Network\HTTPException;
 use Friendica\Object\Image;
 use Friendica\Util\Crypto;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Images;
 use Friendica\Util\Network;
+use Friendica\Util\Proxy;
 use Friendica\Util\Strings;
 use Friendica\Worker\Delivery;
+use ImagickException;
 use LightOpenID;
 
 /**
@@ -93,10 +97,156 @@ class User
 	const ACCOUNT_TYPE_NEWS =         2;
 	const ACCOUNT_TYPE_COMMUNITY =    3;
 	const ACCOUNT_TYPE_RELAY =        4;
+	const ACCOUNT_TYPE_DELETED =    127;
 	/**
 	 * @}
 	 */
 
+	private static $owner;
+
+	/**
+	 * Returns the numeric account type by their string
+	 *
+	 * @param string $accounttype as string constant
+	 * @return int|null Numeric account type - or null when not set
+	 */
+	public static function getAccountTypeByString(string $accounttype)
+	{
+		switch ($accounttype) {
+			case 'person':
+				return User::ACCOUNT_TYPE_PERSON;
+			case 'organisation':
+				return User::ACCOUNT_TYPE_ORGANISATION;
+			case 'news':
+				return User::ACCOUNT_TYPE_NEWS;
+			case 'community':
+				return User::ACCOUNT_TYPE_COMMUNITY;
+			default:
+				return null;
+			break;
+		}
+	}
+
+	/**
+	 * Fetch the system account
+	 *
+	 * @return array system account
+	 */
+	public static function getSystemAccount()
+	{
+		$system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
+		if (!DBA::isResult($system)) {
+			self::createSystemAccount();
+			$system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
+			if (!DBA::isResult($system)) {
+				return [];
+			}
+		}
+
+		$system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
+		$system['spubkey'] = $system['upubkey'] = $system['pubkey'];
+		$system['nickname'] = $system['nick'];
+
+		// Ensure that the user contains data
+		$user = DBA::selectFirst('user', ['prvkey'], ['uid' => 0]);
+		if (empty($user['prvkey'])) {
+			$fields = [
+				'username' => $system['name'],
+				'nickname' => $system['nick'],
+				'register_date' => $system['created'],
+				'pubkey' => $system['pubkey'],
+				'prvkey' => $system['prvkey'],
+				'spubkey' => $system['spubkey'],
+				'sprvkey' => $system['sprvkey'],
+				'verified' => true,
+				'page-flags' => User::PAGE_FLAGS_SOAPBOX,
+				'account-type' => User::ACCOUNT_TYPE_RELAY,
+			];
+
+			DBA::update('user', $fields, ['uid' => 0]);
+		}
+
+		return $system;
+	}
+
+	/**
+	 * Create the system account
+	 *
+	 * @return void
+	 */
+	private static function createSystemAccount()
+	{
+		$system_actor_name = self::getActorName();
+		if (empty($system_actor_name)) {
+			return;
+		}
+
+		$keys = Crypto::newKeypair(4096);
+		if ($keys === false) {
+			throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
+		}
+
+		$system = [];
+		$system['uid'] = 0;
+		$system['created'] = DateTimeFormat::utcNow();
+		$system['self'] = true;
+		$system['network'] = Protocol::ACTIVITYPUB;
+		$system['name'] = 'System Account';
+		$system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
+		$system['nick'] = $system_actor_name;
+		$system['url'] = DI::baseUrl() . '/friendica';
+
+		$system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
+		$system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
+		$system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
+
+		$system['nurl'] = Strings::normaliseLink($system['url']);
+		$system['pubkey'] = $keys['pubkey'];
+		$system['prvkey'] = $keys['prvkey'];
+		$system['blocked'] = 0;
+		$system['pending'] = 0;
+		$system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
+		$system['name-date'] = DateTimeFormat::utcNow();
+		$system['uri-date'] = DateTimeFormat::utcNow();
+		$system['avatar-date'] = DateTimeFormat::utcNow();
+		$system['closeness'] = 0;
+		$system['baseurl'] = DI::baseUrl();
+		$system['gsid'] = GServer::getID($system['baseurl']);
+		DBA::insert('contact', $system);
+	}
+
+	/**
+	 * Detect a usable actor name
+	 *
+	 * @return string actor account name
+	 */
+	public static function getActorName()
+	{
+		$system_actor_name = DI::config()->get('system', 'actor_name');
+		if (!empty($system_actor_name)) {
+			$self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
+			if (!empty($self['nick'])) {
+				if ($self['nick'] != $system_actor_name) {
+					// Reset the actor name to the already used name
+					DI::config()->set('system', 'actor_name', $self['nick']);
+					$system_actor_name = $self['nick'];
+				}
+			}
+			return $system_actor_name;
+		}
+
+		// List of possible actor names
+		$possible_accounts = ['friendica', 'actor', 'system', 'internal'];
+		foreach ($possible_accounts as $name) {
+			if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
+				!DBA::exists('userd', ['username' => $name])) {
+				DI::config()->set('system', 'actor_name', $name);
+				return $name;
+			}
+		}
+		return '';
+	}
+
 	/**
 	 * Returns true if a user record exists with the provided id
 	 *
@@ -117,7 +267,7 @@ class User
 	 */
 	public static function getById($uid, array $fields = [])
 	{
-		return DBA::selectFirst('user', $fields, ['uid' => $uid]);
+		return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
 	}
 
 	/**
@@ -160,14 +310,29 @@ class User
 	 * @return integer user id
 	 * @throws Exception
 	 */
-	public static function getIdForURL($url)
+	public static function getIdForURL(string $url)
 	{
-		$self = DBA::selectFirst('contact', ['uid'], ['nurl' => Strings::normaliseLink($url), 'self' => true]);
-		if (!DBA::isResult($self)) {
-			return false;
-		} else {
+		// Avoid any database requests when the hostname isn't even part of the url.
+		if (!strpos($url, DI::baseUrl()->getHostname())) {
+			return 0;
+		}
+
+		$self = Contact::selectFirst(['uid'], ['self' => true, 'nurl' => Strings::normaliseLink($url)]);
+		if (!empty($self['uid'])) {
 			return $self['uid'];
 		}
+
+		$self = Contact::selectFirst(['uid'], ['self' => true, 'addr' => $url]);
+		if (!empty($self['uid'])) {
+			return $self['uid'];
+		}
+
+		$self = Contact::selectFirst(['uid'], ['self' => true, 'alias' => [$url, Strings::normaliseLink($url)]]);
+		if (!empty($self['uid'])) {
+			return $self['uid'];
+		}
+
+		return 0;
 	}
 
 	/**
@@ -185,19 +350,45 @@ class User
 		return DBA::selectFirst('user', $fields, ['email' => $email]);
 	}
 
+	/**
+	 * Fetch the user array of the administrator. The first one if there are several.
+	 *
+	 * @param array $fields
+	 * @return array user
+	 */
+	public static function getFirstAdmin(array $fields = [])
+	{
+		if (!empty(DI::config()->get('config', 'admin_nickname'))) {
+			return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
+		} elseif (!empty(DI::config()->get('config', 'admin_email'))) {
+			$adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
+			return self::getByEmail($adminList[0], $fields);
+		} else {
+			return [];
+		}
+	}
+
 	/**
 	 * Get owner data by user id
 	 *
-	 * @param int $uid
-	 * @param boolean $check_valid Test if data is invalid and correct it
+	 * @param int     $uid
+	 * @param boolean $repairMissing Repair the owner data if it's missing
 	 * @return boolean|array
 	 * @throws Exception
 	 */
-	public static function getOwnerDataById($uid, $check_valid = true)
+	public static function getOwnerDataById(int $uid, bool $repairMissing = true)
 	{
+		if ($uid == 0) {
+			return self::getSystemAccount();
+		}
+
+		if (!empty(self::$owner[$uid])) {
+			return self::$owner[$uid];
+		}
+
 		$owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
 		if (!DBA::isResult($owner)) {
-			if (!DBA::exists('user', ['uid' => $uid]) || !$check_valid) {
+			if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
 				return false;
 			}
 			Contact::createSelfFromUserId($uid);
@@ -208,7 +399,7 @@ class User
 			return false;
 		}
 
-		if (!$check_valid) {
+		if (!$repairMissing || $owner['account_expired']) {
 			return $owner;
 		}
 
@@ -221,7 +412,7 @@ class User
 		if (!$repair) {
 			// Check if "addr" is present and correct
 			$addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
-			$repair = ($addr != $owner['addr']);
+			$repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
 		}
 
 		if (!$repair) {
@@ -238,6 +429,7 @@ class User
 			$owner = self::getOwnerDataById($uid, false);
 		}
 
+		self::$owner[$uid] = $owner;
 		return $owner;
 	}
 
@@ -262,11 +454,11 @@ class User
 	/**
 	 * Returns the default group for a given user and network
 	 *
-	 * @param int $uid User id
+	 * @param int    $uid     User id
 	 * @param string $network network name
 	 *
 	 * @return int group id
-	 * @throws InternalServerErrorException
+	 * @throws Exception
 	 */
 	public static function getDefaultGroup($uid, $network = '')
 	{
@@ -318,7 +510,8 @@ class User
 	 * @param string $password
 	 * @param bool   $third_party
 	 * @return int User Id if authentication is successful
-	 * @throws Exception
+	 * @throws HTTPException\ForbiddenException
+	 * @throws HTTPException\NotFoundException
 	 */
 	public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
 	{
@@ -353,7 +546,7 @@ class User
 			return $user['uid'];
 		}
 
-		throw new Exception(DI::l10n()->t('Login failed'));
+		throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
 	}
 
 	/**
@@ -367,9 +560,9 @@ class User
 	 *
 	 * @param mixed $user_info
 	 * @return array
-	 * @throws Exception
+	 * @throws HTTPException\NotFoundException
 	 */
-	private static function getAuthenticationInfo($user_info)
+	public static function getAuthenticationInfo($user_info)
 	{
 		$user = null;
 
@@ -411,7 +604,7 @@ class User
 			}
 
 			if (!DBA::isResult($user)) {
-				throw new Exception(DI::l10n()->t('User not found'));
+				throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
 			}
 		}
 
@@ -422,6 +615,7 @@ class User
 	 * Generates a human-readable random password
 	 *
 	 * @return string
+	 * @throws Exception
 	 */
 	public static function generateNewPassword()
 	{
@@ -437,7 +631,7 @@ class User
 	 */
 	public static function isPasswordExposed($password)
 	{
-		$cache = new \DivineOmega\DOFileCachePSR6\CacheItemPool();
+		$cache = new CacheItemPool();
 		$cache->changeConfig([
 			'cacheDirectory' => get_temppath() . '/password-exposed-cache/',
 		]);
@@ -446,7 +640,7 @@ class User
 			$passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
 
 			return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
-		} catch (\Exception $e) {
+		} catch (Exception $e) {
 			Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
 				'code' => $e->getCode(),
 				'file' => $e->getFile(),
@@ -543,20 +737,28 @@ class User
 	 *
 	 * @param string $nickname The nickname that should be checked
 	 * @return boolean True is the nickname is blocked on the node
-	 * @throws InternalServerErrorException
 	 */
 	public static function isNicknameBlocked($nickname)
 	{
 		$forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
+		if (!empty($forbidden_nicknames)) {
+			$forbidden = explode(',', $forbidden_nicknames);
+			$forbidden = array_map('trim', $forbidden);
+		} else {
+			$forbidden = [];
+		}
 
-		// if the config variable is empty return false
-		if (empty($forbidden_nicknames)) {
+		// Add the name of the internal actor to the "forbidden" list
+		$actor_name = self::getActorName();
+		if (!empty($actor_name)) {
+			$forbidden[] = $actor_name;
+		}
+
+		if (empty($forbidden)) {
 			return false;
 		}
 
 		// check if the nickname is in the list of blocked nicknames
-		$forbidden = explode(',', $forbidden_nicknames);
-		$forbidden = array_map('trim', $forbidden);
 		if (in_array(strtolower($nickname), $forbidden)) {
 			return true;
 		}
@@ -579,9 +781,9 @@ class User
 	 *
 	 * @param  array $data
 	 * @return array
-	 * @throws \ErrorException
-	 * @throws InternalServerErrorException
-	 * @throws \ImagickException
+	 * @throws ErrorException
+	 * @throws HTTPException\InternalServerErrorException
+	 * @throws ImagickException
 	 * @throws Exception
 	 */
 	public static function create(array $data)
@@ -707,7 +909,7 @@ class User
 
 		$nickname = $data['nickname'] = strtolower($nickname);
 
-		if (!preg_match('/^[a-z0-9][a-z0-9\_]*$/', $nickname)) {
+		if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
 			throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
 		}
 
@@ -823,7 +1025,7 @@ class User
 			$photo_failure = false;
 
 			$filename = basename($photo);
-			$curlResult = Network::curl($photo, true);
+			$curlResult = DI::httpRequest()->get($photo);
 			if ($curlResult->isSuccess()) {
 				$img_str = $curlResult->getBody();
 				$type = $curlResult->getContentType();
@@ -896,7 +1098,7 @@ class User
 	 *
 	 * @return bool True, if the allow was successful
 	 *
-	 * @throws InternalServerErrorException
+	 * @throws HTTPException\InternalServerErrorException
 	 * @throws Exception
 	 */
 	public static function allow(string $hash)
@@ -957,6 +1159,9 @@ class User
 			return false;
 		}
 
+		// Delete the avatar
+		Photo::delete(['uid' => $register['uid']]);
+
 		return DBA::delete('user', ['uid' => $register['uid']]) &&
 		       Register::deleteByHash($register['hash']);
 	}
@@ -970,16 +1175,16 @@ class User
 	 * @param string $lang  The user's language (default is english)
 	 *
 	 * @return bool True, if the user was created successfully
-	 * @throws InternalServerErrorException
-	 * @throws \ErrorException
-	 * @throws \ImagickException
+	 * @throws HTTPException\InternalServerErrorException
+	 * @throws ErrorException
+	 * @throws ImagickException
 	 */
 	public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT)
 	{
 		if (empty($name) ||
 		    empty($email) ||
 		    empty($nick)) {
-			throw new InternalServerErrorException('Invalid arguments.');
+			throw new HTTPException\InternalServerErrorException('Invalid arguments.');
 		}
 
 		$result = self::create([
@@ -1042,7 +1247,7 @@ class User
 	 * @param string $siteurl
 	 * @param string $password Plaintext password
 	 * @return NULL|boolean from notification() and email() inherited
-	 * @throws InternalServerErrorException
+	 * @throws HTTPException\InternalServerErrorException
 	 */
 	public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
 	{
@@ -1078,16 +1283,16 @@ class User
 	 *
 	 * It's here as a function because the mail is sent from different parts
 	 *
-	 * @param \Friendica\Core\L10n $l10n     The used language
-	 * @param array                $user     User record array
-	 * @param string               $sitename
-	 * @param string               $siteurl
-	 * @param string               $password Plaintext password
+	 * @param L10n   $l10n     The used language
+	 * @param array  $user     User record array
+	 * @param string $sitename
+	 * @param string $siteurl
+	 * @param string $password Plaintext password
 	 *
 	 * @return NULL|boolean from notification() and email() inherited
-	 * @throws InternalServerErrorException
+	 * @throws HTTPException\InternalServerErrorException
 	 */
-	public static function sendRegisterOpenEmail(\Friendica\Core\L10n $l10n, $user, $sitename, $siteurl, $password)
+	public static function sendRegisterOpenEmail(L10n $l10n, $user, $sitename, $siteurl, $password)
 	{
 		$preamble = Strings::deindent($l10n->t(
 			'
@@ -1144,11 +1349,11 @@ class User
 	/**
 	 * @param int $uid user to remove
 	 * @return bool
-	 * @throws InternalServerErrorException
+	 * @throws HTTPException\InternalServerErrorException
 	 */
 	public static function remove(int $uid)
 	{
-		if (!$uid) {
+		if (empty($uid)) {
 			return false;
 		}
 
@@ -1162,7 +1367,10 @@ class User
 		// unique), so it cannot be re-registered in the future.
 		DBA::insert('userd', ['username' => $user['nickname']]);
 
-		// The user and related data will be deleted in Friendica\Worker\CronJobs::expireAndRemoveUsers()
+		// Remove all personal settings, especially connector settings
+		DBA::delete('pconfig', ['uid' => $uid]);
+
+		// The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
 		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
 		Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
 
@@ -1332,7 +1540,9 @@ class User
 				$condition['blocked'] = false;
 				break;
 			case 'blocked':
+				$condition['account_removed'] = false;
 				$condition['blocked'] = true;
+				$condition['verified'] = true;
 				break;
 			case 'removed':
 				$condition['account_removed'] = true;