Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 29 |
|
0.00% |
0 / 15 |
CRAP | |
0.00% |
0 / 1 |
OATHUser | |
0.00% |
0 / 29 |
|
0.00% |
0 / 15 |
380 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
getUser | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getCentralId | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getIssuer | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
6 | |||
getAccount | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getKeys | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getFirstKey | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
setKeys | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
6 | |||
clearAllKeys | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
addKey | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
getModule | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
setModule | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
isTwoFactorAuthEnabled | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
disable | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
checkKeyTypeCorrect | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
12 |
1 | <?php |
2 | /** |
3 | * This program is free software; you can redistribute it and/or modify |
4 | * it under the terms of the GNU General Public License as published by |
5 | * the Free Software Foundation; either version 2 of the License, or |
6 | * (at your option) any later version. |
7 | * |
8 | * This program is distributed in the hope that it will be useful, |
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
11 | * GNU General Public License for more details. |
12 | * |
13 | * You should have received a copy of the GNU General Public License along |
14 | * with this program; if not, write to the Free Software Foundation, Inc., |
15 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
16 | * http://www.gnu.org/copyleft/gpl.html |
17 | */ |
18 | |
19 | namespace MediaWiki\Extension\OATHAuth; |
20 | |
21 | use InvalidArgumentException; |
22 | use MediaWiki\User\User; |
23 | use ReflectionClass; |
24 | |
25 | /** |
26 | * Class representing a user from OATH's perspective |
27 | * |
28 | * @ingroup Extensions |
29 | */ |
30 | class OATHUser { |
31 | private User $user; |
32 | private int $centralId; |
33 | |
34 | /** @var IAuthKey[] */ |
35 | private array $keys = []; |
36 | private ?IModule $module = null; |
37 | |
38 | /** |
39 | * Constructor. Can't be called directly. Use OATHUserRepository::findByUser instead. |
40 | * @param User $user |
41 | * @param int $centralId |
42 | */ |
43 | public function __construct( User $user, int $centralId ) { |
44 | $this->user = $user; |
45 | $this->centralId = $centralId; |
46 | } |
47 | |
48 | /** |
49 | * @return User |
50 | */ |
51 | public function getUser(): User { |
52 | return $this->user; |
53 | } |
54 | |
55 | /** |
56 | * @return int The central ID of this user |
57 | */ |
58 | public function getCentralId(): int { |
59 | return $this->centralId; |
60 | } |
61 | |
62 | /** |
63 | * @return string |
64 | */ |
65 | public function getIssuer() { |
66 | global $wgSitename, $wgOATHAuthAccountPrefix; |
67 | |
68 | if ( $wgOATHAuthAccountPrefix !== false ) { |
69 | return $wgOATHAuthAccountPrefix; |
70 | } |
71 | return $wgSitename; |
72 | } |
73 | |
74 | /** |
75 | * @return string |
76 | */ |
77 | public function getAccount() { |
78 | return $this->user->getName(); |
79 | } |
80 | |
81 | /** |
82 | * Get the key associated with this user. |
83 | * |
84 | * @return IAuthKey[] |
85 | */ |
86 | public function getKeys(): array { |
87 | return $this->keys; |
88 | } |
89 | |
90 | /** |
91 | * Useful for modules that operate on single-key premise, |
92 | * as well as testing the key type, since the first key is(?) |
93 | * necessarily the same type as others |
94 | * |
95 | * @return IAuthKey|null |
96 | */ |
97 | public function getFirstKey() { |
98 | return $this->keys[0] ?? null; |
99 | } |
100 | |
101 | /** |
102 | * Set the key associated with this user. |
103 | * |
104 | * @param IAuthKey[] $keys |
105 | */ |
106 | public function setKeys( array $keys = [] ) { |
107 | $this->keys = []; |
108 | foreach ( $keys as $key ) { |
109 | $this->addKey( $key ); |
110 | } |
111 | } |
112 | |
113 | /** |
114 | * Removes all keys associated with the user |
115 | * Warning: This only removes the keys in memory, |
116 | * changes need to be persisted |
117 | */ |
118 | public function clearAllKeys() { |
119 | $this->keys = []; |
120 | } |
121 | |
122 | /** |
123 | * Adds single key to the key array |
124 | * |
125 | * @param IAuthKey $key |
126 | */ |
127 | public function addKey( IAuthKey $key ) { |
128 | $this->checkKeyTypeCorrect( $key ); |
129 | $this->keys[] = $key; |
130 | } |
131 | |
132 | /** |
133 | * Gets the module instance associated with this user |
134 | * |
135 | * @return IModule|null |
136 | */ |
137 | public function getModule() { |
138 | return $this->module; |
139 | } |
140 | |
141 | /** |
142 | * Sets the module instance associated with this user |
143 | * |
144 | * @param IModule|null $module |
145 | */ |
146 | public function setModule( IModule $module = null ) { |
147 | $this->module = $module; |
148 | } |
149 | |
150 | /** |
151 | * @return bool Whether this user has two-factor authentication enabled or not |
152 | */ |
153 | public function isTwoFactorAuthEnabled(): bool { |
154 | return count( $this->getKeys() ) >= 1; |
155 | } |
156 | |
157 | /** |
158 | * Disables current (if any) auth method |
159 | */ |
160 | public function disable() { |
161 | $this->keys = []; |
162 | $this->module = null; |
163 | } |
164 | |
165 | /** |
166 | * All keys set for the user must be of the same type |
167 | * @param IAuthKey $key |
168 | */ |
169 | private function checkKeyTypeCorrect( IAuthKey $key ): void { |
170 | $newKeyClass = get_class( $key ); |
171 | foreach ( $this->keys as $keyToTest ) { |
172 | if ( get_class( $keyToTest ) !== $newKeyClass ) { |
173 | $first = ( new ReflectionClass( $keyToTest ) )->getShortName(); |
174 | $second = ( new ReflectionClass( $key ) )->getShortName(); |
175 | |
176 | throw new InvalidArgumentException( |
177 | "User already has a key from a different two-factor module enabled ($first !== $second)" |
178 | ); |
179 | } |
180 | } |
181 | } |
182 | } |