Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
109 / 109 |
|
100.00% |
7 / 7 |
CRAP | |
100.00% |
1 / 1 |
| UserDef | |
100.00% |
109 / 109 |
|
100.00% |
7 / 7 |
44 | |
100.00% |
1 / 1 |
| __construct | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
1 | |||
| validate | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
4 | |||
| normalizeSettings | |
100.00% |
8 / 8 |
|
100.00% |
1 / 1 |
3 | |||
| checkSettings | |
100.00% |
31 / 31 |
|
100.00% |
1 / 1 |
11 | |||
| processUser | |
100.00% |
49 / 49 |
|
100.00% |
1 / 1 |
21 | |||
| getParamInfo | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
| getHelpInfo | |
100.00% |
10 / 10 |
|
100.00% |
1 / 1 |
3 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\ParamValidator\TypeDef; |
| 4 | |
| 5 | use MediaWiki\Title\MalformedTitleException; |
| 6 | use MediaWiki\Title\TitleParser; |
| 7 | use MediaWiki\User\ExternalUserNames; |
| 8 | use MediaWiki\User\UserIdentity; |
| 9 | use MediaWiki\User\UserIdentityLookup; |
| 10 | use MediaWiki\User\UserIdentityValue; |
| 11 | use MediaWiki\User\UserNameUtils; |
| 12 | use MediaWiki\User\UserRigorOptions; |
| 13 | use Wikimedia\IPUtils; |
| 14 | use Wikimedia\Message\MessageValue; |
| 15 | use Wikimedia\ParamValidator\Callbacks; |
| 16 | use Wikimedia\ParamValidator\ParamValidator; |
| 17 | use Wikimedia\ParamValidator\TypeDef; |
| 18 | |
| 19 | /** |
| 20 | * Type definition for user types |
| 21 | * |
| 22 | * Failure codes: |
| 23 | * - 'baduser': The value was not a valid MediaWiki user. No data. |
| 24 | * |
| 25 | * @since 1.35 |
| 26 | */ |
| 27 | class UserDef extends TypeDef { |
| 28 | |
| 29 | /** |
| 30 | * (string[]) Allowed types of user. |
| 31 | * |
| 32 | * One or more of the following values: |
| 33 | * - 'name': User names are allowed. |
| 34 | * - 'ip': IP ("anon") usernames are allowed. |
| 35 | * - 'temp': Temporary users are allowed. |
| 36 | * - 'cidr': IP ranges are allowed. |
| 37 | * - 'interwiki': Interwiki usernames are allowed. |
| 38 | * - 'id': Allow specifying user IDs, formatted like "#123". |
| 39 | * |
| 40 | * Default is `[ 'name', 'ip', 'temp', 'cidr', 'interwiki' ]`. |
| 41 | * |
| 42 | * Avoid combining 'id' with PARAM_ISMULTI, as it may result in excessive |
| 43 | * DB lookups. If you do combine them, consider setting low values for |
| 44 | * PARAM_ISMULTI_LIMIT1 and PARAM_ISMULTI_LIMIT2 to mitigate it. |
| 45 | */ |
| 46 | public const PARAM_ALLOWED_USER_TYPES = 'param-allowed-user-types'; |
| 47 | |
| 48 | /** |
| 49 | * (bool) Whether to return a UserIdentity object. |
| 50 | * |
| 51 | * If false, the validated user name is returned as a string. Default is false. |
| 52 | * |
| 53 | * Avoid setting true with PARAM_ISMULTI, as it may result in excessive DB |
| 54 | * lookups. If you do combine them, consider setting low values for |
| 55 | * PARAM_ISMULTI_LIMIT1 and PARAM_ISMULTI_LIMIT2 to mitigate it. |
| 56 | */ |
| 57 | public const PARAM_RETURN_OBJECT = 'param-return-object'; |
| 58 | |
| 59 | /** @var UserIdentityLookup */ |
| 60 | private $userIdentityLookup; |
| 61 | |
| 62 | /** @var TitleParser */ |
| 63 | private $titleParser; |
| 64 | |
| 65 | /** @var UserNameUtils */ |
| 66 | private $userNameUtils; |
| 67 | |
| 68 | /** |
| 69 | * @param Callbacks $callbacks |
| 70 | * @param UserIdentityLookup $userIdentityLookup |
| 71 | * @param TitleParser $titleParser |
| 72 | * @param UserNameUtils $userNameUtils |
| 73 | */ |
| 74 | public function __construct( |
| 75 | Callbacks $callbacks, |
| 76 | UserIdentityLookup $userIdentityLookup, |
| 77 | TitleParser $titleParser, |
| 78 | UserNameUtils $userNameUtils |
| 79 | ) { |
| 80 | parent::__construct( $callbacks ); |
| 81 | $this->userIdentityLookup = $userIdentityLookup; |
| 82 | $this->titleParser = $titleParser; |
| 83 | $this->userNameUtils = $userNameUtils; |
| 84 | } |
| 85 | |
| 86 | public function validate( $name, $value, array $settings, array $options ) { |
| 87 | [ $type, $user ] = $this->processUser( $value ); |
| 88 | |
| 89 | if ( !$user || !in_array( $type, $settings[self::PARAM_ALLOWED_USER_TYPES], true ) ) { |
| 90 | // Message used: paramvalidator-baduser |
| 91 | $this->failure( 'baduser', $name, $value, $settings, $options ); |
| 92 | } |
| 93 | |
| 94 | return empty( $settings[self::PARAM_RETURN_OBJECT] ) ? $user->getName() : $user; |
| 95 | } |
| 96 | |
| 97 | public function normalizeSettings( array $settings ) { |
| 98 | if ( isset( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) { |
| 99 | $settings[self::PARAM_ALLOWED_USER_TYPES] = array_values( array_intersect( |
| 100 | [ 'name', 'ip', 'temp', 'cidr', 'interwiki', 'id' ], |
| 101 | $settings[self::PARAM_ALLOWED_USER_TYPES] |
| 102 | ) ); |
| 103 | } |
| 104 | if ( empty( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) { |
| 105 | $settings[self::PARAM_ALLOWED_USER_TYPES] = [ 'name', 'ip', 'temp', 'cidr', 'interwiki' ]; |
| 106 | } |
| 107 | |
| 108 | return parent::normalizeSettings( $settings ); |
| 109 | } |
| 110 | |
| 111 | public function checkSettings( string $name, $settings, array $options, array $ret ): array { |
| 112 | $ret = parent::checkSettings( $name, $settings, $options, $ret ); |
| 113 | |
| 114 | $ret['allowedKeys'] = array_merge( $ret['allowedKeys'], [ |
| 115 | self::PARAM_ALLOWED_USER_TYPES, self::PARAM_RETURN_OBJECT, |
| 116 | ] ); |
| 117 | |
| 118 | if ( !is_bool( $settings[self::PARAM_RETURN_OBJECT] ?? false ) ) { |
| 119 | $ret['issues'][self::PARAM_RETURN_OBJECT] = 'PARAM_RETURN_OBJECT must be boolean, got ' |
| 120 | . gettype( $settings[self::PARAM_RETURN_OBJECT] ); |
| 121 | } |
| 122 | |
| 123 | $hasId = false; |
| 124 | if ( isset( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) { |
| 125 | if ( !is_array( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) { |
| 126 | $ret['issues'][self::PARAM_ALLOWED_USER_TYPES] = 'PARAM_ALLOWED_USER_TYPES must be an array, ' |
| 127 | . 'got ' . gettype( $settings[self::PARAM_ALLOWED_USER_TYPES] ); |
| 128 | } elseif ( $settings[self::PARAM_ALLOWED_USER_TYPES] === [] ) { |
| 129 | $ret['issues'][self::PARAM_ALLOWED_USER_TYPES] = 'PARAM_ALLOWED_USER_TYPES cannot be empty'; |
| 130 | } else { |
| 131 | $bad = array_diff( |
| 132 | $settings[self::PARAM_ALLOWED_USER_TYPES], |
| 133 | [ 'name', 'ip', 'temp', 'cidr', 'interwiki', 'id' ] |
| 134 | ); |
| 135 | if ( $bad ) { |
| 136 | $ret['issues'][self::PARAM_ALLOWED_USER_TYPES] = |
| 137 | 'PARAM_ALLOWED_USER_TYPES contains invalid values: ' . implode( ', ', $bad ); |
| 138 | } |
| 139 | |
| 140 | $hasId = in_array( 'id', $settings[self::PARAM_ALLOWED_USER_TYPES], true ); |
| 141 | } |
| 142 | } |
| 143 | |
| 144 | if ( !empty( $settings[ParamValidator::PARAM_ISMULTI] ) && |
| 145 | ( $hasId || !empty( $settings[self::PARAM_RETURN_OBJECT] ) ) && |
| 146 | ( |
| 147 | ( $settings[ParamValidator::PARAM_ISMULTI_LIMIT1] ?? 100 ) > 10 || |
| 148 | ( $settings[ParamValidator::PARAM_ISMULTI_LIMIT2] ?? 100 ) > 10 |
| 149 | ) |
| 150 | ) { |
| 151 | $ret['issues'][] = 'Multi-valued user-type parameters with PARAM_RETURN_OBJECT or allowing IDs ' |
| 152 | . 'should set low values (<= 10) for PARAM_ISMULTI_LIMIT1 and PARAM_ISMULTI_LIMIT2.' |
| 153 | . ' (Note that "<= 10" is arbitrary. If something hits this, we can investigate a real limit ' |
| 154 | . 'once we have a real use case to look at.)'; |
| 155 | } |
| 156 | |
| 157 | return $ret; |
| 158 | } |
| 159 | |
| 160 | /** |
| 161 | * Process $value to a UserIdentity, if possible |
| 162 | * @param string $value |
| 163 | * @return array [ string $type, UserIdentity|null $user ] |
| 164 | * @phan-return array{0:string,1:UserIdentity|null} |
| 165 | */ |
| 166 | private function processUser( string $value ): array { |
| 167 | // A user ID? |
| 168 | if ( preg_match( '/^#(\d+)$/D', $value, $m ) ) { |
| 169 | // This used to use the IP address of the current request if the |
| 170 | // id was 0, to match the behavior of User objects, but was switched |
| 171 | // to "Unknown user" because the former behavior is likely unexpected. |
| 172 | // If the id corresponds to a user in the database, use that user, otherwise |
| 173 | // return a UserIdentityValue with id 0 (regardless of the input id) and |
| 174 | // the name "Unknown user" |
| 175 | $userId = (int)$m[1]; |
| 176 | if ( $userId !== 0 ) { |
| 177 | // Check the database. |
| 178 | $userIdentity = $this->userIdentityLookup->getUserIdentityByUserId( $userId ); |
| 179 | if ( $userIdentity ) { |
| 180 | return [ 'id', $userIdentity ]; |
| 181 | } |
| 182 | } |
| 183 | // Fall back to "Unknown user" |
| 184 | return [ |
| 185 | 'id', |
| 186 | new UserIdentityValue( 0, "Unknown user" ) |
| 187 | ]; |
| 188 | } |
| 189 | |
| 190 | // An interwiki username? |
| 191 | if ( ExternalUserNames::isExternal( $value ) ) { |
| 192 | $name = $this->userNameUtils->getCanonical( $value, UserRigorOptions::RIGOR_NONE ); |
| 193 | // UserIdentityValue has the username which includes the > separating the external |
| 194 | // wiki database and the actual name, but is created for the *local* wiki, like |
| 195 | // for User objects (local is the default, but we specify it anyway to show |
| 196 | // that its intentional even though the username is for a different wiki) |
| 197 | // NOTE: We deliberately use the raw $value instead of the canonical $name |
| 198 | // to avoid converting the first character of the interwiki prefix to uppercase |
| 199 | $user = $name !== false ? new UserIdentityValue( 0, $value, UserIdentityValue::LOCAL ) : null; |
| 200 | return [ 'interwiki', $user ]; |
| 201 | } |
| 202 | |
| 203 | // A temp user? |
| 204 | if ( $this->userNameUtils->isTemp( $value ) ) { |
| 205 | $userIdentity = $this->userIdentityLookup->getUserIdentityByName( $value ); |
| 206 | return [ 'temp', $userIdentity ]; |
| 207 | } |
| 208 | |
| 209 | // A valid user name? |
| 210 | // Match behavior of UserFactory::newFromName with RIGOR_VALID and User::getId() |
| 211 | // we know that if there is a canonical form from UserNameUtils then this can't |
| 212 | // look like an IP, and since we checked for external user names above it isn't |
| 213 | // that either, so if this is a valid user name then we check the database for |
| 214 | // the id, and if there is no user with this name the id is 0 |
| 215 | $canonicalName = $this->userNameUtils->getCanonical( $value, UserRigorOptions::RIGOR_VALID ); |
| 216 | if ( $canonicalName !== false ) { |
| 217 | $userIdentity = $this->userIdentityLookup->getUserIdentityByName( $canonicalName ); |
| 218 | if ( $userIdentity ) { |
| 219 | return [ 'name', $userIdentity ]; |
| 220 | } |
| 221 | // Fall back to id 0 |
| 222 | return [ |
| 223 | 'name', |
| 224 | new UserIdentityValue( 0, $canonicalName ) |
| 225 | ]; |
| 226 | } |
| 227 | |
| 228 | // (T232672) Reproduce the normalization applied in UserNameUtils::getCanonical() when |
| 229 | // performing the checks below. |
| 230 | if ( strpos( $value, '#' ) !== false ) { |
| 231 | return [ '', null ]; |
| 232 | } |
| 233 | |
| 234 | try { |
| 235 | $t = $this->titleParser->parseTitle( $value ); |
| 236 | } catch ( MalformedTitleException $_ ) { |
| 237 | $t = null; |
| 238 | } |
| 239 | if ( !$t || $t->getNamespace() !== NS_USER || $t->isExternal() ) { // likely |
| 240 | try { |
| 241 | $t = $this->titleParser->parseTitle( "User:$value" ); |
| 242 | } catch ( MalformedTitleException $_ ) { |
| 243 | $t = null; |
| 244 | } |
| 245 | } |
| 246 | if ( !$t || $t->getNamespace() !== NS_USER || $t->isExternal() ) { |
| 247 | // If it wasn't a valid User-namespace title, fail. |
| 248 | return [ '', null ]; |
| 249 | } |
| 250 | $value = $t->getText(); |
| 251 | |
| 252 | // An IP? |
| 253 | $b = IPUtils::RE_IP_BYTE; |
| 254 | if ( IPUtils::isValid( $value ) || |
| 255 | // See comment for UserNameUtils::isIP. We don't just call that function |
| 256 | // here because it also returns true for things like |
| 257 | // 300.300.300.300 that are neither valid usernames nor valid IP |
| 258 | // addresses. |
| 259 | preg_match( "/^$b\.$b\.$b\.xxx$/D", $value ) |
| 260 | ) { |
| 261 | $name = IPUtils::sanitizeIP( $value ); |
| 262 | // We don't really need to use UserNameUtils::getCanonical() because for anonymous |
| 263 | // users the only validation is that there is no `#` (which is already the case if its |
| 264 | // a valid IP or matches the regex) and the only normalization is making the first |
| 265 | // character uppercase (doesn't matter for numbers) and replacing underscores with |
| 266 | // spaces (doesn't apply to IPs). But, better safe than sorry? |
| 267 | $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_NONE ); |
| 268 | return [ 'ip', UserIdentityValue::newAnonymous( $name ) ]; |
| 269 | } |
| 270 | |
| 271 | // A range? |
| 272 | if ( IPUtils::isValidRange( $value ) ) { |
| 273 | $name = IPUtils::sanitizeIP( $value ); |
| 274 | // Per above, the UserNameUtils call isn't strictly needed, but doesn't hurt |
| 275 | $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_NONE ); |
| 276 | return [ 'cidr', UserIdentityValue::newAnonymous( $name ) ]; |
| 277 | } |
| 278 | |
| 279 | // Fail. |
| 280 | return [ '', null ]; |
| 281 | } |
| 282 | |
| 283 | public function getParamInfo( $name, array $settings, array $options ) { |
| 284 | $info = parent::getParamInfo( $name, $settings, $options ); |
| 285 | |
| 286 | $info['subtypes'] = $settings[self::PARAM_ALLOWED_USER_TYPES]; |
| 287 | |
| 288 | return $info; |
| 289 | } |
| 290 | |
| 291 | public function getHelpInfo( $name, array $settings, array $options ) { |
| 292 | $info = parent::getParamInfo( $name, $settings, $options ); |
| 293 | |
| 294 | $isMulti = !empty( $settings[ParamValidator::PARAM_ISMULTI] ); |
| 295 | |
| 296 | $subtypes = []; |
| 297 | foreach ( $settings[self::PARAM_ALLOWED_USER_TYPES] as $st ) { |
| 298 | // Messages: paramvalidator-help-type-user-subtype-name, |
| 299 | // paramvalidator-help-type-user-subtype-ip, paramvalidator-help-type-user-subtype-cidr, |
| 300 | // paramvalidator-help-type-user-subtype-interwiki, paramvalidator-help-type-user-subtype-id, |
| 301 | // paramvalidator-help-type-user-subtype-temp |
| 302 | $subtypes[] = MessageValue::new( "paramvalidator-help-type-user-subtype-$st" ); |
| 303 | } |
| 304 | $info[ParamValidator::PARAM_TYPE] = MessageValue::new( 'paramvalidator-help-type-user' ) |
| 305 | ->params( $isMulti ? 2 : 1 ) |
| 306 | ->textListParams( $subtypes ) |
| 307 | ->numParams( count( $subtypes ) ); |
| 308 | |
| 309 | return $info; |
| 310 | } |
| 311 | |
| 312 | } |