1.34.0/php/OATHUserRepository_8php_source.html

<?php

namespace MediaWiki\Extension\OATHAuth;


use MediaWiki\Logger\LoggerFactory;

use Psr\Log\LoggerInterface;

use Wikimedia\Rdbms\ILoadBalancer;

use Wikimedia\Rdbms\DBConnRef;

use FormatJson;

use CentralIdLookup;

use MWException;

use BagOStuff;

use ConfigException;

use User;

use stdClass;


class OATHUserRepository {

    protected $lb;


    protected $cache;


    protected $auth;


    private $logger;


    public function __construct( ILoadBalancer $lb, BagOStuff $cache, OATHAuth $auth ) {

        $this->lb = $lb;

        $this->cache = $cache;

        $this->auth = $auth;


        $this->setLogger( LoggerFactory::getInstance( 'authentication' ) );

    }


    public function setLogger( LoggerInterface $logger ) {

        $this->logger = $logger;

    }


    public function findByUser( User $user ) {

        $oathUser = $this->cache->get( $user->getName() );

        if ( !$oathUser ) {

            $oathUser = new OATHUser( $user, null );


            $uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user );

            $res = $this->getDB( DB_REPLICA )->selectRow(

                'oathauth_users',

                '*',

                [ 'id' => $uid ],

                __METHOD__

            );

            if ( $res ) {

                $data = $res->data;

                $moduleKey = $res->module;

                if ( $this->isLegacy( $res ) ) {

                    $module = $this->auth->getModuleByKey( 'totp' );

                    $data = $this->checkAndResolveLegacy( $data, $res );

                } else {

                    $module = $this->auth->getModuleByKey( $moduleKey );

                }

                if ( $module === null ) {

                    // For sanity

                    throw new MWException( 'oathauth-module-invalid' );

                }


                $oathUser->setModule( $module );

                $decodedData = FormatJson::decode( $res->data, 1 );

                if ( !isset( $decodedData['keys'] ) && $module->getName() === 'totp' ) {

                    // Legacy single-key setup

                    $key = $module->newKey( $decodedData );

                    $oathUser->addKey( $key );

                } elseif ( is_array( $decodedData['keys'] ) ) {

                    foreach ( $decodedData['keys'] as $keyData ) {

                        $key = $module->newKey( $keyData );

                        $oathUser->addKey( $key );

                    }

                }

            }


            $this->cache->set( $user->getName(), $oathUser );

        }

        return $oathUser;

    }


    public function persist( OATHUser $user, $clientInfo ) {

        $prevUser = $this->findByUser( $user->getUser() );

        $data = $user->getModule()->getDataFromUser( $user );


        $this->getDB( DB_MASTER )->replace(

            'oathauth_users',

            [ 'id' ],

            [

                'id' => CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ),

                'module' => $user->getModule()->getName(),

                'data' => FormatJson::encode( $data )

            ],

            __METHOD__

        );


        $userName = $user->getUser()->getName();

        $this->cache->set( $userName, $user );


        if ( $prevUser !== false ) {

            $this->logger->info( 'OATHAuth updated for {user} from {clientip}', [

                'user' => $userName,

                'clientip' => $clientInfo,

            ] );

        } else {

            // If findByUser() has returned false, there was no user row or cache entry

            $this->logger->info( 'OATHAuth enabled for {user} from {clientip}', [

                'user' => $userName,

                'clientip' => $clientInfo,

            ] );

        }

    }


    public function remove( OATHUser $user, $clientInfo ) {

        $this->getDB( DB_MASTER )->delete(

            'oathauth_users',

            [ 'id' => CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ) ],

            __METHOD__

        );


        $userName = $user->getUser()->getName();

        $this->cache->delete( $userName );


        $this->logger->info( 'OATHAuth disabled for {user} from {clientip}', [

            'user' => $userName,

            'clientip' => $clientInfo,

        ] );

    }


    private function getDB( $index ) {

        global $wgOATHAuthDatabase;


        return $this->lb->getConnectionRef( $index, [], $wgOATHAuthDatabase );

    }


    private function isLegacy( $row ) {

        if ( $row->module !== '' ) {

            return false;

        }

        if ( property_exists( $row, 'secret' ) && $row->secret !== null ) {

            return true;

        }

        return false;

    }


    private function checkAndResolveLegacy( $data, $row ) {

        if ( $data ) {

            // New data exists - no action required

            return $data;

        }

        if ( property_exists( $row, 'secret' ) && property_exists( $row, 'scratch_tokens' ) ) {

            return FormatJson::encode( [

                'secret' => $row->secret,

                'scratch_tokens' => $row->scratch_tokens

            ] );

        }

        return '';

    }

}