MediaWiki master
UserDef.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\ParamValidator\TypeDef;
4
5use MediaWiki\Title\MalformedTitleException;
6use MediaWiki\Title\TitleParser;
7use MediaWiki\User\ExternalUserNames;
8use MediaWiki\User\UserIdentity;
9use MediaWiki\User\UserIdentityLookup;
10use MediaWiki\User\UserIdentityValue;
11use MediaWiki\User\UserNameUtils;
12use MediaWiki\User\UserRigorOptions;
13use Wikimedia\IPUtils;
14use Wikimedia\Message\MessageValue;
15use Wikimedia\ParamValidator\Callbacks;
16use Wikimedia\ParamValidator\ParamValidator;
17use Wikimedia\ParamValidator\TypeDef;
18
27class UserDef extends TypeDef {
28
46 public const PARAM_ALLOWED_USER_TYPES = 'param-allowed-user-types';
47
57 public const PARAM_RETURN_OBJECT = 'param-return-object';
58
60 private $userIdentityLookup;
61
63 private $titleParser;
64
66 private $userNameUtils;
67
74 public function __construct(
75 Callbacks $callbacks,
76 UserIdentityLookup $userIdentityLookup,
77 TitleParser $titleParser,
78 UserNameUtils $userNameUtils
79 ) {
80 parent::__construct( $callbacks );
81 $this->userIdentityLookup = $userIdentityLookup;
82 $this->titleParser = $titleParser;
83 $this->userNameUtils = $userNameUtils;
84 }
85
87 public function validate( $name, $value, array $settings, array $options ) {
88 $this->failIfNotString( $name, $value, $settings, $options );
89
90 [ $type, $user ] = $this->processUser( $value );
91
92 if ( !$user || !in_array( $type, $settings[self::PARAM_ALLOWED_USER_TYPES], true ) ) {
93 // Message used: paramvalidator-baduser
94 $this->failure( 'baduser', $name, $value, $settings, $options );
95 }
96
97 return empty( $settings[self::PARAM_RETURN_OBJECT] ) ? $user->getName() : $user;
98 }
99
101 public function normalizeSettings( array $settings ) {
102 if ( isset( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) {
103 $settings[self::PARAM_ALLOWED_USER_TYPES] = array_values( array_intersect(
104 [ 'name', 'ip', 'temp', 'cidr', 'interwiki', 'id' ],
105 $settings[self::PARAM_ALLOWED_USER_TYPES]
106 ) );
107 }
108 if ( empty( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) {
109 $settings[self::PARAM_ALLOWED_USER_TYPES] = [ 'name', 'ip', 'temp', 'cidr', 'interwiki' ];
110 }
111
112 return parent::normalizeSettings( $settings );
113 }
114
116 public function checkSettings( string $name, $settings, array $options, array $ret ): array {
117 $ret = parent::checkSettings( $name, $settings, $options, $ret );
118
119 $ret['allowedKeys'][] = self::PARAM_ALLOWED_USER_TYPES;
120 $ret['allowedKeys'][] = self::PARAM_RETURN_OBJECT;
121
122 if ( !is_bool( $settings[self::PARAM_RETURN_OBJECT] ?? false ) ) {
123 $ret['issues'][self::PARAM_RETURN_OBJECT] = 'PARAM_RETURN_OBJECT must be boolean, got '
124 . gettype( $settings[self::PARAM_RETURN_OBJECT] );
125 }
126
127 $hasId = false;
128 if ( isset( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) {
129 if ( !is_array( $settings[self::PARAM_ALLOWED_USER_TYPES] ) ) {
130 $ret['issues'][self::PARAM_ALLOWED_USER_TYPES] = 'PARAM_ALLOWED_USER_TYPES must be an array, '
131 . 'got ' . gettype( $settings[self::PARAM_ALLOWED_USER_TYPES] );
132 } elseif ( $settings[self::PARAM_ALLOWED_USER_TYPES] === [] ) {
133 $ret['issues'][self::PARAM_ALLOWED_USER_TYPES] = 'PARAM_ALLOWED_USER_TYPES cannot be empty';
134 } else {
135 $bad = array_diff(
136 $settings[self::PARAM_ALLOWED_USER_TYPES],
137 [ 'name', 'ip', 'temp', 'cidr', 'interwiki', 'id' ]
138 );
139 if ( $bad ) {
140 $ret['issues'][self::PARAM_ALLOWED_USER_TYPES] =
141 'PARAM_ALLOWED_USER_TYPES contains invalid values: ' . implode( ', ', $bad );
142 }
143
144 $hasId = in_array( 'id', $settings[self::PARAM_ALLOWED_USER_TYPES], true );
145 }
146 }
147
148 if ( !empty( $settings[ParamValidator::PARAM_ISMULTI] ) &&
149 ( $hasId || !empty( $settings[self::PARAM_RETURN_OBJECT] ) ) &&
150 (
151 ( $settings[ParamValidator::PARAM_ISMULTI_LIMIT1] ?? 100 ) > 10 ||
152 ( $settings[ParamValidator::PARAM_ISMULTI_LIMIT2] ?? 100 ) > 10
153 )
154 ) {
155 $ret['issues'][] = 'Multi-valued user-type parameters with PARAM_RETURN_OBJECT or allowing IDs '
156 . 'should set low values (<= 10) for PARAM_ISMULTI_LIMIT1 and PARAM_ISMULTI_LIMIT2.'
157 . ' (Note that "<= 10" is arbitrary. If something hits this, we can investigate a real limit '
158 . 'once we have a real use case to look at.)';
159 }
160
161 return $ret;
162 }
163
170 private function processUser( string $value ): array {
171 // A user ID?
172 if ( preg_match( '/^#(\d+)$/D', $value, $m ) ) {
173 // This used to use the IP address of the current request if the
174 // id was 0, to match the behavior of User objects, but was switched
175 // to "Unknown user" because the former behavior is likely unexpected.
176 // If the id corresponds to a user in the database, use that user, otherwise
177 // return a UserIdentityValue with id 0 (regardless of the input id) and
178 // the name "Unknown user"
179 $userId = (int)$m[1];
180 if ( $userId !== 0 ) {
181 // Check the database.
182 $userIdentity = $this->userIdentityLookup->getUserIdentityByUserId( $userId );
183 if ( $userIdentity ) {
184 return [ 'id', $userIdentity ];
185 }
186 }
187 // Fall back to "Unknown user"
188 return [
189 'id',
190 new UserIdentityValue( 0, "Unknown user" )
191 ];
192 }
193
194 // An interwiki username?
195 if ( ExternalUserNames::isExternal( $value ) ) {
196 $name = $this->userNameUtils->getCanonical( $value, UserRigorOptions::RIGOR_NONE );
197 // UserIdentityValue has the username which includes the > separating the external
198 // wiki database and the actual name, but is created for the *local* wiki, like
199 // for User objects (local is the default, but we specify it anyway to show
200 // that its intentional even though the username is for a different wiki)
201 // NOTE: We deliberately use the raw $value instead of the canonical $name
202 // to avoid converting the first character of the interwiki prefix to uppercase
203 $user = $name !== false ? new UserIdentityValue( 0, $value, UserIdentityValue::LOCAL ) : null;
204 return [ 'interwiki', $user ];
205 }
206
207 // A valid user name?
208 // Match behavior of UserFactory::newFromName with RIGOR_VALID and User::getId()
209 // we know that if there is a canonical form from UserNameUtils then this can't
210 // look like an IP, and since we checked for external user names above it isn't
211 // that either, so if this is a valid user name then we check the database for
212 // the id, and if there is no user with this name the id is 0
213 $canonicalName = $this->userNameUtils->getCanonical( $value, UserRigorOptions::RIGOR_VALID );
214 if ( $canonicalName !== false ) {
215 // Determine if the username matches the temporary account format.
216 $userType = $this->userNameUtils->isTemp( $value ) ? 'temp' : 'name';
217
218 $userIdentity = $this->userIdentityLookup->getUserIdentityByName( $canonicalName );
219 if ( $userIdentity ) {
220 return [ $userType, $userIdentity ];
221 }
222 // Fall back to id 0, which can occur when the account does not exist.
223 return [
224 $userType,
225 new UserIdentityValue( 0, $canonicalName )
226 ];
227 }
228
229 // (T232672) Reproduce the normalization applied in UserNameUtils::getCanonical() when
230 // performing the checks below.
231 if ( str_contains( $value, '#' ) ) {
232 return [ '', null ];
233 }
234
235 try {
236 $t = $this->titleParser->parseTitle( $value );
237 } catch ( MalformedTitleException ) {
238 $t = null;
239 }
240 if ( !$t || $t->getNamespace() !== NS_USER || $t->isExternal() ) { // likely
241 try {
242 $t = $this->titleParser->parseTitle( "User:$value" );
243 } catch ( MalformedTitleException ) {
244 $t = null;
245 }
246 }
247 if ( !$t || $t->getNamespace() !== NS_USER || $t->isExternal() ) {
248 // If it wasn't a valid User-namespace title, fail.
249 return [ '', null ];
250 }
251 $value = $t->getText();
252
253 // An IP?
254 $b = IPUtils::RE_IP_BYTE;
255 if ( IPUtils::isValid( $value ) ||
256 // See comment for UserNameUtils::isIP. We don't just call that function
257 // here because it also returns true for things like
258 // 300.300.300.300 that are neither valid usernames nor valid IP
259 // addresses.
260 preg_match( "/^$b\.$b\.$b\.xxx$/D", $value )
261 ) {
262 $name = IPUtils::sanitizeIP( $value );
263 // We don't really need to use UserNameUtils::getCanonical() because for anonymous
264 // users the only validation is that there is no `#` (which is already the case if its
265 // a valid IP or matches the regex) and the only normalization is making the first
266 // character uppercase (doesn't matter for numbers) and replacing underscores with
267 // spaces (doesn't apply to IPs). But, better safe than sorry?
268 $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_NONE );
269 return [ 'ip', UserIdentityValue::newAnonymous( $name ) ];
270 }
271
272 // A range?
273 if ( IPUtils::isValidRange( $value ) ) {
274 $name = IPUtils::sanitizeIP( $value );
275 // Per above, the UserNameUtils call isn't strictly needed, but doesn't hurt
276 $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_NONE );
277 return [ 'cidr', UserIdentityValue::newAnonymous( $name ) ];
278 }
279
280 // Fail.
281 return [ '', null ];
282 }
283
285 public function getParamInfo( $name, array $settings, array $options ) {
286 $info = parent::getParamInfo( $name, $settings, $options );
287
288 $info['subtypes'] = $settings[self::PARAM_ALLOWED_USER_TYPES];
289
290 return $info;
291 }
292
294 public function getHelpInfo( $name, array $settings, array $options ) {
295 $info = parent::getParamInfo( $name, $settings, $options );
296
297 $isMulti = !empty( $settings[ParamValidator::PARAM_ISMULTI] );
298
299 $subtypes = [];
300 foreach ( $settings[self::PARAM_ALLOWED_USER_TYPES] as $st ) {
301 // Messages: paramvalidator-help-type-user-subtype-name,
302 // paramvalidator-help-type-user-subtype-ip, paramvalidator-help-type-user-subtype-cidr,
303 // paramvalidator-help-type-user-subtype-interwiki, paramvalidator-help-type-user-subtype-id,
304 // paramvalidator-help-type-user-subtype-temp
305 $subtypes[] = MessageValue::new( "paramvalidator-help-type-user-subtype-$st" );
306 }
307 $info[ParamValidator::PARAM_TYPE] = MessageValue::new( 'paramvalidator-help-type-user' )
308 ->params( $isMulti ? 2 : 1 )
309 ->textListParams( $subtypes )
310 ->numParams( count( $subtypes ) );
311
312 return $info;
313 }
314
315}
NS_USER
const NS_USER
Definition Defines.php:53
if
if(!defined('MW_SETUP_CALLBACK'))
Definition WebStart.php:68
MediaWiki\ParamValidator\TypeDef\UserDef
Type definition for user types.
Definition UserDef.php:27
MediaWiki\ParamValidator\TypeDef\UserDef\PARAM_RETURN_OBJECT
const PARAM_RETURN_OBJECT
(bool) Whether to return a UserIdentity object.
Definition UserDef.php:57
MediaWiki\ParamValidator\TypeDef\UserDef\checkSettings
checkSettings(string $name, $settings, array $options, array $ret)
Validate a parameter settings array.This is intended for validation of parameter settings during unit...
Definition UserDef.php:116
MediaWiki\ParamValidator\TypeDef\UserDef\validate
validate( $name, $value, array $settings, array $options)
Validate the value.When ParamValidator is processing a multi-valued parameter, this will be called on...
Definition UserDef.php:87
MediaWiki\ParamValidator\TypeDef\UserDef\getHelpInfo
getHelpInfo( $name, array $settings, array $options)
Describe parameter settings in human-readable format.Keys in the returned array should generally corr...
Definition UserDef.php:294
MediaWiki\ParamValidator\TypeDef\UserDef\__construct
__construct(Callbacks $callbacks, UserIdentityLookup $userIdentityLookup, TitleParser $titleParser, UserNameUtils $userNameUtils)
Definition UserDef.php:74
MediaWiki\ParamValidator\TypeDef\UserDef\normalizeSettings
normalizeSettings(array $settings)
Normalize a settings array.to override array
Definition UserDef.php:101
MediaWiki\ParamValidator\TypeDef\UserDef\PARAM_ALLOWED_USER_TYPES
const PARAM_ALLOWED_USER_TYPES
(string[]) Allowed types of user.
Definition UserDef.php:46
MediaWiki\ParamValidator\TypeDef\UserDef\getParamInfo
getParamInfo( $name, array $settings, array $options)
Describe parameter settings in a machine-readable format.Keys should be short strings using lowercase...
Definition UserDef.php:285
MediaWiki\Title\MalformedTitleException
MalformedTitleException is thrown when a TitleParser is unable to parse a title string.
Definition MalformedTitleException.php:18
MediaWiki\Title\TitleParser
A title parser service for MediaWiki.
Definition TitleParser.php:29
MediaWiki\User\ExternalUserNames
Class to parse and build external user names.
Definition ExternalUserNames.php:19
MediaWiki\User\UserIdentityValue
Value object representing a user's identity.
Definition UserIdentityValue.php:20
MediaWiki\User\UserNameUtils
UserNameUtils service.
Definition UserNameUtils.php:30
Wikimedia\Message\MessageValue
Value object representing a message for i18n.
Definition MessageValue.php:21
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42
Wikimedia\ParamValidator\TypeDef
Base definition for ParamValidator types.
Definition TypeDef.php:19
Wikimedia\ParamValidator\TypeDef\failIfNotString
failIfNotString(string $name, $value, array $settings, array $options)
Fails if $value is not a string.
Definition TypeDef.php:68
Wikimedia\ParamValidator\TypeDef\failure
failure( $failure, $name, $value, array $settings, array $options, $fatal=true)
Record a failure message.
Definition TypeDef.php:121
MediaWiki\User\UserIdentityLookup
Service for looking up UserIdentity.
Definition UserIdentityLookup.php:20
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:24
MediaWiki\User\UserRigorOptions
Shared interface for rigor levels when dealing with User methods.
Definition UserRigorOptions.php:16
Wikimedia\ParamValidator\Callbacks
Interface defining callbacks needed by ParamValidator.
Definition Callbacks.php:21