diff options
Diffstat (limited to 'app/Core')
62 files changed, 4209 insertions, 902 deletions
diff --git a/app/Core/Action/ActionManager.php b/app/Core/Action/ActionManager.php new file mode 100644 index 00000000..f1ea8abe --- /dev/null +++ b/app/Core/Action/ActionManager.php @@ -0,0 +1,142 @@ +<?php + +namespace Kanboard\Core\Action; + +use RuntimeException; +use Kanboard\Core\Base; +use Kanboard\Action\Base as ActionBase; + +/** + * Action Manager + * + * @package action + * @author Frederic Guillot + */ +class ActionManager extends Base +{ + /** + * List of automatic actions + * + * @access private + * @var array + */ + private $actions = array(); + + /** + * Register a new automatic action + * + * @access public + * @param ActionBase $action + * @return ActionManager + */ + public function register(ActionBase $action) + { + $this->actions[$action->getName()] = $action; + return $this; + } + + /** + * Get automatic action instance + * + * @access public + * @param string $name Absolute class name with namespace + * @return ActionBase + */ + public function getAction($name) + { + if (isset($this->actions[$name])) { + return $this->actions[$name]; + } + + throw new RuntimeException('Automatic Action Not Found: '.$name); + } + + /** + * Get available automatic actions + * + * @access public + * @return array + */ + public function getAvailableActions() + { + $actions = array(); + + foreach ($this->actions as $action) { + if (count($action->getEvents()) > 0) { + $actions[$action->getName()] = $action->getDescription(); + } + } + + asort($actions); + + return $actions; + } + + /** + * Get all available action parameters + * + * @access public + * @param array $actions + * @return array + */ + public function getAvailableParameters(array $actions) + { + $params = array(); + + foreach ($actions as $action) { + $currentAction = $this->getAction($action['action_name']); + $params[$currentAction->getName()] = $currentAction->getActionRequiredParameters(); + } + + return $params; + } + + /** + * Get list of compatible events for a given action + * + * @access public + * @param string $name + * @return array + */ + public function getCompatibleEvents($name) + { + $events = array(); + $actionEvents = $this->getAction($name)->getEvents(); + + foreach ($this->eventManager->getAll() as $event => $description) { + if (in_array($event, $actionEvents)) { + $events[$event] = $description; + } + } + + return $events; + } + + /** + * Bind automatic actions to events + * + * @access public + * @return ActionManager + */ + public function attachEvents() + { + if ($this->userSession->isLogged()) { + $actions = $this->action->getAllByUser($this->userSession->getId()); + } else { + $actions = $this->action->getAll(); + } + + foreach ($actions as $action) { + $listener = clone $this->getAction($action['action_name']); + $listener->setProjectId($action['project_id']); + + foreach ($action['params'] as $param_name => $param_value) { + $listener->setParam($param_name, $param_value); + } + + $this->dispatcher->addListener($action['event_name'], array($listener, 'execute')); + } + + return $this; + } +} diff --git a/app/Core/Base.php b/app/Core/Base.php index d402fb37..f1053114 100644 --- a/app/Core/Base.php +++ b/app/Core/Base.php @@ -5,49 +5,78 @@ namespace Kanboard\Core; use Pimple\Container; /** - * Base class + * Base Class * * @package core * @author Frederic Guillot * - * @property \Kanboard\Core\Helper $helper + * @property \Kanboard\Analytic\TaskDistributionAnalytic $taskDistributionAnalytic + * @property \Kanboard\Analytic\UserDistributionAnalytic $userDistributionAnalytic + * @property \Kanboard\Analytic\EstimatedTimeComparisonAnalytic $estimatedTimeComparisonAnalytic + * @property \Kanboard\Analytic\AverageLeadCycleTimeAnalytic $averageLeadCycleTimeAnalytic + * @property \Kanboard\Analytic\AverageTimeSpentColumnAnalytic $averageTimeSpentColumnAnalytic + * @property \Kanboard\Core\Action\ActionManager $actionManager + * @property \Kanboard\Core\ExternalLink\ExternalLinkManager $externalLinkManager + * @property \Kanboard\Core\Cache\MemoryCache $memoryCache + * @property \Kanboard\Core\Event\EventManager $eventManager + * @property \Kanboard\Core\Group\GroupManager $groupManager + * @property \Kanboard\Core\Http\Client $httpClient + * @property \Kanboard\Core\Http\OAuth2 $oauth + * @property \Kanboard\Core\Http\RememberMeCookie $rememberMeCookie + * @property \Kanboard\Core\Http\Request $request + * @property \Kanboard\Core\Http\Response $response + * @property \Kanboard\Core\Http\Router $router + * @property \Kanboard\Core\Http\Route $route * @property \Kanboard\Core\Mail\Client $emailClient - * @property \Kanboard\Core\HttpClient $httpClient - * @property \Kanboard\Core\Paginator $paginator - * @property \Kanboard\Core\Request $request - * @property \Kanboard\Core\Session $session - * @property \Kanboard\Core\Template $template - * @property \Kanboard\Core\OAuth2 $oauth - * @property \Kanboard\Core\Router $router - * @property \Kanboard\Core\Lexer $lexer * @property \Kanboard\Core\ObjectStorage\ObjectStorageInterface $objectStorage - * @property \Kanboard\Core\Cache\Cache $memoryCache * @property \Kanboard\Core\Plugin\Hook $hook * @property \Kanboard\Core\Plugin\Loader $pluginLoader - * @property \Kanboard\Integration\BitbucketWebhook $bitbucketWebhook - * @property \Kanboard\Integration\GithubWebhook $githubWebhook - * @property \Kanboard\Integration\GitlabWebhook $gitlabWebhook + * @property \Kanboard\Core\Security\AccessMap $projectAccessMap + * @property \Kanboard\Core\Security\AuthenticationManager $authenticationManager + * @property \Kanboard\Core\Security\AccessMap $applicationAccessMap + * @property \Kanboard\Core\Security\AccessMap $projectAccessMap + * @property \Kanboard\Core\Security\Authorization $applicationAuthorization + * @property \Kanboard\Core\Security\Authorization $projectAuthorization + * @property \Kanboard\Core\Security\Role $role + * @property \Kanboard\Core\Security\Token $token + * @property \Kanboard\Core\Session\FlashMessage $flash + * @property \Kanboard\Core\Session\SessionManager $sessionManager + * @property \Kanboard\Core\Session\SessionStorage $sessionStorage + * @property \Kanboard\Core\User\GroupSync $groupSync + * @property \Kanboard\Core\User\UserProfile $userProfile + * @property \Kanboard\Core\User\UserSync $userSync + * @property \Kanboard\Core\User\UserSession $userSession + * @property \Kanboard\Core\DateParser $dateParser + * @property \Kanboard\Core\Helper $helper + * @property \Kanboard\Core\Lexer $lexer + * @property \Kanboard\Core\Paginator $paginator + * @property \Kanboard\Core\Template $template * @property \Kanboard\Formatter\ProjectGanttFormatter $projectGanttFormatter * @property \Kanboard\Formatter\TaskFilterGanttFormatter $taskFilterGanttFormatter * @property \Kanboard\Formatter\TaskFilterAutoCompleteFormatter $taskFilterAutoCompleteFormatter * @property \Kanboard\Formatter\TaskFilterCalendarFormatter $taskFilterCalendarFormatter * @property \Kanboard\Formatter\TaskFilterICalendarFormatter $taskFilterICalendarFormatter - * @property \Kanboard\Model\Acl $acl + * @property \Kanboard\Formatter\UserFilterAutoCompleteFormatter $userFilterAutoCompleteFormatter + * @property \Kanboard\Formatter\GroupAutoCompleteFormatter $groupAutoCompleteFormatter * @property \Kanboard\Model\Action $action - * @property \Kanboard\Model\Authentication $authentication + * @property \Kanboard\Model\ActionParameter $actionParameter * @property \Kanboard\Model\Board $board * @property \Kanboard\Model\Category $category * @property \Kanboard\Model\Color $color + * @property \Kanboard\Model\Column $column * @property \Kanboard\Model\Comment $comment * @property \Kanboard\Model\Config $config * @property \Kanboard\Model\Currency $currency * @property \Kanboard\Model\CustomFilter $customFilter - * @property \Kanboard\Model\DateParser $dateParser - * @property \Kanboard\Model\File $file + * @property \Kanboard\Model\TaskFile $taskFile + * @property \Kanboard\Model\ProjectFile $projectFile + * @property \Kanboard\Model\Group $group + * @property \Kanboard\Model\GroupMember $groupMember * @property \Kanboard\Model\LastLogin $lastLogin * @property \Kanboard\Model\Link $link * @property \Kanboard\Model\Notification $notification * @property \Kanboard\Model\OverdueNotification $overdueNotification + * @property \Kanboard\Model\PasswordReset $passwordReset * @property \Kanboard\Model\Project $project * @property \Kanboard\Model\ProjectActivity $projectActivity * @property \Kanboard\Model\ProjectAnalytic $projectAnalytic @@ -56,8 +85,12 @@ use Pimple\Container; * @property \Kanboard\Model\ProjectDailyStats $projectDailyStats * @property \Kanboard\Model\ProjectMetadata $projectMetadata * @property \Kanboard\Model\ProjectPermission $projectPermission + * @property \Kanboard\Model\ProjectUserRole $projectUserRole + * @property \Kanboard\Model\projectUserRoleFilter $projectUserRoleFilter + * @property \Kanboard\Model\ProjectGroupRole $projectGroupRole * @property \Kanboard\Model\ProjectNotification $projectNotification * @property \Kanboard\Model\ProjectNotificationType $projectNotificationType + * @property \Kanboard\Model\RememberMeSession $rememberMeSession * @property \Kanboard\Model\Subtask $subtask * @property \Kanboard\Model\SubtaskExport $subtaskExport * @property \Kanboard\Model\SubtaskTimeTracking $subtaskTimeTracking @@ -67,6 +100,7 @@ use Pimple\Container; * @property \Kanboard\Model\TaskCreation $taskCreation * @property \Kanboard\Model\TaskDuplication $taskDuplication * @property \Kanboard\Model\TaskExport $taskExport + * @property \Kanboard\Model\TaskExternalLink $taskExternalLink * @property \Kanboard\Model\TaskImport $taskImport * @property \Kanboard\Model\TaskFinder $taskFinder * @property \Kanboard\Model\TaskFilter $taskFilter @@ -75,21 +109,39 @@ use Pimple\Container; * @property \Kanboard\Model\TaskPermission $taskPermission * @property \Kanboard\Model\TaskPosition $taskPosition * @property \Kanboard\Model\TaskStatus $taskStatus - * @property \Kanboard\Model\TaskValidator $taskValidator * @property \Kanboard\Model\TaskMetadata $taskMetadata * @property \Kanboard\Model\Transition $transition * @property \Kanboard\Model\User $user * @property \Kanboard\Model\UserImport $userImport + * @property \Kanboard\Model\UserLocking $userLocking + * @property \Kanboard\Model\UserMention $userMention * @property \Kanboard\Model\UserNotification $userNotification * @property \Kanboard\Model\UserNotificationType $userNotificationType * @property \Kanboard\Model\UserNotificationFilter $userNotificationFilter * @property \Kanboard\Model\UserUnreadNotification $userUnreadNotification - * @property \Kanboard\Model\UserSession $userSession * @property \Kanboard\Model\UserMetadata $userMetadata * @property \Kanboard\Model\Webhook $webhook + * @property \Kanboard\Validator\ActionValidator $actionValidator + * @property \Kanboard\Validator\AuthValidator $authValidator + * @property \Kanboard\Validator\ColumnValidator $columnValidator + * @property \Kanboard\Validator\CategoryValidator $categoryValidator + * @property \Kanboard\Validator\ColumnValidator $columnValidator + * @property \Kanboard\Validator\CommentValidator $commentValidator + * @property \Kanboard\Validator\CurrencyValidator $currencyValidator + * @property \Kanboard\Validator\CustomFilterValidator $customFilterValidator + * @property \Kanboard\Validator\GroupValidator $groupValidator + * @property \Kanboard\Validator\LinkValidator $linkValidator + * @property \Kanboard\Validator\PasswordResetValidator $passwordResetValidator + * @property \Kanboard\Validator\ProjectValidator $projectValidator + * @property \Kanboard\Validator\SubtaskValidator $subtaskValidator + * @property \Kanboard\Validator\SwimlaneValidator $swimlaneValidator + * @property \Kanboard\Validator\TaskLinkValidator $taskLinkValidator + * @property \Kanboard\Validator\TaskExternalLinkValidator $taskExternalLinkValidator + * @property \Kanboard\Validator\TaskValidator $taskValidator + * @property \Kanboard\Validator\UserValidator $userValidator * @property \Psr\Log\LoggerInterface $logger - * @property \League\HTMLToMarkdown\HtmlConverter $htmlConverter * @property \PicoDb\Database $db + * @property \Symfony\Component\EventDispatcher\EventDispatcher $dispatcher */ abstract class Base { diff --git a/app/Core/Cache/MemoryCache.php b/app/Core/Cache/MemoryCache.php index c4fb7ca4..39e3947b 100644 --- a/app/Core/Cache/MemoryCache.php +++ b/app/Core/Cache/MemoryCache.php @@ -23,7 +23,7 @@ class MemoryCache extends Base implements CacheInterface * * @access public * @param string $key - * @param string $value + * @param mixed $value */ public function set($key, $value) { diff --git a/app/Core/Csv.php b/app/Core/Csv.php index bec400ed..e45af24c 100644 --- a/app/Core/Csv.php +++ b/app/Core/Csv.php @@ -93,8 +93,7 @@ class Csv { if (! empty($value)) { $value = trim(strtolower($value)); - return $value === '1' || $value{0} - === 't' ? 1 : 0; + return $value === '1' || $value{0} === 't' || $value{0} === 'y' ? 1 : 0; } return 0; @@ -164,10 +163,14 @@ class Csv */ public function write($filename, array $rows) { - $file = new SplFileObject($filename, 'w'); + $fp = fopen($filename, 'w'); - foreach ($rows as $row) { - $file->fputcsv($row, $this->delimiter, $this->enclosure); + if (is_resource($fp)) { + foreach ($rows as $row) { + fputcsv($fp, $row, $this->delimiter, $this->enclosure); + } + + fclose($fp); } return $this; diff --git a/app/Core/DateParser.php b/app/Core/DateParser.php index 6577af0f..20e79ff9 100644 --- a/app/Core/DateParser.php +++ b/app/Core/DateParser.php @@ -13,67 +13,91 @@ use DateTime; class DateParser extends Base { /** - * Return true if the date is within the date range + * List of time formats * * @access public - * @param DateTime $date - * @param DateTime $start - * @param DateTime $end - * @return boolean + * @return string[] */ - public function withinDateRange(DateTime $date, DateTime $start, DateTime $end) + public function getTimeFormats() { - return $date >= $start && $date <= $end; + return array( + 'H:i', + 'g:i a', + ); } /** - * Get the total number of hours between 2 datetime objects - * Minutes are rounded to the nearest quarter + * List of date formats * * @access public - * @param DateTime $d1 - * @param DateTime $d2 - * @return float + * @param boolean $iso + * @return string[] */ - public function getHours(DateTime $d1, DateTime $d2) + public function getDateFormats($iso = false) { - $seconds = $this->getRoundedSeconds(abs($d1->getTimestamp() - $d2->getTimestamp())); - return round($seconds / 3600, 2); + $iso_formats = array( + 'Y-m-d', + 'Y_m_d', + ); + + $user_formats = array( + 'm/d/Y', + 'd/m/Y', + 'Y/m/d', + 'd.m.Y', + ); + + return $iso ? array_merge($iso_formats, $user_formats) : $user_formats; } /** - * Round the timestamp to the nearest quarter + * List of datetime formats * * @access public - * @param integer $seconds Timestamp - * @return integer + * @param boolean $iso + * @return string[] */ - public function getRoundedSeconds($seconds) + public function getDateTimeFormats($iso = false) { - return (int) round($seconds / (15 * 60)) * (15 * 60); + $formats = array(); + + foreach ($this->getDateFormats($iso) as $date) { + foreach ($this->getTimeFormats() as $time) { + $formats[] = $date.' '.$time; + } + } + + return $formats; } /** - * Return a timestamp if the given date format is correct otherwise return 0 + * List of all date formats * * @access public - * @param string $value Date to parse - * @param string $format Date format - * @return integer + * @param boolean $iso + * @return string[] */ - public function getValidDate($value, $format) + public function getAllDateFormats($iso = false) { - $date = DateTime::createFromFormat($format, $value); + return array_merge($this->getDateFormats($iso), $this->getDateTimeFormats($iso)); + } - if ($date !== false) { - $errors = DateTime::getLastErrors(); - if ($errors['error_count'] === 0 && $errors['warning_count'] === 0) { - $timestamp = $date->getTimestamp(); - return $timestamp > 0 ? $timestamp : 0; - } + /** + * Get available formats (visible in settings) + * + * @access public + * @param array $formats + * @return array + */ + public function getAvailableFormats(array $formats) + { + $values = array(); + + foreach ($formats as $format) { + $values[$format] = date($format); } - return 0; + return $values; } /** @@ -85,7 +109,11 @@ class DateParser extends Base */ public function getTimestamp($value) { - foreach ($this->getAllFormats() as $format) { + if (ctype_digit($value)) { + return (int) $value; + } + + foreach ($this->getAllDateFormats(true) as $format) { $timestamp = $this->getValidDate($value, $format); if ($timestamp !== 0) { @@ -97,104 +125,103 @@ class DateParser extends Base } /** - * Get ISO8601 date from user input + * Return a timestamp if the given date format is correct otherwise return 0 * - * @access public - * @param string $value Date to parse - * @return string + * @access private + * @param string $value Date to parse + * @param string $format Date format + * @return integer */ - public function getIsoDate($value) + private function getValidDate($value, $format) { - return date('Y-m-d', ctype_digit($value) ? $value : $this->getTimestamp($value)); + $date = DateTime::createFromFormat($format, $value); + + if ($date !== false) { + $errors = DateTime::getLastErrors(); + if ($errors['error_count'] === 0 && $errors['warning_count'] === 0) { + $timestamp = $date->getTimestamp(); + return $timestamp > 0 ? $timestamp : 0; + } + } + + return 0; } /** - * Get all combinations of date/time formats + * Return true if the date is within the date range * * @access public - * @return string[] + * @param DateTime $date + * @param DateTime $start + * @param DateTime $end + * @return boolean */ - public function getAllFormats() + public function withinDateRange(DateTime $date, DateTime $start, DateTime $end) { - $formats = array(); - - foreach ($this->getDateFormats() as $date) { - foreach ($this->getTimeFormats() as $time) { - $formats[] = $date.' '.$time; - } - } - - return array_merge($formats, $this->getDateFormats()); + return $date >= $start && $date <= $end; } /** - * Return the list of supported date formats (for the parser) + * Get the total number of hours between 2 datetime objects + * Minutes are rounded to the nearest quarter * * @access public - * @return string[] + * @param DateTime $d1 + * @param DateTime $d2 + * @return float */ - public function getDateFormats() + public function getHours(DateTime $d1, DateTime $d2) { - return array( - $this->config->get('application_date_format', 'm/d/Y'), - 'Y-m-d', - 'Y_m_d', - ); + $seconds = $this->getRoundedSeconds(abs($d1->getTimestamp() - $d2->getTimestamp())); + return round($seconds / 3600, 2); } /** - * Return the list of supported time formats (for the parser) + * Round the timestamp to the nearest quarter * * @access public - * @return string[] + * @param integer $seconds Timestamp + * @return integer */ - public function getTimeFormats() + public function getRoundedSeconds($seconds) { - return array( - 'H:i', - 'g:i A', - 'g:iA', - ); + return (int) round($seconds / (15 * 60)) * (15 * 60); } /** - * Return the list of available date formats (for the config page) + * Get ISO-8601 date from user input * * @access public - * @return array + * @param string $value Date to parse + * @return string */ - public function getAvailableFormats() + public function getIsoDate($value) { - return array( - 'm/d/Y' => date('m/d/Y'), - 'd/m/Y' => date('d/m/Y'), - 'Y/m/d' => date('Y/m/d'), - 'd.m.Y' => date('d.m.Y'), - ); + return date('Y-m-d', $this->getTimestamp($value)); } /** - * Remove the time from a timestamp + * Get a timetstamp from an ISO date format * * @access public - * @param integer $timestamp Timestamp + * @param string $value * @return integer */ - public function removeTimeFromTimestamp($timestamp) + public function getTimestampFromIsoFormat($value) { - return mktime(0, 0, 0, date('m', $timestamp), date('d', $timestamp), date('Y', $timestamp)); + return $this->removeTimeFromTimestamp(ctype_digit($value) ? $value : strtotime($value)); } /** - * Get a timetstamp from an ISO date format + * Remove the time from a timestamp * * @access public - * @param string $date + * @param integer $timestamp * @return integer */ - public function getTimestampFromIsoFormat($date) + public function removeTimeFromTimestamp($timestamp) { - return $this->removeTimeFromTimestamp(ctype_digit($date) ? $date : strtotime($date)); + return mktime(0, 0, 0, date('m', $timestamp), date('d', $timestamp), date('Y', $timestamp)); } /** @@ -204,13 +231,10 @@ class DateParser extends Base * @param array $values Database values * @param string[] $fields Date fields * @param string $format Date format + * @return array */ - public function format(array &$values, array $fields, $format = '') + public function format(array $values, array $fields, $format) { - if ($format === '') { - $format = $this->config->get('application_date_format'); - } - foreach ($fields as $field) { if (! empty($values[$field])) { $values[$field] = date($format, $values[$field]); @@ -218,23 +242,28 @@ class DateParser extends Base $values[$field] = ''; } } + + return $values; } /** - * Convert date (form input data) + * Convert date to timestamp * * @access public * @param array $values Database values * @param string[] $fields Date fields * @param boolean $keep_time Keep time or not + * @return array */ - public function convert(array &$values, array $fields, $keep_time = false) + public function convert(array $values, array $fields, $keep_time = false) { foreach ($fields as $field) { - if (! empty($values[$field]) && ! is_numeric($values[$field])) { + if (! empty($values[$field])) { $timestamp = $this->getTimestamp($values[$field]); $values[$field] = $keep_time ? $timestamp : $this->removeTimeFromTimestamp($timestamp); } } + + return $values; } } diff --git a/app/Core/Event/EventManager.php b/app/Core/Event/EventManager.php new file mode 100644 index 00000000..162d23e8 --- /dev/null +++ b/app/Core/Event/EventManager.php @@ -0,0 +1,63 @@ +<?php + +namespace Kanboard\Core\Event; + +use Kanboard\Model\Task; +use Kanboard\Model\TaskLink; + +/** + * Event Manager + * + * @package event + * @author Frederic Guillot + */ +class EventManager +{ + /** + * Extended events + * + * @access private + * @var array + */ + private $events = array(); + + /** + * Add new event + * + * @access public + * @param string $event + * @param string $description + * @return EventManager + */ + public function register($event, $description) + { + $this->events[$event] = $description; + return $this; + } + + /** + * Get the list of events and description that can be used from the user interface + * + * @access public + * @return array + */ + public function getAll() + { + $events = array( + TaskLink::EVENT_CREATE_UPDATE => t('Task link creation or modification'), + Task::EVENT_MOVE_COLUMN => t('Move a task to another column'), + Task::EVENT_UPDATE => t('Task modification'), + Task::EVENT_CREATE => t('Task creation'), + Task::EVENT_OPEN => t('Reopen a task'), + Task::EVENT_CLOSE => t('Closing a task'), + Task::EVENT_CREATE_UPDATE => t('Task creation or modification'), + Task::EVENT_ASSIGNEE_CHANGE => t('Task assignee change'), + Task::EVENT_DAILY_CRONJOB => t('Daily background job for tasks'), + ); + + $events = array_merge($events, $this->events); + asort($events); + + return $events; + } +} diff --git a/app/Core/ExternalLink/ExternalLinkInterface.php b/app/Core/ExternalLink/ExternalLinkInterface.php new file mode 100644 index 00000000..2dbc0a19 --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkInterface.php @@ -0,0 +1,36 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +/** + * External Link Interface + * + * @package externalLink + * @author Frederic Guillot + */ +interface ExternalLinkInterface +{ + /** + * Get link title + * + * @access public + * @return string + */ + public function getTitle(); + + /** + * Get link URL + * + * @access public + * @return string + */ + public function getUrl(); + + /** + * Set link URL + * + * @access public + * @param string $url + */ + public function setUrl($url); +} diff --git a/app/Core/ExternalLink/ExternalLinkManager.php b/app/Core/ExternalLink/ExternalLinkManager.php new file mode 100644 index 00000000..1fa423c2 --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkManager.php @@ -0,0 +1,173 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +use Kanboard\Core\Base; + +/** + * External Link Manager + * + * @package externalLink + * @author Frederic Guillot + */ +class ExternalLinkManager extends Base +{ + /** + * Automatic type value + * + * @var string + */ + const TYPE_AUTO = 'auto'; + + /** + * Registered providers + * + * @access private + * @var array + */ + private $providers = array(); + + /** + * Type chosen by the user + * + * @access private + * @var string + */ + private $userInputType = ''; + + /** + * Text entered by the user + * + * @access private + * @var string + */ + private $userInputText = ''; + + /** + * Register a new provider + * + * Providers are registered in a LIFO queue + * + * @access public + * @param ExternalLinkProviderInterface $provider + * @return ExternalLinkManager + */ + public function register(ExternalLinkProviderInterface $provider) + { + array_unshift($this->providers, $provider); + return $this; + } + + /** + * Get provider + * + * @access public + * @param string $type + * @throws ExternalLinkProviderNotFound + * @return ExternalLinkProviderInterface + */ + public function getProvider($type) + { + foreach ($this->providers as $provider) { + if ($provider->getType() === $type) { + return $provider; + } + } + + throw new ExternalLinkProviderNotFound('Unable to find link provider: '.$type); + } + + /** + * Get link types + * + * @access public + * @return array + */ + public function getTypes() + { + $types = array(); + + foreach ($this->providers as $provider) { + $types[$provider->getType()] = $provider->getName(); + } + + asort($types); + + return array(self::TYPE_AUTO => t('Auto')) + $types; + } + + /** + * Get dependency label from a provider + * + * @access public + * @param string $type + * @param string $dependency + * @return string + */ + public function getDependencyLabel($type, $dependency) + { + $provider = $this->getProvider($type); + $dependencies = $provider->getDependencies(); + return isset($dependencies[$dependency]) ? $dependencies[$dependency] : $dependency; + } + + /** + * Find a provider that match + * + * @access public + * @throws ExternalLinkProviderNotFound + * @return ExternalLinkProviderInterface + */ + public function find() + { + if ($this->userInputType === self::TYPE_AUTO) { + $provider = $this->findProvider(); + } else { + $provider = $this->getProvider($this->userInputType); + $provider->setUserTextInput($this->userInputText); + + if (! $provider->match()) { + throw new ExternalLinkProviderNotFound('Unable to parse URL with selected provider'); + } + } + + if ($provider === null) { + throw new ExternalLinkProviderNotFound('Unable to find link information from provided information'); + } + + return $provider; + } + + /** + * Set form values + * + * @access public + * @param array $values + * @return ExternalLinkManager + */ + public function setUserInput(array $values) + { + $this->userInputType = empty($values['type']) ? self::TYPE_AUTO : $values['type']; + $this->userInputText = empty($values['text']) ? '' : trim($values['text']); + return $this; + } + + /** + * Find a provider that user input + * + * @access private + * @return ExternalLinkProviderInterface + */ + private function findProvider() + { + foreach ($this->providers as $provider) { + $provider->setUserTextInput($this->userInputText); + + if ($provider->match()) { + return $provider; + } + } + + return null; + } +} diff --git a/app/Core/ExternalLink/ExternalLinkProviderInterface.php b/app/Core/ExternalLink/ExternalLinkProviderInterface.php new file mode 100644 index 00000000..c908e1eb --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkProviderInterface.php @@ -0,0 +1,71 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +/** + * External Link Provider Interface + * + * @package externalLink + * @author Frederic Guillot + */ +interface ExternalLinkProviderInterface +{ + /** + * Get provider name (label) + * + * @access public + * @return string + */ + public function getName(); + + /** + * Get link type (will be saved in the database) + * + * @access public + * @return string + */ + public function getType(); + + /** + * Get a dictionary of supported dependency types by the provider + * + * Example: + * + * [ + * 'related' => t('Related'), + * 'child' => t('Child'), + * 'parent' => t('Parent'), + * 'self' => t('Self'), + * ] + * + * The dictionary key is saved in the database. + * + * @access public + * @return array + */ + public function getDependencies(); + + /** + * Set text entered by the user + * + * @access public + * @param string $input + */ + public function setUserTextInput($input); + + /** + * Return true if the provider can parse correctly the user input + * + * @access public + * @return boolean + */ + public function match(); + + /** + * Get the link found with the properties + * + * @access public + * @return ExternalLinkInterface + */ + public function getLink(); +} diff --git a/app/Core/ExternalLink/ExternalLinkProviderNotFound.php b/app/Core/ExternalLink/ExternalLinkProviderNotFound.php new file mode 100644 index 00000000..4fd05202 --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkProviderNotFound.php @@ -0,0 +1,15 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +use Exception; + +/** + * External Link Provider Not Found Exception + * + * @package externalLink + * @author Frederic Guillot + */ +class ExternalLinkProviderNotFound extends Exception +{ +} diff --git a/app/Core/Group/GroupBackendProviderInterface.php b/app/Core/Group/GroupBackendProviderInterface.php new file mode 100644 index 00000000..74c5cb03 --- /dev/null +++ b/app/Core/Group/GroupBackendProviderInterface.php @@ -0,0 +1,21 @@ +<?php + +namespace Kanboard\Core\Group; + +/** + * Group Backend Provider Interface + * + * @package group + * @author Frederic Guillot + */ +interface GroupBackendProviderInterface +{ + /** + * Find a group from a search query + * + * @access public + * @param string $input + * @return GroupProviderInterface[] + */ + public function find($input); +} diff --git a/app/Core/Group/GroupManager.php b/app/Core/Group/GroupManager.php new file mode 100644 index 00000000..48b6c4f8 --- /dev/null +++ b/app/Core/Group/GroupManager.php @@ -0,0 +1,71 @@ +<?php + +namespace Kanboard\Core\Group; + +/** + * Group Manager + * + * @package group + * @author Frederic Guillot + */ +class GroupManager +{ + /** + * List of backend providers + * + * @access private + * @var array + */ + private $providers = array(); + + /** + * Register a new group backend provider + * + * @access public + * @param GroupBackendProviderInterface $provider + * @return GroupManager + */ + public function register(GroupBackendProviderInterface $provider) + { + $this->providers[] = $provider; + return $this; + } + + /** + * Find a group from a search query + * + * @access public + * @param string $input + * @return GroupProviderInterface[] + */ + public function find($input) + { + $groups = array(); + + foreach ($this->providers as $provider) { + $groups = array_merge($groups, $provider->find($input)); + } + + return $this->removeDuplicates($groups); + } + + /** + * Remove duplicated groups + * + * @access private + * @param array $groups + * @return GroupProviderInterface[] + */ + private function removeDuplicates(array $groups) + { + $result = array(); + + foreach ($groups as $group) { + if (! isset($result[$group->getName()])) { + $result[$group->getName()] = $group; + } + } + + return array_values($result); + } +} diff --git a/app/Core/Group/GroupProviderInterface.php b/app/Core/Group/GroupProviderInterface.php new file mode 100644 index 00000000..4c7c16ec --- /dev/null +++ b/app/Core/Group/GroupProviderInterface.php @@ -0,0 +1,40 @@ +<?php + +namespace Kanboard\Core\Group; + +/** + * Group Provider Interface + * + * @package group + * @author Frederic Guillot + */ +interface GroupProviderInterface +{ + /** + * Get internal id + * + * You must return 0 if the group come from an external backend + * + * @access public + * @return integer + */ + public function getInternalId(); + + /** + * Get external id + * + * You must return a unique id if the group come from an external provider + * + * @access public + * @return string + */ + public function getExternalId(); + + /** + * Get group name + * + * @access public + * @return string + */ + public function getName(); +} diff --git a/app/Core/Helper.php b/app/Core/Helper.php index 5edaa3f0..bf71769f 100644 --- a/app/Core/Helper.php +++ b/app/Core/Helper.php @@ -20,6 +20,7 @@ use Pimple\Container; * @property \Helper\Text $text * @property \Helper\Url $url * @property \Helper\User $user + * @property \Helper\Layout $layout */ class Helper { diff --git a/app/Core/HttpClient.php b/app/Core/Http/Client.php index 7f4ea47a..12b0a1cb 100644 --- a/app/Core/HttpClient.php +++ b/app/Core/Http/Client.php @@ -1,14 +1,16 @@ <?php -namespace Kanboard\Core; +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; /** * HTTP client * - * @package core + * @package http * @author Frederic Guillot */ -class HttpClient extends Base +class Client extends Base { /** * HTTP connection timeout in seconds @@ -32,6 +34,19 @@ class HttpClient extends Base const HTTP_USER_AGENT = 'Kanboard'; /** + * Send a GET HTTP request + * + * @access public + * @param string $url + * @param string[] $headers + * @return string + */ + public function get($url, array $headers = array()) + { + return $this->doRequest('GET', $url, '', $headers); + } + + /** * Send a GET HTTP request and parse JSON response * * @access public @@ -99,6 +114,36 @@ class HttpClient extends Base return ''; } + $stream = @fopen(trim($url), 'r', false, stream_context_create($this->getContext($method, $content, $headers))); + $response = ''; + + if (is_resource($stream)) { + $response = stream_get_contents($stream); + } else { + $this->logger->error('HttpClient: request failed'); + } + + if (DEBUG) { + $this->logger->debug('HttpClient: url='.$url); + $this->logger->debug('HttpClient: payload='.$content); + $this->logger->debug('HttpClient: metadata='.var_export(@stream_get_meta_data($stream), true)); + $this->logger->debug('HttpClient: response='.$response); + } + + return $response; + } + + /** + * Get stream context + * + * @access private + * @param string $method + * @param string $content + * @param string[] $headers + * @return array + */ + private function getContext($method, $content, array $headers) + { $default_headers = array( 'User-Agent: '.self::HTTP_USER_AGENT, 'Connection: close', @@ -126,22 +171,6 @@ class HttpClient extends Base $context['http']['request_fulluri'] = true; } - $stream = @fopen(trim($url), 'r', false, stream_context_create($context)); - $response = ''; - - if (is_resource($stream)) { - $response = stream_get_contents($stream); - } else { - $this->container['logger']->error('HttpClient: request failed'); - } - - if (DEBUG) { - $this->container['logger']->debug('HttpClient: url='.$url); - $this->container['logger']->debug('HttpClient: payload='.$content); - $this->container['logger']->debug('HttpClient: metadata='.var_export(@stream_get_meta_data($stream), true)); - $this->container['logger']->debug('HttpClient: response='.$response); - } - - return $response; + return $context; } } diff --git a/app/Core/OAuth2.php b/app/Core/Http/OAuth2.php index a5bbba1a..6fa1fb0a 100644 --- a/app/Core/OAuth2.php +++ b/app/Core/Http/OAuth2.php @@ -1,11 +1,13 @@ <?php -namespace Kanboard\Core; +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; /** - * OAuth2 client + * OAuth2 Client * - * @package core + * @package http * @author Frederic Guillot */ class OAuth2 extends Base diff --git a/app/Core/Http/RememberMeCookie.php b/app/Core/Http/RememberMeCookie.php new file mode 100644 index 00000000..a32b35f3 --- /dev/null +++ b/app/Core/Http/RememberMeCookie.php @@ -0,0 +1,120 @@ +<?php + +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; + +/** + * Remember Me Cookie + * + * @package http + * @author Frederic Guillot + */ +class RememberMeCookie extends Base +{ + /** + * Cookie name + * + * @var string + */ + const COOKIE_NAME = 'KB_RM'; + + /** + * Encode the cookie + * + * @access public + * @param string $token Session token + * @param string $sequence Sequence token + * @return string + */ + public function encode($token, $sequence) + { + return implode('|', array($token, $sequence)); + } + + /** + * Decode the value of a cookie + * + * @access public + * @param string $value Raw cookie data + * @return array + */ + public function decode($value) + { + list($token, $sequence) = explode('|', $value); + + return array( + 'token' => $token, + 'sequence' => $sequence, + ); + } + + /** + * Return true if the current user has a RememberMe cookie + * + * @access public + * @return bool + */ + public function hasCookie() + { + return $this->request->getCookie(self::COOKIE_NAME) !== ''; + } + + /** + * Write and encode the cookie + * + * @access public + * @param string $token Session token + * @param string $sequence Sequence token + * @param string $expiration Cookie expiration + * @return boolean + */ + public function write($token, $sequence, $expiration) + { + return setcookie( + self::COOKIE_NAME, + $this->encode($token, $sequence), + $expiration, + $this->helper->url->dir(), + null, + $this->request->isHTTPS(), + true + ); + } + + /** + * Read and decode the cookie + * + * @access public + * @return mixed + */ + public function read() + { + $cookie = $this->request->getCookie(self::COOKIE_NAME); + + if (empty($cookie)) { + return false; + } + + return $this->decode($cookie); + } + + /** + * Remove the cookie + * + * @access public + * @return boolean + */ + public function remove() + { + return setcookie( + self::COOKIE_NAME, + '', + time() - 3600, + $this->helper->url->dir(), + null, + $this->request->isHTTPS(), + true + ); + } +} diff --git a/app/Core/Http/Request.php b/app/Core/Http/Request.php new file mode 100644 index 00000000..1b3036d5 --- /dev/null +++ b/app/Core/Http/Request.php @@ -0,0 +1,337 @@ +<?php + +namespace Kanboard\Core\Http; + +use Pimple\Container; +use Kanboard\Core\Base; + +/** + * Request class + * + * @package http + * @author Frederic Guillot + */ +class Request extends Base +{ + /** + * Pointer to PHP environment variables + * + * @access private + * @var array + */ + private $server; + private $get; + private $post; + private $files; + private $cookies; + + /** + * Constructor + * + * @access public + * @param \Pimple\Container $container + */ + public function __construct(Container $container, array $server = array(), array $get = array(), array $post = array(), array $files = array(), array $cookies = array()) + { + parent::__construct($container); + $this->server = empty($server) ? $_SERVER : $server; + $this->get = empty($get) ? $_GET : $get; + $this->post = empty($post) ? $_POST : $post; + $this->files = empty($files) ? $_FILES : $files; + $this->cookies = empty($cookies) ? $_COOKIE : $cookies; + } + + /** + * Set GET parameters + * + * @param array $params + */ + public function setParams(array $params) + { + $this->get = array_merge($this->get, $params); + } + + /** + * Get query string string parameter + * + * @access public + * @param string $name Parameter name + * @param string $default_value Default value + * @return string + */ + public function getStringParam($name, $default_value = '') + { + return isset($this->get[$name]) ? $this->get[$name] : $default_value; + } + + /** + * Get query string integer parameter + * + * @access public + * @param string $name Parameter name + * @param integer $default_value Default value + * @return integer + */ + public function getIntegerParam($name, $default_value = 0) + { + return isset($this->get[$name]) && ctype_digit($this->get[$name]) ? (int) $this->get[$name] : $default_value; + } + + /** + * Get a form value + * + * @access public + * @param string $name Form field name + * @return string|null + */ + public function getValue($name) + { + $values = $this->getValues(); + return isset($values[$name]) ? $values[$name] : null; + } + + /** + * Get form values and check for CSRF token + * + * @access public + * @return array + */ + public function getValues() + { + if (! empty($this->post) && ! empty($this->post['csrf_token']) && $this->token->validateCSRFToken($this->post['csrf_token'])) { + unset($this->post['csrf_token']); + return $this->post; + } + + return array(); + } + + /** + * Get the raw body of the HTTP request + * + * @access public + * @return string + */ + public function getBody() + { + return file_get_contents('php://input'); + } + + /** + * Get the Json request body + * + * @access public + * @return array + */ + public function getJson() + { + return json_decode($this->getBody(), true) ?: array(); + } + + /** + * Get the content of an uploaded file + * + * @access public + * @param string $name Form file name + * @return string + */ + public function getFileContent($name) + { + if (isset($this->files[$name]['tmp_name'])) { + return file_get_contents($this->files[$name]['tmp_name']); + } + + return ''; + } + + /** + * Get the path of an uploaded file + * + * @access public + * @param string $name Form file name + * @return string + */ + public function getFilePath($name) + { + return isset($this->files[$name]['tmp_name']) ? $this->files[$name]['tmp_name'] : ''; + } + + /** + * Get info of an uploaded file + * + * @access public + * @param string $name Form file name + * @return array + */ + public function getFileInfo($name) + { + return isset($this->files[$name]) ? $this->files[$name] : array(); + } + + /** + * Return HTTP method + * + * @access public + * @return bool + */ + public function getMethod() + { + return $this->getServerVariable('REQUEST_METHOD'); + } + + /** + * Return true if the HTTP request is sent with the POST method + * + * @access public + * @return bool + */ + public function isPost() + { + return $this->getServerVariable('REQUEST_METHOD') === 'POST'; + } + + /** + * Return true if the HTTP request is an Ajax request + * + * @access public + * @return bool + */ + public function isAjax() + { + return $this->getHeader('X-Requested-With') === 'XMLHttpRequest'; + } + + /** + * Check if the page is requested through HTTPS + * + * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS + * + * @access public + * @return boolean + */ + public function isHTTPS() + { + return isset($this->server['HTTPS']) && $this->server['HTTPS'] !== '' && $this->server['HTTPS'] !== 'off'; + } + + /** + * Get cookie value + * + * @access public + * @param string $name + * @return string + */ + public function getCookie($name) + { + return isset($this->cookies[$name]) ? $this->cookies[$name] : ''; + } + + /** + * Return a HTTP header value + * + * @access public + * @param string $name Header name + * @return string + */ + public function getHeader($name) + { + $name = 'HTTP_'.str_replace('-', '_', strtoupper($name)); + return $this->getServerVariable($name); + } + + /** + * Get remote user + * + * @access public + * @return string + */ + public function getRemoteUser() + { + return $this->getServerVariable(REVERSE_PROXY_USER_HEADER); + } + + /** + * Returns query string + * + * @access public + * @return string + */ + public function getQueryString() + { + return $this->getServerVariable('QUERY_STRING'); + } + + /** + * Return URI + * + * @access public + * @return string + */ + public function getUri() + { + return $this->getServerVariable('REQUEST_URI'); + } + + /** + * Get the user agent + * + * @access public + * @return string + */ + public function getUserAgent() + { + return empty($this->server['HTTP_USER_AGENT']) ? t('Unknown') : $this->server['HTTP_USER_AGENT']; + } + + /** + * Get the IP address of the user + * + * @access public + * @return string + */ + public function getIpAddress() + { + $keys = array( + 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_FORWARDED', + 'HTTP_X_CLUSTER_CLIENT_IP', + 'HTTP_FORWARDED_FOR', + 'HTTP_FORWARDED', + 'REMOTE_ADDR' + ); + + foreach ($keys as $key) { + if ($this->getServerVariable($key) !== '') { + foreach (explode(',', $this->server[$key]) as $ipAddress) { + return trim($ipAddress); + } + } + } + + return t('Unknown'); + } + + /** + * Get start time + * + * @access public + * @return float + */ + public function getStartTime() + { + return $this->getServerVariable('REQUEST_TIME_FLOAT') ?: 0; + } + + /** + * Get server variable + * + * @access public + * @param string $variable + * @return string + */ + public function getServerVariable($variable) + { + return isset($this->server[$variable]) ? $this->server[$variable] : ''; + } +} diff --git a/app/Core/Response.php b/app/Core/Http/Response.php index 528a6302..d098f519 100644 --- a/app/Core/Response.php +++ b/app/Core/Http/Response.php @@ -1,14 +1,17 @@ <?php -namespace Kanboard\Core; +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; +use Kanboard\Core\Csv; /** * Response class * - * @package core + * @package http * @author Frederic Guillot */ -class Response +class Response extends Base { /** * Send no cache headers @@ -44,6 +47,8 @@ class Response public function forceDownload($filename) { header('Content-Disposition: attachment; filename="'.$filename.'"'); + header('Content-Transfer-Encoding: binary'); + header('Content-Type: application/octet-stream'); } /** @@ -55,7 +60,7 @@ class Response public function status($status_code) { header('Status: '.$status_code); - header($_SERVER['SERVER_PROTOCOL'].' '.$status_code); + header($this->request->getServerVariable('SERVER_PROTOCOL').' '.$status_code); } /** @@ -63,11 +68,12 @@ class Response * * @access public * @param string $url Redirection URL + * @param boolean $self If Ajax request and true: refresh the current page */ - public function redirect($url) + public function redirect($url, $self = false) { - if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest') { - header('X-Ajax-Redirect: '.$url); + if ($this->request->isAjax()) { + header('X-Ajax-Redirect: '.($self ? 'self' : $url)); } else { header('Location: '.$url); } @@ -215,7 +221,6 @@ class Response */ public function csp(array $policies = array()) { - $policies['default-src'] = "'self'"; $values = ''; foreach ($policies as $policy => $acl) { @@ -252,7 +257,7 @@ class Response */ public function hsts() { - if (Request::isHTTPS()) { + if ($this->request->isHTTPS()) { header('Strict-Transport-Security: max-age=31536000'); } } diff --git a/app/Core/Http/Route.php b/app/Core/Http/Route.php new file mode 100644 index 00000000..7836146d --- /dev/null +++ b/app/Core/Http/Route.php @@ -0,0 +1,187 @@ +<?php + +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; + +/** + * Route Handler + * + * @package http + * @author Frederic Guillot + */ +class Route extends Base +{ + /** + * Flag that enable the routing table + * + * @access private + * @var boolean + */ + private $activated = false; + + /** + * Store routes for path lookup + * + * @access private + * @var array + */ + private $paths = array(); + + /** + * Store routes for url lookup + * + * @access private + * @var array + */ + private $urls = array(); + + /** + * Enable routing table + * + * @access public + * @return Route + */ + public function enable() + { + $this->activated = true; + return $this; + } + + /** + * Add route + * + * @access public + * @param string $path + * @param string $controller + * @param string $action + * @param string $plugin + * @return Route + */ + public function addRoute($path, $controller, $action, $plugin = '') + { + if ($this->activated) { + $path = ltrim($path, '/'); + $items = explode('/', $path); + $params = $this->findParams($items); + + $this->paths[] = array( + 'items' => $items, + 'count' => count($items), + 'controller' => $controller, + 'action' => $action, + 'plugin' => $plugin, + ); + + $this->urls[$plugin][$controller][$action][] = array( + 'path' => $path, + 'params' => $params, + 'count' => count($params), + ); + } + + return $this; + } + + /** + * Find a route according to the given path + * + * @access public + * @param string $path + * @return array + */ + public function findRoute($path) + { + $items = explode('/', ltrim($path, '/')); + $count = count($items); + + foreach ($this->paths as $route) { + if ($count === $route['count']) { + $params = array(); + + for ($i = 0; $i < $count; $i++) { + if ($route['items'][$i]{0} === ':') { + $params[substr($route['items'][$i], 1)] = $items[$i]; + } elseif ($route['items'][$i] !== $items[$i]) { + break; + } + } + + if ($i === $count) { + $this->request->setParams($params); + return array( + 'controller' => $route['controller'], + 'action' => $route['action'], + 'plugin' => $route['plugin'], + ); + } + } + } + + return array( + 'controller' => 'app', + 'action' => 'index', + 'plugin' => '', + ); + } + + /** + * Find route url + * + * @access public + * @param string $controller + * @param string $action + * @param array $params + * @param string $plugin + * @return string + */ + public function findUrl($controller, $action, array $params = array(), $plugin = '') + { + if ($plugin === '' && isset($params['plugin'])) { + $plugin = $params['plugin']; + unset($params['plugin']); + } + + if (! isset($this->urls[$plugin][$controller][$action])) { + return ''; + } + + foreach ($this->urls[$plugin][$controller][$action] as $route) { + if (array_diff_key($params, $route['params']) === array()) { + $url = $route['path']; + $i = 0; + + foreach ($params as $variable => $value) { + $url = str_replace(':'.$variable, $value, $url); + $i++; + } + + if ($i === $route['count']) { + return $url; + } + } + } + + return ''; + } + + /** + * Find url params + * + * @access public + * @param array $items + * @return array + */ + public function findParams(array $items) + { + $params = array(); + + foreach ($items as $item) { + if ($item !== '' && $item{0} === ':') { + $params[substr($item, 1)] = true; + } + } + + return $params; + } +} diff --git a/app/Core/Http/Router.php b/app/Core/Http/Router.php new file mode 100644 index 00000000..0fe80ecc --- /dev/null +++ b/app/Core/Http/Router.php @@ -0,0 +1,169 @@ +<?php + +namespace Kanboard\Core\Http; + +use RuntimeException; +use Kanboard\Core\Base; + +/** + * Route Dispatcher + * + * @package http + * @author Frederic Guillot + */ +class Router extends Base +{ + /** + * Plugin name + * + * @access private + * @var string + */ + private $plugin = ''; + + /** + * Controller + * + * @access private + * @var string + */ + private $controller = ''; + + /** + * Action + * + * @access private + * @var string + */ + private $action = ''; + + /** + * Get plugin name + * + * @access public + * @return string + */ + public function getPlugin() + { + return $this->plugin; + } + + /** + * Get controller + * + * @access public + * @return string + */ + public function getController() + { + return $this->controller; + } + + /** + * Get action + * + * @access public + * @return string + */ + public function getAction() + { + return $this->action; + } + + /** + * Get the path to compare patterns + * + * @access public + * @return string + */ + public function getPath() + { + $path = substr($this->request->getUri(), strlen($this->helper->url->dir())); + + if ($this->request->getQueryString() !== '') { + $path = substr($path, 0, - strlen($this->request->getQueryString()) - 1); + } + + if ($path !== '' && $path{0} === '/') { + $path = substr($path, 1); + } + + return $path; + } + + /** + * Find controller/action from the route table or from get arguments + * + * @access public + */ + public function dispatch() + { + $controller = $this->request->getStringParam('controller'); + $action = $this->request->getStringParam('action'); + $plugin = $this->request->getStringParam('plugin'); + + if ($controller === '') { + $route = $this->route->findRoute($this->getPath()); + $controller = $route['controller']; + $action = $route['action']; + $plugin = $route['plugin']; + } + + $this->controller = ucfirst($this->sanitize($controller, 'app')); + $this->action = $this->sanitize($action, 'index'); + $this->plugin = ucfirst($this->sanitize($plugin)); + + return $this->executeAction(); + } + + /** + * Check controller and action parameter + * + * @access public + * @param string $value + * @param string $default + * @return string + */ + public function sanitize($value, $default = '') + { + return preg_match('/^[a-zA-Z_0-9]+$/', $value) ? $value : $default; + } + + /** + * Execute controller action + * + * @access private + */ + private function executeAction() + { + $class = $this->getControllerClassName(); + + if (! class_exists($class)) { + throw new RuntimeException('Controller not found'); + } + + if (! method_exists($class, $this->action)) { + throw new RuntimeException('Action not implemented'); + } + + $instance = new $class($this->container); + $instance->beforeAction(); + $instance->{$this->action}(); + return $instance; + } + + /** + * Get controller class name + * + * @access private + * @return string + */ + private function getControllerClassName() + { + if ($this->plugin !== '') { + return '\Kanboard\Plugin\\'.$this->plugin.'\Controller\\'.$this->controller; + } + + return '\Kanboard\Controller\\'.$this->controller; + } +} diff --git a/app/Core/Ldap/Client.php b/app/Core/Ldap/Client.php new file mode 100644 index 00000000..63149ae3 --- /dev/null +++ b/app/Core/Ldap/Client.php @@ -0,0 +1,165 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use LogicException; + +/** + * LDAP Client + * + * @package ldap + * @author Frederic Guillot + */ +class Client +{ + /** + * LDAP resource + * + * @access protected + * @var resource + */ + protected $ldap; + + /** + * Establish LDAP connection + * + * @static + * @access public + * @param string $username + * @param string $password + * @return Client + */ + public static function connect($username = null, $password = null) + { + $client = new self; + $client->open($client->getLdapServer()); + $username = $username ?: $client->getLdapUsername(); + $password = $password ?: $client->getLdapPassword(); + + if (empty($username) && empty($password)) { + $client->useAnonymousAuthentication(); + } else { + $client->authenticate($username, $password); + } + + return $client; + } + + /** + * Get server connection + * + * @access public + * @return resource + */ + public function getConnection() + { + return $this->ldap; + } + + /** + * Establish server connection + * + * @access public + * @param string $server LDAP server hostname or IP + * @param integer $port LDAP port + * @param boolean $tls Start TLS + * @param boolean $verify Skip SSL certificate verification + * @return Client + */ + public function open($server, $port = LDAP_PORT, $tls = LDAP_START_TLS, $verify = LDAP_SSL_VERIFY) + { + if (! function_exists('ldap_connect')) { + throw new ClientException('LDAP: The PHP LDAP extension is required'); + } + + if (! $verify) { + putenv('LDAPTLS_REQCERT=never'); + } + + $this->ldap = ldap_connect($server, $port); + + if ($this->ldap === false) { + throw new ClientException('LDAP: Unable to connect to the LDAP server'); + } + + ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($this->ldap, LDAP_OPT_NETWORK_TIMEOUT, 1); + ldap_set_option($this->ldap, LDAP_OPT_TIMELIMIT, 1); + + if ($tls && ! @ldap_start_tls($this->ldap)) { + throw new ClientException('LDAP: Unable to start TLS'); + } + + return $this; + } + + /** + * Anonymous authentication + * + * @access public + * @return boolean + */ + public function useAnonymousAuthentication() + { + if (! @ldap_bind($this->ldap)) { + throw new ClientException('Unable to perform anonymous binding'); + } + + return true; + } + + /** + * Authentication with username/password + * + * @access public + * @param string $bind_rdn + * @param string $bind_password + * @return boolean + */ + public function authenticate($bind_rdn, $bind_password) + { + if (! @ldap_bind($this->ldap, $bind_rdn, $bind_password)) { + throw new ClientException('LDAP authentication failure for "'.$bind_rdn.'"'); + } + + return true; + } + + /** + * Get LDAP server name + * + * @access public + * @return string + */ + public function getLdapServer() + { + if (! LDAP_SERVER) { + throw new LogicException('LDAP server not configured, check the parameter LDAP_SERVER'); + } + + return LDAP_SERVER; + } + + /** + * Get LDAP username (proxy auth) + * + * @access public + * @return string + */ + public function getLdapUsername() + { + return LDAP_USERNAME; + } + + /** + * Get LDAP password (proxy auth) + * + * @access public + * @return string + */ + public function getLdapPassword() + { + return LDAP_PASSWORD; + } +} diff --git a/app/Core/Ldap/ClientException.php b/app/Core/Ldap/ClientException.php new file mode 100644 index 00000000..a0f9f842 --- /dev/null +++ b/app/Core/Ldap/ClientException.php @@ -0,0 +1,15 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use Exception; + +/** + * LDAP Client Exception + * + * @package ldap + * @author Frederic Guillot + */ +class ClientException extends Exception +{ +} diff --git a/app/Core/Ldap/Entries.php b/app/Core/Ldap/Entries.php new file mode 100644 index 00000000..0e779342 --- /dev/null +++ b/app/Core/Ldap/Entries.php @@ -0,0 +1,63 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Entries + * + * @package ldap + * @author Frederic Guillot + */ +class Entries +{ + /** + * LDAP entries + * + * @access protected + * @var array + */ + protected $entries = array(); + + /** + * Constructor + * + * @access public + * @param array $entries + */ + public function __construct(array $entries) + { + $this->entries = $entries; + } + + /** + * Get all entries + * + * @access public + * @return Entry[] + */ + public function getAll() + { + $entities = array(); + + if (! isset($this->entries['count'])) { + return $entities; + } + + for ($i = 0; $i < $this->entries['count']; $i++) { + $entities[] = new Entry($this->entries[$i]); + } + + return $entities; + } + + /** + * Get first entry + * + * @access public + * @return Entry + */ + public function getFirstEntry() + { + return new Entry(isset($this->entries[0]) ? $this->entries[0] : array()); + } +} diff --git a/app/Core/Ldap/Entry.php b/app/Core/Ldap/Entry.php new file mode 100644 index 00000000..0b99a58b --- /dev/null +++ b/app/Core/Ldap/Entry.php @@ -0,0 +1,91 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Entry + * + * @package ldap + * @author Frederic Guillot + */ +class Entry +{ + /** + * LDAP entry + * + * @access protected + * @var array + */ + protected $entry = array(); + + /** + * Constructor + * + * @access public + * @param array $entry + */ + public function __construct(array $entry) + { + $this->entry = $entry; + } + + /** + * Get all attribute values + * + * @access public + * @param string $attribute + * @return string[] + */ + public function getAll($attribute) + { + $attributes = array(); + + if (! isset($this->entry[$attribute]['count'])) { + return $attributes; + } + + for ($i = 0; $i < $this->entry[$attribute]['count']; $i++) { + $attributes[] = $this->entry[$attribute][$i]; + } + + return $attributes; + } + + /** + * Get first attribute value + * + * @access public + * @param string $attribute + * @param string $default + * @return string + */ + public function getFirstValue($attribute, $default = '') + { + return isset($this->entry[$attribute][0]) ? $this->entry[$attribute][0] : $default; + } + + /** + * Get entry distinguished name + * + * @access public + * @return string + */ + public function getDn() + { + return isset($this->entry['dn']) ? $this->entry['dn'] : ''; + } + + /** + * Return true if the given value exists in attribute list + * + * @access public + * @param string $attribute + * @param string $value + * @return boolean + */ + public function hasValue($attribute, $value) + { + $attributes = $this->getAll($attribute); + return in_array($value, $attributes); + } +} diff --git a/app/Core/Ldap/Group.php b/app/Core/Ldap/Group.php new file mode 100644 index 00000000..634d47ee --- /dev/null +++ b/app/Core/Ldap/Group.php @@ -0,0 +1,131 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use LogicException; +use Kanboard\Group\LdapGroupProvider; + +/** + * LDAP Group Finder + * + * @package ldap + * @author Frederic Guillot + */ +class Group +{ + /** + * Query + * + * @access protected + * @var Query + */ + protected $query; + + /** + * Constructor + * + * @access public + * @param Query $query + */ + public function __construct(Query $query) + { + $this->query = $query; + } + + /** + * Get groups + * + * @static + * @access public + * @param Client $client + * @param string $query + * @return array + */ + public static function getGroups(Client $client, $query) + { + $className = get_called_class(); + $self = new $className(new Query($client)); + return $self->find($query); + } + + /** + * Find groups + * + * @access public + * @param string $query + * @return array + */ + public function find($query) + { + $this->query->execute($this->getBasDn(), $query, $this->getAttributes()); + $groups = array(); + + if ($this->query->hasResult()) { + $groups = $this->build(); + } + + return $groups; + } + + /** + * Build groups list + * + * @access protected + * @return array + */ + protected function build() + { + $groups = array(); + + foreach ($this->query->getEntries()->getAll() as $entry) { + $groups[] = new LdapGroupProvider($entry->getDn(), $entry->getFirstValue($this->getAttributeName())); + } + + return $groups; + } + + /** + * Ge the list of attributes to fetch when reading the LDAP group entry + * + * Must returns array with index that start at 0 otherwise ldap_search returns a warning "Array initialization wrong" + * + * @access public + * @return array + */ + public function getAttributes() + { + return array_values(array_filter(array( + $this->getAttributeName(), + ))); + } + + /** + * Get LDAP group name attribute + * + * @access public + * @return string + */ + public function getAttributeName() + { + if (! LDAP_GROUP_ATTRIBUTE_NAME) { + throw new LogicException('LDAP full name attribute empty, check the parameter LDAP_GROUP_ATTRIBUTE_NAME'); + } + + return LDAP_GROUP_ATTRIBUTE_NAME; + } + + /** + * Get LDAP group base DN + * + * @access public + * @return string + */ + public function getBasDn() + { + if (! LDAP_GROUP_BASE_DN) { + throw new LogicException('LDAP group base DN empty, check the parameter LDAP_GROUP_BASE_DN'); + } + + return LDAP_GROUP_BASE_DN; + } +} diff --git a/app/Core/Ldap/Query.php b/app/Core/Ldap/Query.php new file mode 100644 index 00000000..e03495ec --- /dev/null +++ b/app/Core/Ldap/Query.php @@ -0,0 +1,87 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Query + * + * @package ldap + * @author Frederic Guillot + */ +class Query +{ + /** + * LDAP client + * + * @access protected + * @var Client + */ + protected $client = null; + + /** + * Query result + * + * @access protected + * @var array + */ + protected $entries = array(); + + /** + * Constructor + * + * @access public + * @param Client $client + */ + public function __construct(Client $client) + { + $this->client = $client; + } + + /** + * Execute query + * + * @access public + * @param string $baseDn + * @param string $filter + * @param array $attributes + * @return Query + */ + public function execute($baseDn, $filter, array $attributes) + { + $sr = ldap_search($this->client->getConnection(), $baseDn, $filter, $attributes); + if ($sr === false) { + return $this; + } + + $entries = ldap_get_entries($this->client->getConnection(), $sr); + if ($entries === false || count($entries) === 0 || $entries['count'] == 0) { + return $this; + } + + $this->entries = $entries; + + return $this; + } + + /** + * Return true if the query returned a result + * + * @access public + * @return boolean + */ + public function hasResult() + { + return ! empty($this->entries); + } + + /** + * Get LDAP Entries + * + * @access public + * @return Entities + */ + public function getEntries() + { + return new Entries($this->entries); + } +} diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php new file mode 100644 index 00000000..d36d6f34 --- /dev/null +++ b/app/Core/Ldap/User.php @@ -0,0 +1,224 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use LogicException; +use Kanboard\Core\Security\Role; +use Kanboard\User\LdapUserProvider; + +/** + * LDAP User Finder + * + * @package ldap + * @author Frederic Guillot + */ +class User +{ + /** + * Query + * + * @access protected + * @var Query + */ + protected $query; + + /** + * Constructor + * + * @access public + * @param Query $query + */ + public function __construct(Query $query) + { + $this->query = $query; + } + + /** + * Get user profile + * + * @static + * @access public + * @param Client $client + * @param string $username + * @return LdapUserProvider + */ + public static function getUser(Client $client, $username) + { + $className = get_called_class(); + $self = new $className(new Query($client)); + return $self->find($self->getLdapUserPattern($username)); + } + + /** + * Find user + * + * @access public + * @param string $query + * @return null|LdapUserProvider + */ + public function find($query) + { + $this->query->execute($this->getBasDn(), $query, $this->getAttributes()); + $user = null; + + if ($this->query->hasResult()) { + $user = $this->build(); + } + + return $user; + } + + /** + * Build user profile + * + * @access protected + * @return LdapUserProvider + */ + protected function build() + { + $entry = $this->query->getEntries()->getFirstEntry(); + $role = Role::APP_USER; + + if ($entry->hasValue($this->getAttributeGroup(), $this->getGroupAdminDn())) { + $role = Role::APP_ADMIN; + } elseif ($entry->hasValue($this->getAttributeGroup(), $this->getGroupManagerDn())) { + $role = Role::APP_MANAGER; + } + + return new LdapUserProvider( + $entry->getDn(), + $entry->getFirstValue($this->getAttributeUsername()), + $entry->getFirstValue($this->getAttributeName()), + $entry->getFirstValue($this->getAttributeEmail()), + $role, + $entry->getAll($this->getAttributeGroup()) + ); + } + + /** + * Ge the list of attributes to fetch when reading the LDAP user entry + * + * Must returns array with index that start at 0 otherwise ldap_search returns a warning "Array initialization wrong" + * + * @access public + * @return array + */ + public function getAttributes() + { + return array_values(array_filter(array( + $this->getAttributeUsername(), + $this->getAttributeName(), + $this->getAttributeEmail(), + $this->getAttributeGroup(), + ))); + } + + /** + * Get LDAP account id attribute + * + * @access public + * @return string + */ + public function getAttributeUsername() + { + if (! LDAP_USER_ATTRIBUTE_USERNAME) { + throw new LogicException('LDAP username attribute empty, check the parameter LDAP_USER_ATTRIBUTE_USERNAME'); + } + + return LDAP_USER_ATTRIBUTE_USERNAME; + } + + /** + * Get LDAP user name attribute + * + * @access public + * @return string + */ + public function getAttributeName() + { + if (! LDAP_USER_ATTRIBUTE_FULLNAME) { + throw new LogicException('LDAP full name attribute empty, check the parameter LDAP_USER_ATTRIBUTE_FULLNAME'); + } + + return LDAP_USER_ATTRIBUTE_FULLNAME; + } + + /** + * Get LDAP account email attribute + * + * @access public + * @return string + */ + public function getAttributeEmail() + { + if (! LDAP_USER_ATTRIBUTE_EMAIL) { + throw new LogicException('LDAP email attribute empty, check the parameter LDAP_USER_ATTRIBUTE_EMAIL'); + } + + return LDAP_USER_ATTRIBUTE_EMAIL; + } + + /** + * Get LDAP account memberof attribute + * + * @access public + * @return string + */ + public function getAttributeGroup() + { + return LDAP_USER_ATTRIBUTE_GROUPS; + } + + /** + * Get LDAP admin group DN + * + * @access public + * @return string + */ + public function getGroupAdminDn() + { + return LDAP_GROUP_ADMIN_DN; + } + + /** + * Get LDAP application manager group DN + * + * @access public + * @return string + */ + public function getGroupManagerDn() + { + return LDAP_GROUP_MANAGER_DN; + } + + /** + * Get LDAP user base DN + * + * @access public + * @return string + */ + public function getBasDn() + { + if (! LDAP_USER_BASE_DN) { + throw new LogicException('LDAP user base DN empty, check the parameter LDAP_USER_BASE_DN'); + } + + return LDAP_USER_BASE_DN; + } + + /** + * Get LDAP user pattern + * + * @access public + * @param string $username + * @return string + */ + public function getLdapUserPattern($username) + { + if (! LDAP_USER_FILTER) { + throw new LogicException('LDAP user filter empty, check the parameter LDAP_USER_FILTER'); + } + + return sprintf(LDAP_USER_FILTER, $username); + } +} diff --git a/app/Core/Lexer.php b/app/Core/Lexer.php index ca2ef895..df2d90ae 100644 --- a/app/Core/Lexer.php +++ b/app/Core/Lexer.php @@ -39,6 +39,7 @@ class Lexer "/^(swimlane:)/" => 'T_SWIMLANE', "/^(ref:)/" => 'T_REFERENCE', "/^(reference:)/" => 'T_REFERENCE', + "/^(link:)/" => 'T_LINK', "/^(\s+)/" => 'T_WHITESPACE', '/^([<=>]{0,2}[0-9]{4}-[0-9]{2}-[0-9]{2})/' => 'T_DATE', '/^(yesterday|tomorrow|today)/' => 'T_DATE', @@ -118,6 +119,7 @@ class Lexer case 'T_COLUMN': case 'T_PROJECT': case 'T_SWIMLANE': + case 'T_LINK': $next = next($tokens); if ($next !== false && $next['token'] === 'T_STRING') { diff --git a/app/Core/Mail/Client.php b/app/Core/Mail/Client.php index 52caef73..e1f31696 100644 --- a/app/Core/Mail/Client.php +++ b/app/Core/Mail/Client.php @@ -45,19 +45,21 @@ class Client extends Base */ public function send($email, $name, $subject, $html) { - $this->container['logger']->debug('Sending email to '.$email.' ('.MAIL_TRANSPORT.')'); + if (! empty($email)) { + $this->logger->debug('Sending email to '.$email.' ('.MAIL_TRANSPORT.')'); - $start_time = microtime(true); - $author = 'Kanboard'; + $start_time = microtime(true); + $author = 'Kanboard'; - if ($this->userSession->isLogged()) { - $author = e('%s via Kanboard', $this->user->getFullname($this->session['user'])); - } + if ($this->userSession->isLogged()) { + $author = e('%s via Kanboard', $this->helper->user->getFullname()); + } - $this->getTransport(MAIL_TRANSPORT)->sendEmail($email, $name, $subject, $html, $author); + $this->getTransport(MAIL_TRANSPORT)->sendEmail($email, $name, $subject, $html, $author); - if (DEBUG) { - $this->logger->debug('Email sent in '.round(microtime(true) - $start_time, 6).' seconds'); + if (DEBUG) { + $this->logger->debug('Email sent in '.round(microtime(true) - $start_time, 6).' seconds'); + } } return $this; diff --git a/app/Core/Mail/Transport/Mail.php b/app/Core/Mail/Transport/Mail.php index 4d833f8f..aff3ee20 100644 --- a/app/Core/Mail/Transport/Mail.php +++ b/app/Core/Mail/Transport/Mail.php @@ -46,7 +46,7 @@ class Mail extends Base implements ClientInterface * Get SwiftMailer transport * * @access protected - * @return \Swift_Transport + * @return \Swift_Transport|\Swift_MailTransport|\Swift_SmtpTransport|\Swift_SendmailTransport */ protected function getTransport() { diff --git a/app/Core/Mail/Transport/Sendmail.php b/app/Core/Mail/Transport/Sendmail.php index 849e3385..039be705 100644 --- a/app/Core/Mail/Transport/Sendmail.php +++ b/app/Core/Mail/Transport/Sendmail.php @@ -16,7 +16,7 @@ class Sendmail extends Mail * Get SwiftMailer transport * * @access protected - * @return \Swift_Transport + * @return \Swift_Transport|\Swift_MailTransport|\Swift_SmtpTransport|\Swift_SendmailTransport */ protected function getTransport() { diff --git a/app/Core/Mail/Transport/Smtp.php b/app/Core/Mail/Transport/Smtp.php index 757408ea..66f0a3aa 100644 --- a/app/Core/Mail/Transport/Smtp.php +++ b/app/Core/Mail/Transport/Smtp.php @@ -16,7 +16,7 @@ class Smtp extends Mail * Get SwiftMailer transport * * @access protected - * @return \Swift_Transport + * @return \Swift_Transport|\Swift_MailTransport|\Swift_SmtpTransport|\Swift_SendmailTransport */ protected function getTransport() { diff --git a/app/Core/Markdown.php b/app/Core/Markdown.php index f08c486a..827fd0df 100644 --- a/app/Core/Markdown.php +++ b/app/Core/Markdown.php @@ -3,7 +3,7 @@ namespace Kanboard\Core; use Parsedown; -use Kanboard\Helper\Url; +use Pimple\Container; /** * Specific Markdown rules for Kanboard @@ -14,22 +14,51 @@ use Kanboard\Helper\Url; */ class Markdown extends Parsedown { - private $link; - private $helper; + /** + * Link params for tasks + * + * @access private + * @var array + */ + private $link = array(); - public function __construct($link, Url $helper) + /** + * Container + * + * @access private + * @var Container + */ + private $container; + + /** + * Constructor + * + * @access public + * @param Container $container + * @param array $link + */ + public function __construct(Container $container, array $link) { $this->link = $link; - $this->helper = $helper; + $this->container = $container; $this->InlineTypes['#'][] = 'TaskLink'; - $this->inlineMarkerList .= '#'; + $this->InlineTypes['@'][] = 'UserLink'; + $this->inlineMarkerList .= '#@'; } - protected function inlineTaskLink($Excerpt) + /** + * Handle Task Links + * + * Replace "#123" by a link to the task + * + * @access public + * @param array $Excerpt + * @return array + */ + protected function inlineTaskLink(array $Excerpt) { - // Replace task #123 by a link to the task if (! empty($this->link) && preg_match('!#(\d+)!i', $Excerpt['text'], $matches)) { - $url = $this->helper->href( + $url = $this->container['helper']->url->href( $this->link['controller'], $this->link['action'], $this->link['params'] + array('task_id' => $matches[1]) @@ -40,7 +69,38 @@ class Markdown extends Parsedown 'element' => array( 'name' => 'a', 'text' => $matches[0], - 'attributes' => array('href' => $url))); + 'attributes' => array('href' => $url) + ), + ); + } + } + + /** + * Handle User Mentions + * + * Replace "@username" by a link to the user + * + * @access public + * @param array $Excerpt + * @return array + */ + protected function inlineUserLink(array $Excerpt) + { + if (preg_match('/^@([^\s]+)/', $Excerpt['text'], $matches)) { + $user_id = $this->container['user']->getIdByUsername($matches[1]); + + if (! empty($user_id)) { + $url = $this->container['helper']->url->href('user', 'profile', array('user_id' => $user_id)); + + return array( + 'extent' => strlen($matches[0]), + 'element' => array( + 'name' => 'a', + 'text' => $matches[0], + 'attributes' => array('href' => $url, 'class' => 'user-mention-link'), + ), + ); + } } } } diff --git a/app/Core/Plugin/Loader.php b/app/Core/Plugin/Loader.php index 4769e5cb..530d9b40 100644 --- a/app/Core/Plugin/Loader.php +++ b/app/Core/Plugin/Loader.php @@ -4,6 +4,7 @@ namespace Kanboard\Core\Plugin; use DirectoryIterator; use PDOException; +use LogicException; use RuntimeException; use Kanboard\Core\Tool; @@ -59,6 +60,11 @@ class Loader extends \Kanboard\Core\Base public function load($plugin) { $class = '\Kanboard\Plugin\\'.$plugin.'\\Plugin'; + + if (! class_exists($class)) { + throw new LogicException('Unable to load this plugin class '.$class); + } + $instance = new $class($this->container); Tool::buildDic($this->container, $instance->getClasses()); diff --git a/app/Core/Request.php b/app/Core/Request.php deleted file mode 100644 index 5eda2d02..00000000 --- a/app/Core/Request.php +++ /dev/null @@ -1,240 +0,0 @@ -<?php - -namespace Kanboard\Core; - -/** - * Request class - * - * @package core - * @author Frederic Guillot - */ -class Request -{ - /** - * Get URL string parameter - * - * @access public - * @param string $name Parameter name - * @param string $default_value Default value - * @return string - */ - public function getStringParam($name, $default_value = '') - { - return isset($_GET[$name]) ? $_GET[$name] : $default_value; - } - - /** - * Get URL integer parameter - * - * @access public - * @param string $name Parameter name - * @param integer $default_value Default value - * @return integer - */ - public function getIntegerParam($name, $default_value = 0) - { - return isset($_GET[$name]) && ctype_digit($_GET[$name]) ? (int) $_GET[$name] : $default_value; - } - - /** - * Get a form value - * - * @access public - * @param string $name Form field name - * @return string|null - */ - public function getValue($name) - { - $values = $this->getValues(); - return isset($values[$name]) ? $values[$name] : null; - } - - /** - * Get form values and check for CSRF token - * - * @access public - * @return array - */ - public function getValues() - { - if (! empty($_POST) && Security::validateCSRFFormToken($_POST)) { - return $_POST; - } - - return array(); - } - - /** - * Get the raw body of the HTTP request - * - * @access public - * @return string - */ - public function getBody() - { - return file_get_contents('php://input'); - } - - /** - * Get the Json request body - * - * @access public - * @return array - */ - public function getJson() - { - return json_decode($this->getBody(), true) ?: array(); - } - - /** - * Get the content of an uploaded file - * - * @access public - * @param string $name Form file name - * @return string - */ - public function getFileContent($name) - { - if (isset($_FILES[$name])) { - return file_get_contents($_FILES[$name]['tmp_name']); - } - - return ''; - } - - /** - * Get the path of an uploaded file - * - * @access public - * @param string $name Form file name - * @return string - */ - public function getFilePath($name) - { - return isset($_FILES[$name]['tmp_name']) ? $_FILES[$name]['tmp_name'] : ''; - } - - /** - * Return true if the HTTP request is sent with the POST method - * - * @access public - * @return bool - */ - public function isPost() - { - return isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST'; - } - - /** - * Return true if the HTTP request is an Ajax request - * - * @access public - * @return bool - */ - public function isAjax() - { - return $this->getHeader('X-Requested-With') === 'XMLHttpRequest'; - } - - /** - * Check if the page is requested through HTTPS - * - * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS - * - * @static - * @access public - * @return boolean - */ - public static function isHTTPS() - { - return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off'; - } - - /** - * Return a HTTP header value - * - * @access public - * @param string $name Header name - * @return string - */ - public function getHeader($name) - { - $name = 'HTTP_'.str_replace('-', '_', strtoupper($name)); - return isset($_SERVER[$name]) ? $_SERVER[$name] : ''; - } - - /** - * Returns current request's query string, useful for redirecting - * - * @access public - * @return string - */ - public function getQueryString() - { - return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; - } - - /** - * Returns uri - * - * @access public - * @return string - */ - public function getUri() - { - return isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; - } - - /** - * Get the user agent - * - * @static - * @access public - * @return string - */ - public static function getUserAgent() - { - return empty($_SERVER['HTTP_USER_AGENT']) ? t('Unknown') : $_SERVER['HTTP_USER_AGENT']; - } - - /** - * Get the real IP address of the user - * - * @static - * @access public - * @param bool $only_public Return only public IP address - * @return string - */ - public static function getIpAddress($only_public = false) - { - $keys = array( - 'HTTP_CLIENT_IP', - 'HTTP_X_FORWARDED_FOR', - 'HTTP_X_FORWARDED', - 'HTTP_X_CLUSTER_CLIENT_IP', - 'HTTP_FORWARDED_FOR', - 'HTTP_FORWARDED', - 'REMOTE_ADDR' - ); - - foreach ($keys as $key) { - if (isset($_SERVER[$key])) { - foreach (explode(',', $_SERVER[$key]) as $ip_address) { - $ip_address = trim($ip_address); - - if ($only_public) { - - // Return only public IP address - if (filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { - return $ip_address; - } - } else { - return $ip_address; - } - } - } - } - - return t('Unknown'); - } -} diff --git a/app/Core/Router.php b/app/Core/Router.php deleted file mode 100644 index 843f5139..00000000 --- a/app/Core/Router.php +++ /dev/null @@ -1,229 +0,0 @@ -<?php - -namespace Kanboard\Core; - -use RuntimeException; - -/** - * Router class - * - * @package core - * @author Frederic Guillot - */ -class Router extends Base -{ - /** - * Controller - * - * @access private - * @var string - */ - private $controller = ''; - - /** - * Action - * - * @access private - * @var string - */ - private $action = ''; - - /** - * Store routes for path lookup - * - * @access private - * @var array - */ - private $paths = array(); - - /** - * Store routes for url lookup - * - * @access private - * @var array - */ - private $urls = array(); - - /** - * Get action - * - * @access public - * @return string - */ - public function getAction() - { - return $this->action; - } - - /** - * Get controller - * - * @access public - * @return string - */ - public function getController() - { - return $this->controller; - } - - /** - * Get the path to compare patterns - * - * @access public - * @param string $uri - * @param string $query_string - * @return string - */ - public function getPath($uri, $query_string = '') - { - $path = substr($uri, strlen($this->helper->url->dir())); - - if (! empty($query_string)) { - $path = substr($path, 0, - strlen($query_string) - 1); - } - - if (! empty($path) && $path{0} === '/') { - $path = substr($path, 1); - } - - return $path; - } - - /** - * Add route - * - * @access public - * @param string $path - * @param string $controller - * @param string $action - * @param array $params - */ - public function addRoute($path, $controller, $action, array $params = array()) - { - $pattern = explode('/', $path); - - $this->paths[] = array( - 'pattern' => $pattern, - 'count' => count($pattern), - 'controller' => $controller, - 'action' => $action, - ); - - $this->urls[$controller][$action][] = array( - 'path' => $path, - 'params' => array_flip($params), - 'count' => count($params), - ); - } - - /** - * Find a route according to the given path - * - * @access public - * @param string $path - * @return array - */ - public function findRoute($path) - { - $parts = explode('/', $path); - $count = count($parts); - - foreach ($this->paths as $route) { - if ($count === $route['count']) { - $params = array(); - - for ($i = 0; $i < $count; $i++) { - if ($route['pattern'][$i]{0} === ':') { - $params[substr($route['pattern'][$i], 1)] = $parts[$i]; - } elseif ($route['pattern'][$i] !== $parts[$i]) { - break; - } - } - - if ($i === $count) { - $_GET = array_merge($_GET, $params); - return array($route['controller'], $route['action']); - } - } - } - - return array('app', 'index'); - } - - /** - * Find route url - * - * @access public - * @param string $controller - * @param string $action - * @param array $params - * @return string - */ - public function findUrl($controller, $action, array $params = array()) - { - if (! isset($this->urls[$controller][$action])) { - return ''; - } - - foreach ($this->urls[$controller][$action] as $pattern) { - if (array_diff_key($params, $pattern['params']) === array()) { - $url = $pattern['path']; - $i = 0; - - foreach ($params as $variable => $value) { - $url = str_replace(':'.$variable, $value, $url); - $i++; - } - - if ($i === $pattern['count']) { - return $url; - } - } - } - - return ''; - } - - /** - * Check controller and action parameter - * - * @access public - * @param string $value Controller or action name - * @param string $default_value Default value if validation fail - * @return string - */ - public function sanitize($value, $default_value) - { - return ! preg_match('/^[a-zA-Z_0-9]+$/', $value) ? $default_value : $value; - } - - /** - * Find controller/action from the route table or from get arguments - * - * @access public - * @param string $uri - * @param string $query_string - */ - public function dispatch($uri, $query_string = '') - { - if (! empty($_GET['controller']) && ! empty($_GET['action'])) { - $this->controller = $this->sanitize($_GET['controller'], 'app'); - $this->action = $this->sanitize($_GET['action'], 'index'); - $plugin = ! empty($_GET['plugin']) ? $this->sanitize($_GET['plugin'], '') : ''; - } else { - list($this->controller, $this->action) = $this->findRoute($this->getPath($uri, $query_string)); // TODO: add plugin for routes - $plugin = ''; - } - - $class = '\Kanboard\\'; - $class .= empty($plugin) ? 'Controller\\'.ucfirst($this->controller) : 'Plugin\\'.ucfirst($plugin).'\Controller\\'.ucfirst($this->controller); - - if (! class_exists($class) || ! method_exists($class, $this->action)) { - throw new RuntimeException('Controller or method not found for the given url!'); - } - - $instance = new $class($this->container); - $instance->beforeAction($this->controller, $this->action); - $instance->{$this->action}(); - } -} diff --git a/app/Core/Security.php b/app/Core/Security.php deleted file mode 100644 index 54207ee1..00000000 --- a/app/Core/Security.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php - -namespace Kanboard\Core; - -/** - * Security class - * - * @package core - * @author Frederic Guillot - */ -class Security -{ - /** - * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid() - * - * @static - * @access public - * @return string Random token - */ - public static function generateToken() - { - if (function_exists('openssl_random_pseudo_bytes')) { - return bin2hex(\openssl_random_pseudo_bytes(30)); - } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { - return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30)); - } - - return hash('sha256', uniqid(mt_rand(), true)); - } - - /** - * Generate and store a CSRF token in the current session - * - * @static - * @access public - * @return string Random token - */ - public static function getCSRFToken() - { - $nonce = self::generateToken(); - - if (empty($_SESSION['csrf_tokens'])) { - $_SESSION['csrf_tokens'] = array(); - } - - $_SESSION['csrf_tokens'][$nonce] = true; - - return $nonce; - } - - /** - * Check if the token exists for the current session (a token can be used only one time) - * - * @static - * @access public - * @param string $token CSRF token - * @return bool - */ - public static function validateCSRFToken($token) - { - if (isset($_SESSION['csrf_tokens'][$token])) { - unset($_SESSION['csrf_tokens'][$token]); - return true; - } - - return false; - } - - /** - * Check if the token used in a form is correct and then remove the value - * - * @static - * @access public - * @param array $values Form values - * @return bool - */ - public static function validateCSRFFormToken(array &$values) - { - if (! empty($values['csrf_token']) && self::validateCSRFToken($values['csrf_token'])) { - unset($values['csrf_token']); - return true; - } - - return false; - } -} diff --git a/app/Core/Security/AccessMap.php b/app/Core/Security/AccessMap.php new file mode 100644 index 00000000..f34c4b00 --- /dev/null +++ b/app/Core/Security/AccessMap.php @@ -0,0 +1,175 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Access Map Definition + * + * @package security + * @author Frederic Guillot + */ +class AccessMap +{ + /** + * Default role + * + * @access private + * @var string + */ + private $defaultRole = ''; + + /** + * Role hierarchy + * + * @access private + * @var array + */ + private $hierarchy = array(); + + /** + * Access map + * + * @access private + * @var array + */ + private $map = array(); + + /** + * Define the default role when nothing match + * + * @access public + * @param string $role + * @return Acl + */ + public function setDefaultRole($role) + { + $this->defaultRole = $role; + return $this; + } + + /** + * Define role hierarchy + * + * @access public + * @param string $role + * @param array $subroles + * @return Acl + */ + public function setRoleHierarchy($role, array $subroles) + { + foreach ($subroles as $subrole) { + if (isset($this->hierarchy[$subrole])) { + $this->hierarchy[$subrole][] = $role; + } else { + $this->hierarchy[$subrole] = array($role); + } + } + + return $this; + } + + /** + * Get computed role hierarchy + * + * @access public + * @param string $role + * @return array + */ + public function getRoleHierarchy($role) + { + $roles = array($role); + + if (isset($this->hierarchy[$role])) { + $roles = array_merge($roles, $this->hierarchy[$role]); + } + + return $roles; + } + + /** + * Get the highest role from a list + * + * @access public + * @param array $roles + * @return string + */ + public function getHighestRole(array $roles) + { + $rank = array(); + + foreach ($roles as $role) { + $rank[$role] = count($this->getRoleHierarchy($role)); + } + + asort($rank); + + return key($rank); + } + + /** + * Add new access rules + * + * @access public + * @param string $controller Controller class name + * @param mixed $methods List of method name or just one method + * @param string $role Lowest role required + * @return Acl + */ + public function add($controller, $methods, $role) + { + if (is_array($methods)) { + foreach ($methods as $method) { + $this->addRule($controller, $method, $role); + } + } else { + $this->addRule($controller, $methods, $role); + } + + return $this; + } + + /** + * Add new access rule + * + * @access private + * @param string $controller + * @param string $method + * @param string $role + * @return Acl + */ + private function addRule($controller, $method, $role) + { + $controller = strtolower($controller); + $method = strtolower($method); + + if (! isset($this->map[$controller])) { + $this->map[$controller] = array(); + } + + $this->map[$controller][$method] = $role; + + return $this; + } + + /** + * Get roles that match the given controller/method + * + * @access public + * @param string $controller + * @param string $method + * @return boolean + */ + public function getRoles($controller, $method) + { + $controller = strtolower($controller); + $method = strtolower($method); + + foreach (array($method, '*') as $key) { + if (isset($this->map[$controller][$key])) { + return $this->getRoleHierarchy($this->map[$controller][$key]); + } + } + + return $this->getRoleHierarchy($this->defaultRole); + } +} diff --git a/app/Core/Security/AuthenticationManager.php b/app/Core/Security/AuthenticationManager.php new file mode 100644 index 00000000..b1ba76cf --- /dev/null +++ b/app/Core/Security/AuthenticationManager.php @@ -0,0 +1,187 @@ +<?php + +namespace Kanboard\Core\Security; + +use LogicException; +use Kanboard\Core\Base; +use Kanboard\Event\AuthFailureEvent; +use Kanboard\Event\AuthSuccessEvent; + +/** + * Authentication Manager + * + * @package security + * @author Frederic Guillot + */ +class AuthenticationManager extends Base +{ + /** + * Event names + * + * @var string + */ + const EVENT_SUCCESS = 'auth.success'; + const EVENT_FAILURE = 'auth.failure'; + + /** + * List of authentication providers + * + * @access private + * @var array + */ + private $providers = array(); + + /** + * Register a new authentication provider + * + * @access public + * @param AuthenticationProviderInterface $provider + * @return AuthenticationManager + */ + public function register(AuthenticationProviderInterface $provider) + { + $this->providers[$provider->getName()] = $provider; + return $this; + } + + /** + * Register a new authentication provider + * + * @access public + * @param string $name + * @return AuthenticationProviderInterface|OAuthAuthenticationProviderInterface|PasswordAuthenticationProviderInterface|PreAuthenticationProviderInterface|OAuthAuthenticationProviderInterface + */ + public function getProvider($name) + { + if (! isset($this->providers[$name])) { + throw new LogicException('Authentication provider not found: '.$name); + } + + return $this->providers[$name]; + } + + /** + * Execute providers that are able to validate the current session + * + * @access public + * @return boolean + */ + public function checkCurrentSession() + { + if ($this->userSession->isLogged()) { + foreach ($this->filterProviders('SessionCheckProviderInterface') as $provider) { + if (! $provider->isValidSession()) { + $this->logger->debug('Invalidate session for '.$this->userSession->getUsername()); + $this->sessionStorage->flush(); + $this->preAuthentication(); + return false; + } + } + } + + return true; + } + + /** + * Execute pre-authentication providers + * + * @access public + * @return boolean + */ + public function preAuthentication() + { + foreach ($this->filterProviders('PreAuthenticationProviderInterface') as $provider) { + if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) { + $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName())); + return true; + } + } + + return false; + } + + /** + * Execute username/password authentication providers + * + * @access public + * @param string $username + * @param string $password + * @param boolean $fireEvent + * @return boolean + */ + public function passwordAuthentication($username, $password, $fireEvent = true) + { + foreach ($this->filterProviders('PasswordAuthenticationProviderInterface') as $provider) { + $provider->setUsername($username); + $provider->setPassword($password); + + if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) { + if ($fireEvent) { + $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName())); + } + + return true; + } + } + + if ($fireEvent) { + $this->dispatcher->dispatch(self::EVENT_FAILURE, new AuthFailureEvent($username)); + } + + return false; + } + + /** + * Perform OAuth2 authentication + * + * @access public + * @param string $name + * @return boolean + */ + public function oauthAuthentication($name) + { + $provider = $this->getProvider($name); + + if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) { + $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName())); + return true; + } + + $this->dispatcher->dispatch(self::EVENT_FAILURE, new AuthFailureEvent); + + return false; + } + + /** + * Get the last Post-Authentication provider + * + * @access public + * @return PostAuthenticationProviderInterface + */ + public function getPostAuthenticationProvider() + { + $providers = $this->filterProviders('PostAuthenticationProviderInterface'); + + if (empty($providers)) { + throw new LogicException('You must have at least one Post-Authentication Provider configured'); + } + + return array_pop($providers); + } + + /** + * Filter registered providers by interface type + * + * @access private + * @param string $interface + * @return array + */ + private function filterProviders($interface) + { + $interface = '\Kanboard\Core\Security\\'.$interface; + + return array_filter($this->providers, function(AuthenticationProviderInterface $provider) use ($interface) { + return is_a($provider, $interface); + }); + } +} diff --git a/app/Core/Security/AuthenticationProviderInterface.php b/app/Core/Security/AuthenticationProviderInterface.php new file mode 100644 index 00000000..828e272c --- /dev/null +++ b/app/Core/Security/AuthenticationProviderInterface.php @@ -0,0 +1,28 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Authentication Provider Interface + * + * @package security + * @author Frederic Guillot + */ +interface AuthenticationProviderInterface +{ + /** + * Get authentication provider name + * + * @access public + * @return string + */ + public function getName(); + + /** + * Authenticate the user + * + * @access public + * @return boolean + */ + public function authenticate(); +} diff --git a/app/Core/Security/Authorization.php b/app/Core/Security/Authorization.php new file mode 100644 index 00000000..980db048 --- /dev/null +++ b/app/Core/Security/Authorization.php @@ -0,0 +1,46 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Authorization Handler + * + * @package security + * @author Frederic Guillot + */ +class Authorization +{ + /** + * Access Map + * + * @access private + * @var AccessMap + */ + private $accessMap; + + /** + * Constructor + * + * @access public + * @param AccessMap $accessMap + */ + public function __construct(AccessMap $accessMap) + { + $this->accessMap = $accessMap; + } + + /** + * Check if the given role is allowed to access to the specified resource + * + * @access public + * @param string $controller + * @param string $method + * @param string $role + * @return boolean + */ + public function isAllowed($controller, $method, $role) + { + $roles = $this->accessMap->getRoles($controller, $method); + return in_array($role, $roles); + } +} diff --git a/app/Core/Security/OAuthAuthenticationProviderInterface.php b/app/Core/Security/OAuthAuthenticationProviderInterface.php new file mode 100644 index 00000000..c32339e0 --- /dev/null +++ b/app/Core/Security/OAuthAuthenticationProviderInterface.php @@ -0,0 +1,46 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * OAuth2 Authentication Provider Interface + * + * @package security + * @author Frederic Guillot + */ +interface OAuthAuthenticationProviderInterface extends AuthenticationProviderInterface +{ + /** + * Get user object + * + * @access public + * @return UserProviderInterface + */ + public function getUser(); + + /** + * Unlink user + * + * @access public + * @param integer $userId + * @return bool + */ + public function unlink($userId); + + /** + * Get configured OAuth2 service + * + * @access public + * @return Kanboard\Core\Http\OAuth2 + */ + public function getService(); + + /** + * Set OAuth2 code + * + * @access public + * @param string $code + * @return OAuthAuthenticationProviderInterface + */ + public function setCode($code); +} diff --git a/app/Core/Security/PasswordAuthenticationProviderInterface.php b/app/Core/Security/PasswordAuthenticationProviderInterface.php new file mode 100644 index 00000000..918a4aec --- /dev/null +++ b/app/Core/Security/PasswordAuthenticationProviderInterface.php @@ -0,0 +1,36 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Password Authentication Provider Interface + * + * @package security + * @author Frederic Guillot + */ +interface PasswordAuthenticationProviderInterface extends AuthenticationProviderInterface +{ + /** + * Get user object + * + * @access public + * @return UserProviderInterface + */ + public function getUser(); + + /** + * Set username + * + * @access public + * @param string $username + */ + public function setUsername($username); + + /** + * Set password + * + * @access public + * @param string $password + */ + public function setPassword($password); +} diff --git a/app/Core/Security/PostAuthenticationProviderInterface.php b/app/Core/Security/PostAuthenticationProviderInterface.php new file mode 100644 index 00000000..3f628bb0 --- /dev/null +++ b/app/Core/Security/PostAuthenticationProviderInterface.php @@ -0,0 +1,69 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Post Authentication Provider Interface + * + * @package security + * @author Frederic Guillot + */ +interface PostAuthenticationProviderInterface extends AuthenticationProviderInterface +{ + /** + * Called only one time before to prompt the user for pin code + * + * @access public + */ + public function beforeCode(); + + /** + * Set user pin-code + * + * @access public + * @param string $code + */ + public function setCode($code); + + /** + * Generate secret if necessary + * + * @access public + * @return string + */ + public function generateSecret(); + + /** + * Set secret token (fetched from user profile) + * + * @access public + * @param string $secret + */ + public function setSecret($secret); + + /** + * Get secret token (will be saved in user profile) + * + * @access public + * @return string + */ + public function getSecret(); + + /** + * Get QR code url (empty if no QR can be provided) + * + * @access public + * @param string $label + * @return string + */ + public function getQrCodeUrl($label); + + /** + * Get key url (empty if no url can be provided) + * + * @access public + * @param string $label + * @return string + */ + public function getKeyUrl($label); +} diff --git a/app/Core/Security/PreAuthenticationProviderInterface.php b/app/Core/Security/PreAuthenticationProviderInterface.php new file mode 100644 index 00000000..391e8d0f --- /dev/null +++ b/app/Core/Security/PreAuthenticationProviderInterface.php @@ -0,0 +1,20 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Pre-Authentication Provider Interface + * + * @package security + * @author Frederic Guillot + */ +interface PreAuthenticationProviderInterface extends AuthenticationProviderInterface +{ + /** + * Get user object + * + * @access public + * @return UserProviderInterface + */ + public function getUser(); +} diff --git a/app/Core/Security/Role.php b/app/Core/Security/Role.php new file mode 100644 index 00000000..cb45a8af --- /dev/null +++ b/app/Core/Security/Role.php @@ -0,0 +1,64 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Role Definitions + * + * @package security + * @author Frederic Guillot + */ +class Role +{ + const APP_ADMIN = 'app-admin'; + const APP_MANAGER = 'app-manager'; + const APP_USER = 'app-user'; + const APP_PUBLIC = 'app-public'; + + const PROJECT_MANAGER = 'project-manager'; + const PROJECT_MEMBER = 'project-member'; + const PROJECT_VIEWER = 'project-viewer'; + + /** + * Get application roles + * + * @access public + * @return array + */ + public function getApplicationRoles() + { + return array( + self::APP_ADMIN => t('Administrator'), + self::APP_MANAGER => t('Manager'), + self::APP_USER => t('User'), + ); + } + + /** + * Get project roles + * + * @access public + * @return array + */ + public function getProjectRoles() + { + return array( + self::PROJECT_MANAGER => t('Project Manager'), + self::PROJECT_MEMBER => t('Project Member'), + self::PROJECT_VIEWER => t('Project Viewer'), + ); + } + + /** + * Get role name + * + * @access public + * @param string $role + * @return string + */ + public function getRoleName($role) + { + $roles = $this->getApplicationRoles() + $this->getProjectRoles(); + return isset($roles[$role]) ? $roles[$role] : t('Unknown'); + } +} diff --git a/app/Core/Security/SessionCheckProviderInterface.php b/app/Core/Security/SessionCheckProviderInterface.php new file mode 100644 index 00000000..232fe1db --- /dev/null +++ b/app/Core/Security/SessionCheckProviderInterface.php @@ -0,0 +1,20 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Session Check Provider Interface + * + * @package security + * @author Frederic Guillot + */ +interface SessionCheckProviderInterface +{ + /** + * Check if the user session is valid + * + * @access public + * @return boolean + */ + public function isValidSession(); +} diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php new file mode 100644 index 00000000..cbd784a8 --- /dev/null +++ b/app/Core/Security/Token.php @@ -0,0 +1,61 @@ +<?php + +namespace Kanboard\Core\Security; + +use Kanboard\Core\Base; + +/** + * Token Handler + * + * @package security + * @author Frederic Guillot + */ +class Token extends Base +{ + /** + * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid() + * + * @static + * @access public + * @return string Random token + */ + public static function getToken() + { + return bin2hex(random_bytes(30)); + } + + /** + * Generate and store a CSRF token in the current session + * + * @access public + * @return string Random token + */ + public function getCSRFToken() + { + if (! isset($this->sessionStorage->csrf)) { + $this->sessionStorage->csrf = array(); + } + + $nonce = self::getToken(); + $this->sessionStorage->csrf[$nonce] = true; + + return $nonce; + } + + /** + * Check if the token exists for the current session (a token can be used only one time) + * + * @access public + * @param string $token CSRF token + * @return bool + */ + public function validateCSRFToken($token) + { + if (isset($this->sessionStorage->csrf[$token])) { + unset($this->sessionStorage->csrf[$token]); + return true; + } + + return false; + } +} diff --git a/app/Core/Session.php b/app/Core/Session.php deleted file mode 100644 index a93131c7..00000000 --- a/app/Core/Session.php +++ /dev/null @@ -1,143 +0,0 @@ -<?php - -namespace Kanboard\Core; - -use ArrayAccess; - -/** - * Session class - * - * @package core - * @author Frederic Guillot - */ -class Session implements ArrayAccess -{ - /** - * Return true if the session is open - * - * @static - * @access public - * @return boolean - */ - public static function isOpen() - { - return session_id() !== ''; - } - - /** - * Open a session - * - * @access public - * @param string $base_path Cookie path - */ - public function open($base_path = '/') - { - // HttpOnly and secure flags for session cookie - session_set_cookie_params( - SESSION_DURATION, - $base_path ?: '/', - null, - Request::isHTTPS(), - true - ); - - // Avoid session id in the URL - ini_set('session.use_only_cookies', '1'); - - // Enable strict mode - if (version_compare(PHP_VERSION, '7.0.0') < 0) { - ini_set('session.use_strict_mode', '1'); - } - - // Ensure session ID integrity - ini_set('session.entropy_file', '/dev/urandom'); - ini_set('session.entropy_length', '32'); - ini_set('session.hash_bits_per_character', 6); - - // If the session was autostarted with session.auto_start = 1 in php.ini destroy it - if (isset($_SESSION)) { - session_destroy(); - } - - // Custom session name - session_name('__S'); - - // Start the session - session_start(); - - // Regenerate the session id to avoid session fixation issue - if (empty($_SESSION['__validated'])) { - session_regenerate_id(true); - $_SESSION['__validated'] = 1; - } - } - - /** - * Destroy the session - * - * @access public - */ - public function close() - { - // Flush all sessions variables - $_SESSION = array(); - - // Destroy the session cookie - $params = session_get_cookie_params(); - - setcookie( - session_name(), - '', - time() - 42000, - $params['path'], - $params['domain'], - $params['secure'], - $params['httponly'] - ); - - // Destroy session data - session_destroy(); - } - - /** - * Register a flash message (success notification) - * - * @access public - * @param string $message Message - */ - public function flash($message) - { - $_SESSION['flash_message'] = $message; - } - - /** - * Register a flash error message (error notification) - * - * @access public - * @param string $message Message - */ - public function flashError($message) - { - $_SESSION['flash_error_message'] = $message; - } - - public function offsetSet($offset, $value) - { - $_SESSION[$offset] = $value; - } - - public function offsetExists($offset) - { - return isset($_SESSION[$offset]); - } - - public function offsetUnset($offset) - { - unset($_SESSION[$offset]); - } - - public function offsetGet($offset) - { - return isset($_SESSION[$offset]) ? $_SESSION[$offset] : null; - } -} diff --git a/app/Core/Session/FlashMessage.php b/app/Core/Session/FlashMessage.php new file mode 100644 index 00000000..e02d056d --- /dev/null +++ b/app/Core/Session/FlashMessage.php @@ -0,0 +1,71 @@ +<?php + +namespace Kanboard\Core\Session; + +use Kanboard\Core\Base; + +/** + * Session Flash Message + * + * @package session + * @author Frederic Guillot + */ +class FlashMessage extends Base +{ + /** + * Add success message + * + * @access public + * @param string $message + */ + public function success($message) + { + $this->setMessage('success', $message); + } + + /** + * Add failure message + * + * @access public + * @param string $message + */ + public function failure($message) + { + $this->setMessage('failure', $message); + } + + /** + * Add new flash message + * + * @access public + * @param string $key + * @param string $message + */ + public function setMessage($key, $message) + { + if (! isset($this->sessionStorage->flash)) { + $this->sessionStorage->flash = array(); + } + + $this->sessionStorage->flash[$key] = $message; + } + + /** + * Get flash message + * + * @access public + * @param string $key + * @return string + */ + public function getMessage($key) + { + $message = ''; + + if (isset($this->sessionStorage->flash[$key])) { + $message = $this->sessionStorage->flash[$key]; + unset($this->sessionStorage->flash[$key]); + } + + return $message; + } +} diff --git a/app/Core/Session/SessionManager.php b/app/Core/Session/SessionManager.php new file mode 100644 index 00000000..4f9f2c0a --- /dev/null +++ b/app/Core/Session/SessionManager.php @@ -0,0 +1,110 @@ +<?php + +namespace Kanboard\Core\Session; + +use Kanboard\Core\Base; + +/** + * Session Manager + * + * @package session + * @author Frederic Guillot + */ +class SessionManager extends Base +{ + /** + * Event names + * + * @var string + */ + const EVENT_DESTROY = 'session.destroy'; + + /** + * Return true if the session is open + * + * @static + * @access public + * @return boolean + */ + public static function isOpen() + { + return session_id() !== ''; + } + + /** + * Create a new session + * + * @access public + */ + public function open() + { + $this->configure(); + + if (ini_get('session.auto_start') == 1) { + session_destroy(); + } + + session_name('KB_SID'); + session_start(); + + $this->sessionStorage->setStorage($_SESSION); + } + + /** + * Destroy the session + * + * @access public + */ + public function close() + { + $this->dispatcher->dispatch(self::EVENT_DESTROY); + + // Destroy the session cookie + $params = session_get_cookie_params(); + + setcookie( + session_name(), + '', + time() - 42000, + $params['path'], + $params['domain'], + $params['secure'], + $params['httponly'] + ); + + session_unset(); + session_destroy(); + } + + /** + * Define session settings + * + * @access private + */ + private function configure() + { + // Session cookie: HttpOnly and secure flags + session_set_cookie_params( + SESSION_DURATION, + $this->helper->url->dir() ?: '/', + null, + $this->request->isHTTPS(), + true + ); + + // Avoid session id in the URL + ini_set('session.use_only_cookies', '1'); + ini_set('session.use_trans_sid', '0'); + + // Enable strict mode + ini_set('session.use_strict_mode', '1'); + + // Better session hash + ini_set('session.hash_function', '1'); // 'sha512' is not compatible with FreeBSD, only MD5 '0' and SHA-1 '1' seems to work + ini_set('session.hash_bits_per_character', 6); + + // Set an additional entropy + ini_set('session.entropy_file', '/dev/urandom'); + ini_set('session.entropy_length', '256'); + } +} diff --git a/app/Core/Session/SessionStorage.php b/app/Core/Session/SessionStorage.php new file mode 100644 index 00000000..667d9253 --- /dev/null +++ b/app/Core/Session/SessionStorage.php @@ -0,0 +1,89 @@ +<?php + +namespace Kanboard\Core\Session; + +/** + * Session Storage + * + * @package session + * @author Frederic Guillot + * + * @property array $user + * @property array $flash + * @property array $csrf + * @property array $postAuthenticationValidated + * @property array $filters + * @property string $redirectAfterLogin + * @property string $captcha + * @property string $commentSorting + * @property bool $hasSubtaskInProgress + * @property bool $hasRememberMe + * @property bool $boardCollapsed + * @property bool $twoFactorBeforeCodeCalled + * @property string $twoFactorSecret + */ +class SessionStorage +{ + /** + * Pointer to external storage + * + * @access private + * @var array + */ + private $storage = array(); + + /** + * Set external storage + * + * @access public + * @param array $storage External session storage (example: $_SESSION) + */ + public function setStorage(array &$storage) + { + $this->storage =& $storage; + + // Load dynamically existing session variables into object properties + foreach ($storage as $key => $value) { + $this->$key = $value; + } + } + + /** + * Get all session variables + * + * @access public + * @return array + */ + public function getAll() + { + $session = get_object_vars($this); + unset($session['storage']); + + return $session; + } + + /** + * Flush session data + * + * @access public + */ + public function flush() + { + $session = get_object_vars($this); + unset($session['storage']); + + foreach (array_keys($session) as $property) { + unset($this->$property); + } + } + + /** + * Copy class properties to external storage + * + * @access public + */ + public function __destruct() + { + $this->storage = $this->getAll(); + } +} diff --git a/app/Core/Template.php b/app/Core/Template.php index ce2884a7..8ded6f7c 100644 --- a/app/Core/Template.php +++ b/app/Core/Template.php @@ -19,6 +19,50 @@ class Template extends Helper private $overrides = array(); /** + * Rendering start time + * + * @access private + * @var float + */ + private $startTime = 0; + + /** + * Total rendering time + * + * @access private + * @var float + */ + private $renderingTime = 0; + + /** + * Method executed before the rendering + * + * @access protected + * @param string $template + */ + protected function beforeRender($template) + { + if (DEBUG) { + $this->startTime = microtime(true); + } + } + + /** + * Method executed after the rendering + * + * @access protected + * @param string $template + */ + protected function afterRender($template) + { + if (DEBUG) { + $duration = microtime(true) - $this->startTime; + $this->renderingTime += $duration; + $this->container['logger']->debug('Rendering '.$template.' in '.$duration.'s, total='.$this->renderingTime); + } + } + + /** * Render a template * * Example: @@ -32,11 +76,16 @@ class Template extends Helper */ public function render($__template_name, array $__template_args = array()) { - extract($__template_args); + $this->beforeRender($__template_name); + extract($__template_args); ob_start(); include $this->getTemplateFile($__template_name); - return ob_get_clean(); + $html = ob_get_clean(); + + $this->afterRender($__template_name); + + return $html; } /** diff --git a/app/Core/Tool.php b/app/Core/Tool.php index 247fda1a..edd2e609 100644 --- a/app/Core/Tool.php +++ b/app/Core/Tool.php @@ -39,6 +39,7 @@ class Tool * @access public * @param Container $container * @param array $namespaces + * @return Container */ public static function buildDIC(Container $container, array $namespaces) { @@ -50,6 +51,8 @@ class Tool }; } } + + return $container; } /** diff --git a/app/Core/Translator.php b/app/Core/Translator.php index 96a481f6..113c0dc6 100644 --- a/app/Core/Translator.php +++ b/app/Core/Translator.php @@ -147,32 +147,6 @@ class Translator } /** - * Get a formatted datetime - * - * $translator->datetime('%Y-%m-%d', time()); - * - * @access public - * @param string $format Format defined by the strftime function - * @param integer $timestamp Unix timestamp - * @return string - */ - public function datetime($format, $timestamp) - { - if (! $timestamp) { - return ''; - } - - $format = $this->get($format, $format); - - if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { - $format = str_replace('%e', '%d', $format); - $format = str_replace('%k', '%H', $format); - } - - return strftime($format, (int) $timestamp); - } - - /** * Get an identifier from the translations or return the default * * @access public @@ -199,8 +173,6 @@ class Translator */ public static function load($language, $path = self::PATH) { - setlocale(LC_TIME, $language.'.UTF-8', $language); - $filename = $path.DIRECTORY_SEPARATOR.$language.DIRECTORY_SEPARATOR.'translations.php'; if (file_exists($filename)) { diff --git a/app/Core/User/GroupSync.php b/app/Core/User/GroupSync.php new file mode 100644 index 00000000..573acd47 --- /dev/null +++ b/app/Core/User/GroupSync.php @@ -0,0 +1,32 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; + +/** + * Group Synchronization + * + * @package user + * @author Frederic Guillot + */ +class GroupSync extends Base +{ + /** + * Synchronize group membership + * + * @access public + * @param integer $userId + * @param array $groupIds + */ + public function synchronize($userId, array $groupIds) + { + foreach ($groupIds as $groupId) { + $group = $this->group->getByExternalId($groupId); + + if (! empty($group) && ! $this->groupMember->isMember($group['id'], $userId)) { + $this->groupMember->addUser($group['id'], $userId); + } + } + } +} diff --git a/app/Core/User/UserProfile.php b/app/Core/User/UserProfile.php new file mode 100644 index 00000000..ef325801 --- /dev/null +++ b/app/Core/User/UserProfile.php @@ -0,0 +1,62 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; + +/** + * User Profile + * + * @package user + * @author Frederic Guillot + */ +class UserProfile extends Base +{ + /** + * Assign provider data to the local user + * + * @access public + * @param integer $userId + * @param UserProviderInterface $user + * @return boolean + */ + public function assign($userId, UserProviderInterface $user) + { + $profile = $this->user->getById($userId); + + $values = UserProperty::filterProperties($profile, UserProperty::getProperties($user)); + $values['id'] = $userId; + + if ($this->user->update($values)) { + $profile = array_merge($profile, $values); + $this->userSession->initialize($profile); + return true; + } + + return false; + } + + /** + * Synchronize user properties with the local database and create the user session + * + * @access public + * @param UserProviderInterface $user + * @return boolean + */ + public function initialize(UserProviderInterface $user) + { + if ($user->getInternalId()) { + $profile = $this->user->getById($user->getInternalId()); + } elseif ($user->getExternalIdColumn() && $user->getExternalId()) { + $profile = $this->userSync->synchronize($user); + $this->groupSync->synchronize($profile['id'], $user->getExternalGroupIds()); + } + + if (! empty($profile) && $profile['is_active'] == 1) { + $this->userSession->initialize($profile); + return true; + } + + return false; + } +} diff --git a/app/Core/User/UserProperty.php b/app/Core/User/UserProperty.php new file mode 100644 index 00000000..f8b08a3d --- /dev/null +++ b/app/Core/User/UserProperty.php @@ -0,0 +1,70 @@ +<?php + +namespace Kanboard\Core\User; + +/** + * User Property + * + * @package user + * @author Frederic Guillot + */ +class UserProperty +{ + /** + * Get filtered user properties from user provider + * + * @static + * @access public + * @param UserProviderInterface $user + * @return array + */ + public static function getProperties(UserProviderInterface $user) + { + $properties = array( + 'username' => $user->getUsername(), + 'name' => $user->getName(), + 'email' => $user->getEmail(), + 'role' => $user->getRole(), + $user->getExternalIdColumn() => $user->getExternalId(), + ); + + $properties = array_merge($properties, $user->getExtraAttributes()); + + return array_filter($properties, array(__NAMESPACE__.'\UserProperty', 'isNotEmptyValue')); + } + + /** + * Filter user properties compared to existing user profile + * + * @static + * @access public + * @param array $profile + * @param array $properties + * @return array + */ + public static function filterProperties(array $profile, array $properties) + { + $values = array(); + + foreach ($properties as $property => $value) { + if (array_key_exists($property, $profile) && ! self::isNotEmptyValue($profile[$property])) { + $values[$property] = $value; + } + } + + return $values; + } + + /** + * Check if a value is not empty + * + * @static + * @access public + * @param string $value + * @return boolean + */ + public static function isNotEmptyValue($value) + { + return $value !== null && $value !== ''; + } +} diff --git a/app/Core/User/UserProviderInterface.php b/app/Core/User/UserProviderInterface.php new file mode 100644 index 00000000..07e01f42 --- /dev/null +++ b/app/Core/User/UserProviderInterface.php @@ -0,0 +1,103 @@ +<?php + +namespace Kanboard\Core\User; + +/** + * User Provider Interface + * + * @package user + * @author Frederic Guillot + */ +interface UserProviderInterface +{ + /** + * Return true to allow automatic user creation + * + * @access public + * @return boolean + */ + public function isUserCreationAllowed(); + + /** + * Get external id column name + * + * Example: google_id, github_id, gitlab_id... + * + * @access public + * @return string + */ + public function getExternalIdColumn(); + + /** + * Get internal id + * + * If a value is returned the user properties won't be updated in the local database + * + * @access public + * @return integer + */ + public function getInternalId(); + + /** + * Get external id + * + * @access public + * @return string + */ + public function getExternalId(); + + /** + * Get user role + * + * Return an empty string to not override role stored in the database + * + * @access public + * @return string + */ + public function getRole(); + + /** + * Get username + * + * @access public + * @return string + */ + public function getUsername(); + + /** + * Get user full name + * + * @access public + * @return string + */ + public function getName(); + + /** + * Get user email + * + * @access public + * @return string + */ + public function getEmail(); + + /** + * Get external group ids + * + * A synchronization is done at login time, + * the user will be member of those groups if they exists in the database + * + * @access public + * @return string[] + */ + public function getExternalGroupIds(); + + /** + * Get extra user attributes + * + * Example: is_ldap_user, disable_login_form, notifications_enabled... + * + * @access public + * @return array + */ + public function getExtraAttributes(); +} diff --git a/app/Core/User/UserSession.php b/app/Core/User/UserSession.php new file mode 100644 index 00000000..534e5192 --- /dev/null +++ b/app/Core/User/UserSession.php @@ -0,0 +1,204 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; +use Kanboard\Core\Security\Role; + +/** + * User Session + * + * @package user + * @author Frederic Guillot + */ +class UserSession extends Base +{ + /** + * Update user session + * + * @access public + * @param array $user + */ + public function initialize(array $user) + { + foreach (array('password', 'is_admin', 'is_project_admin', 'twofactor_secret') as $column) { + if (isset($user[$column])) { + unset($user[$column]); + } + } + + $user['id'] = (int) $user['id']; + $user['is_ldap_user'] = isset($user['is_ldap_user']) ? (bool) $user['is_ldap_user'] : false; + $user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false; + + $this->sessionStorage->user = $user; + $this->sessionStorage->postAuthenticationValidated = false; + } + + /** + * Get user application role + * + * @access public + * @return string + */ + public function getRole() + { + return $this->sessionStorage->user['role']; + } + + /** + * Return true if the user has validated the 2FA key + * + * @access public + * @return bool + */ + public function isPostAuthenticationValidated() + { + return isset($this->sessionStorage->postAuthenticationValidated) && $this->sessionStorage->postAuthenticationValidated === true; + } + + /** + * Validate 2FA for the current session + * + * @access public + */ + public function validatePostAuthentication() + { + $this->sessionStorage->postAuthenticationValidated = true; + } + + /** + * Return true if the user has 2FA enabled + * + * @access public + * @return bool + */ + public function hasPostAuthentication() + { + return isset($this->sessionStorage->user['twofactor_activated']) && $this->sessionStorage->user['twofactor_activated'] === true; + } + + /** + * Disable 2FA for the current session + * + * @access public + */ + public function disablePostAuthentication() + { + $this->sessionStorage->user['twofactor_activated'] = false; + } + + /** + * Return true if the logged user is admin + * + * @access public + * @return bool + */ + public function isAdmin() + { + return isset($this->sessionStorage->user['role']) && $this->sessionStorage->user['role'] === Role::APP_ADMIN; + } + + /** + * Get the connected user id + * + * @access public + * @return integer + */ + public function getId() + { + return isset($this->sessionStorage->user['id']) ? (int) $this->sessionStorage->user['id'] : 0; + } + + /** + * Get username + * + * @access public + * @return string + */ + public function getUsername() + { + return isset($this->sessionStorage->user['username']) ? $this->sessionStorage->user['username'] : ''; + } + + /** + * Check is the user is connected + * + * @access public + * @return bool + */ + public function isLogged() + { + return isset($this->sessionStorage->user) && ! empty($this->sessionStorage->user); + } + + /** + * Get project filters from the session + * + * @access public + * @param integer $project_id + * @return string + */ + public function getFilters($project_id) + { + return ! empty($this->sessionStorage->filters[$project_id]) ? $this->sessionStorage->filters[$project_id] : 'status:open'; + } + + /** + * Save project filters in the session + * + * @access public + * @param integer $project_id + * @param string $filters + */ + public function setFilters($project_id, $filters) + { + $this->sessionStorage->filters[$project_id] = $filters; + } + + /** + * Is board collapsed or expanded + * + * @access public + * @param integer $project_id + * @return boolean + */ + public function isBoardCollapsed($project_id) + { + return ! empty($this->sessionStorage->boardCollapsed[$project_id]) ? $this->sessionStorage->boardCollapsed[$project_id] : false; + } + + /** + * Set board display mode + * + * @access public + * @param integer $project_id + * @param boolean $is_collapsed + */ + public function setBoardDisplayMode($project_id, $is_collapsed) + { + $this->sessionStorage->boardCollapsed[$project_id] = $is_collapsed; + } + + /** + * Set comments sorting + * + * @access public + * @param string $order + */ + public function setCommentSorting($order) + { + $this->sessionStorage->commentSorting = $order; + } + + /** + * Get comments sorting direction + * + * @access public + * @return string + */ + public function getCommentSorting() + { + return empty($this->sessionStorage->commentSorting) ? 'ASC' : $this->sessionStorage->commentSorting; + } +} diff --git a/app/Core/User/UserSync.php b/app/Core/User/UserSync.php new file mode 100644 index 00000000..d450a0bd --- /dev/null +++ b/app/Core/User/UserSync.php @@ -0,0 +1,76 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; + +/** + * User Synchronization + * + * @package user + * @author Frederic Guillot + */ +class UserSync extends Base +{ + /** + * Synchronize user profile + * + * @access public + * @param UserProviderInterface $user + * @return array + */ + public function synchronize(UserProviderInterface $user) + { + $profile = $this->user->getByExternalId($user->getExternalIdColumn(), $user->getExternalId()); + $properties = UserProperty::getProperties($user); + + if (! empty($profile)) { + $profile = $this->updateUser($profile, $properties); + } elseif ($user->isUserCreationAllowed()) { + $profile = $this->createUser($user, $properties); + } + + return $profile; + } + + /** + * Update user profile + * + * @access public + * @param array $profile + * @param array $properties + * @return array + */ + private function updateUser(array $profile, array $properties) + { + $values = UserProperty::filterProperties($profile, $properties); + + if (! empty($values)) { + $values['id'] = $profile['id']; + $result = $this->user->update($values); + return $result ? array_merge($profile, $properties) : $profile; + } + + return $profile; + } + + /** + * Create user + * + * @access public + * @param UserProviderInterface $user + * @param array $properties + * @return array + */ + private function createUser(UserProviderInterface $user, array $properties) + { + $id = $this->user->create($properties); + + if ($id === false) { + $this->logger->error('Unable to create user profile: '.$user->getExternalId()); + return array(); + } + + return $this->user->getById($id); + } +} |