diff options
Diffstat (limited to 'app/Core')
62 files changed, 4209 insertions, 902 deletions
| diff --git a/app/Core/Action/ActionManager.php b/app/Core/Action/ActionManager.php new file mode 100644 index 00000000..f1ea8abe --- /dev/null +++ b/app/Core/Action/ActionManager.php @@ -0,0 +1,142 @@ +<?php + +namespace Kanboard\Core\Action; + +use RuntimeException; +use Kanboard\Core\Base; +use Kanboard\Action\Base as ActionBase; + +/** + * Action Manager + * + * @package  action + * @author   Frederic Guillot + */ +class ActionManager extends Base +{ +    /** +     * List of automatic actions +     * +     * @access private +     * @var array +     */ +    private $actions = array(); + +    /** +     * Register a new automatic action +     * +     * @access public +     * @param  ActionBase $action +     * @return ActionManager +     */ +    public function register(ActionBase $action) +    { +        $this->actions[$action->getName()] = $action; +        return $this; +    } + +    /** +     * Get automatic action instance +     * +     * @access public +     * @param  string  $name  Absolute class name with namespace +     * @return ActionBase +     */ +    public function getAction($name) +    { +        if (isset($this->actions[$name])) { +            return $this->actions[$name]; +        } + +        throw new RuntimeException('Automatic Action Not Found: '.$name); +    } + +    /** +     * Get available automatic actions +     * +     * @access public +     * @return array +     */ +    public function getAvailableActions() +    { +        $actions = array(); + +        foreach ($this->actions as $action) { +            if (count($action->getEvents()) > 0) { +                $actions[$action->getName()] = $action->getDescription(); +            } +        } + +        asort($actions); + +        return $actions; +    } + +    /** +     * Get all available action parameters +     * +     * @access public +     * @param  array  $actions +     * @return array +     */ +    public function getAvailableParameters(array $actions) +    { +        $params = array(); + +        foreach ($actions as $action) { +            $currentAction = $this->getAction($action['action_name']); +            $params[$currentAction->getName()] = $currentAction->getActionRequiredParameters(); +        } + +        return $params; +    } + +    /** +     * Get list of compatible events for a given action +     * +     * @access public +     * @param  string $name +     * @return array +     */ +    public function getCompatibleEvents($name) +    { +        $events = array(); +        $actionEvents = $this->getAction($name)->getEvents(); + +        foreach ($this->eventManager->getAll() as $event => $description) { +            if (in_array($event, $actionEvents)) { +                $events[$event] = $description; +            } +        } + +        return $events; +    } + +    /** +     * Bind automatic actions to events +     * +     * @access public +     * @return ActionManager +     */ +    public function attachEvents() +    { +        if ($this->userSession->isLogged()) { +            $actions = $this->action->getAllByUser($this->userSession->getId()); +        } else { +            $actions = $this->action->getAll(); +        } + +        foreach ($actions as $action) { +            $listener = clone $this->getAction($action['action_name']); +            $listener->setProjectId($action['project_id']); + +            foreach ($action['params'] as $param_name => $param_value) { +                $listener->setParam($param_name, $param_value); +            } + +            $this->dispatcher->addListener($action['event_name'], array($listener, 'execute')); +        } + +        return $this; +    } +} diff --git a/app/Core/Base.php b/app/Core/Base.php index d402fb37..f1053114 100644 --- a/app/Core/Base.php +++ b/app/Core/Base.php @@ -5,49 +5,78 @@ namespace Kanboard\Core;  use Pimple\Container;  /** - * Base class + * Base Class   *   * @package core   * @author  Frederic Guillot   * - * @property \Kanboard\Core\Helper                                      $helper + * @property \Kanboard\Analytic\TaskDistributionAnalytic                $taskDistributionAnalytic + * @property \Kanboard\Analytic\UserDistributionAnalytic                $userDistributionAnalytic + * @property \Kanboard\Analytic\EstimatedTimeComparisonAnalytic         $estimatedTimeComparisonAnalytic + * @property \Kanboard\Analytic\AverageLeadCycleTimeAnalytic            $averageLeadCycleTimeAnalytic + * @property \Kanboard\Analytic\AverageTimeSpentColumnAnalytic          $averageTimeSpentColumnAnalytic + * @property \Kanboard\Core\Action\ActionManager                        $actionManager + * @property \Kanboard\Core\ExternalLink\ExternalLinkManager            $externalLinkManager + * @property \Kanboard\Core\Cache\MemoryCache                           $memoryCache + * @property \Kanboard\Core\Event\EventManager                          $eventManager + * @property \Kanboard\Core\Group\GroupManager                          $groupManager + * @property \Kanboard\Core\Http\Client                                 $httpClient + * @property \Kanboard\Core\Http\OAuth2                                 $oauth + * @property \Kanboard\Core\Http\RememberMeCookie                       $rememberMeCookie + * @property \Kanboard\Core\Http\Request                                $request + * @property \Kanboard\Core\Http\Response                               $response + * @property \Kanboard\Core\Http\Router                                 $router + * @property \Kanboard\Core\Http\Route                                  $route   * @property \Kanboard\Core\Mail\Client                                 $emailClient - * @property \Kanboard\Core\HttpClient                                  $httpClient - * @property \Kanboard\Core\Paginator                                   $paginator - * @property \Kanboard\Core\Request                                     $request - * @property \Kanboard\Core\Session                                     $session - * @property \Kanboard\Core\Template                                    $template - * @property \Kanboard\Core\OAuth2                                      $oauth - * @property \Kanboard\Core\Router                                      $router - * @property \Kanboard\Core\Lexer                                       $lexer   * @property \Kanboard\Core\ObjectStorage\ObjectStorageInterface        $objectStorage - * @property \Kanboard\Core\Cache\Cache                                 $memoryCache   * @property \Kanboard\Core\Plugin\Hook                                 $hook   * @property \Kanboard\Core\Plugin\Loader                               $pluginLoader - * @property \Kanboard\Integration\BitbucketWebhook                     $bitbucketWebhook - * @property \Kanboard\Integration\GithubWebhook                        $githubWebhook - * @property \Kanboard\Integration\GitlabWebhook                        $gitlabWebhook + * @property \Kanboard\Core\Security\AccessMap                          $projectAccessMap + * @property \Kanboard\Core\Security\AuthenticationManager              $authenticationManager + * @property \Kanboard\Core\Security\AccessMap                          $applicationAccessMap + * @property \Kanboard\Core\Security\AccessMap                          $projectAccessMap + * @property \Kanboard\Core\Security\Authorization                      $applicationAuthorization + * @property \Kanboard\Core\Security\Authorization                      $projectAuthorization + * @property \Kanboard\Core\Security\Role                               $role + * @property \Kanboard\Core\Security\Token                              $token + * @property \Kanboard\Core\Session\FlashMessage                        $flash + * @property \Kanboard\Core\Session\SessionManager                      $sessionManager + * @property \Kanboard\Core\Session\SessionStorage                      $sessionStorage + * @property \Kanboard\Core\User\GroupSync                              $groupSync + * @property \Kanboard\Core\User\UserProfile                            $userProfile + * @property \Kanboard\Core\User\UserSync                               $userSync + * @property \Kanboard\Core\User\UserSession                            $userSession + * @property \Kanboard\Core\DateParser                                  $dateParser + * @property \Kanboard\Core\Helper                                      $helper + * @property \Kanboard\Core\Lexer                                       $lexer + * @property \Kanboard\Core\Paginator                                   $paginator + * @property \Kanboard\Core\Template                                    $template   * @property \Kanboard\Formatter\ProjectGanttFormatter                  $projectGanttFormatter   * @property \Kanboard\Formatter\TaskFilterGanttFormatter               $taskFilterGanttFormatter   * @property \Kanboard\Formatter\TaskFilterAutoCompleteFormatter        $taskFilterAutoCompleteFormatter   * @property \Kanboard\Formatter\TaskFilterCalendarFormatter            $taskFilterCalendarFormatter   * @property \Kanboard\Formatter\TaskFilterICalendarFormatter           $taskFilterICalendarFormatter - * @property \Kanboard\Model\Acl                                        $acl + * @property \Kanboard\Formatter\UserFilterAutoCompleteFormatter        $userFilterAutoCompleteFormatter + * @property \Kanboard\Formatter\GroupAutoCompleteFormatter             $groupAutoCompleteFormatter   * @property \Kanboard\Model\Action                                     $action - * @property \Kanboard\Model\Authentication                             $authentication + * @property \Kanboard\Model\ActionParameter                            $actionParameter   * @property \Kanboard\Model\Board                                      $board   * @property \Kanboard\Model\Category                                   $category   * @property \Kanboard\Model\Color                                      $color + * @property \Kanboard\Model\Column                                     $column   * @property \Kanboard\Model\Comment                                    $comment   * @property \Kanboard\Model\Config                                     $config   * @property \Kanboard\Model\Currency                                   $currency   * @property \Kanboard\Model\CustomFilter                               $customFilter - * @property \Kanboard\Model\DateParser                                 $dateParser - * @property \Kanboard\Model\File                                       $file + * @property \Kanboard\Model\TaskFile                                   $taskFile + * @property \Kanboard\Model\ProjectFile                                $projectFile + * @property \Kanboard\Model\Group                                      $group + * @property \Kanboard\Model\GroupMember                                $groupMember   * @property \Kanboard\Model\LastLogin                                  $lastLogin   * @property \Kanboard\Model\Link                                       $link   * @property \Kanboard\Model\Notification                               $notification   * @property \Kanboard\Model\OverdueNotification                        $overdueNotification + * @property \Kanboard\Model\PasswordReset                              $passwordReset   * @property \Kanboard\Model\Project                                    $project   * @property \Kanboard\Model\ProjectActivity                            $projectActivity   * @property \Kanboard\Model\ProjectAnalytic                            $projectAnalytic @@ -56,8 +85,12 @@ use Pimple\Container;   * @property \Kanboard\Model\ProjectDailyStats                          $projectDailyStats   * @property \Kanboard\Model\ProjectMetadata                            $projectMetadata   * @property \Kanboard\Model\ProjectPermission                          $projectPermission + * @property \Kanboard\Model\ProjectUserRole                            $projectUserRole + * @property \Kanboard\Model\projectUserRoleFilter                      $projectUserRoleFilter + * @property \Kanboard\Model\ProjectGroupRole                           $projectGroupRole   * @property \Kanboard\Model\ProjectNotification                        $projectNotification   * @property \Kanboard\Model\ProjectNotificationType                    $projectNotificationType + * @property \Kanboard\Model\RememberMeSession                          $rememberMeSession   * @property \Kanboard\Model\Subtask                                    $subtask   * @property \Kanboard\Model\SubtaskExport                              $subtaskExport   * @property \Kanboard\Model\SubtaskTimeTracking                        $subtaskTimeTracking @@ -67,6 +100,7 @@ use Pimple\Container;   * @property \Kanboard\Model\TaskCreation                               $taskCreation   * @property \Kanboard\Model\TaskDuplication                            $taskDuplication   * @property \Kanboard\Model\TaskExport                                 $taskExport + * @property \Kanboard\Model\TaskExternalLink                           $taskExternalLink   * @property \Kanboard\Model\TaskImport                                 $taskImport   * @property \Kanboard\Model\TaskFinder                                 $taskFinder   * @property \Kanboard\Model\TaskFilter                                 $taskFilter @@ -75,21 +109,39 @@ use Pimple\Container;   * @property \Kanboard\Model\TaskPermission                             $taskPermission   * @property \Kanboard\Model\TaskPosition                               $taskPosition   * @property \Kanboard\Model\TaskStatus                                 $taskStatus - * @property \Kanboard\Model\TaskValidator                              $taskValidator   * @property \Kanboard\Model\TaskMetadata                               $taskMetadata   * @property \Kanboard\Model\Transition                                 $transition   * @property \Kanboard\Model\User                                       $user   * @property \Kanboard\Model\UserImport                                 $userImport + * @property \Kanboard\Model\UserLocking                                $userLocking + * @property \Kanboard\Model\UserMention                                $userMention   * @property \Kanboard\Model\UserNotification                           $userNotification   * @property \Kanboard\Model\UserNotificationType                       $userNotificationType   * @property \Kanboard\Model\UserNotificationFilter                     $userNotificationFilter   * @property \Kanboard\Model\UserUnreadNotification                     $userUnreadNotification - * @property \Kanboard\Model\UserSession                                $userSession   * @property \Kanboard\Model\UserMetadata                               $userMetadata   * @property \Kanboard\Model\Webhook                                    $webhook + * @property \Kanboard\Validator\ActionValidator                        $actionValidator + * @property \Kanboard\Validator\AuthValidator                          $authValidator + * @property \Kanboard\Validator\ColumnValidator                        $columnValidator + * @property \Kanboard\Validator\CategoryValidator                      $categoryValidator + * @property \Kanboard\Validator\ColumnValidator                        $columnValidator + * @property \Kanboard\Validator\CommentValidator                       $commentValidator + * @property \Kanboard\Validator\CurrencyValidator                      $currencyValidator + * @property \Kanboard\Validator\CustomFilterValidator                  $customFilterValidator + * @property \Kanboard\Validator\GroupValidator                         $groupValidator + * @property \Kanboard\Validator\LinkValidator                          $linkValidator + * @property \Kanboard\Validator\PasswordResetValidator                 $passwordResetValidator + * @property \Kanboard\Validator\ProjectValidator                       $projectValidator + * @property \Kanboard\Validator\SubtaskValidator                       $subtaskValidator + * @property \Kanboard\Validator\SwimlaneValidator                      $swimlaneValidator + * @property \Kanboard\Validator\TaskLinkValidator                      $taskLinkValidator + * @property \Kanboard\Validator\TaskExternalLinkValidator              $taskExternalLinkValidator + * @property \Kanboard\Validator\TaskValidator                          $taskValidator + * @property \Kanboard\Validator\UserValidator                          $userValidator   * @property \Psr\Log\LoggerInterface                                   $logger - * @property \League\HTMLToMarkdown\HtmlConverter                       $htmlConverter   * @property \PicoDb\Database                                           $db + * @property \Symfony\Component\EventDispatcher\EventDispatcher         $dispatcher   */  abstract class Base  { diff --git a/app/Core/Cache/MemoryCache.php b/app/Core/Cache/MemoryCache.php index c4fb7ca4..39e3947b 100644 --- a/app/Core/Cache/MemoryCache.php +++ b/app/Core/Cache/MemoryCache.php @@ -23,7 +23,7 @@ class MemoryCache extends Base implements CacheInterface       *       * @access public       * @param  string  $key -     * @param  string  $value +     * @param  mixed   $value       */      public function set($key, $value)      { diff --git a/app/Core/Csv.php b/app/Core/Csv.php index bec400ed..e45af24c 100644 --- a/app/Core/Csv.php +++ b/app/Core/Csv.php @@ -93,8 +93,7 @@ class Csv      {          if (! empty($value)) {              $value = trim(strtolower($value)); -            return $value === '1' || $value{0} -            === 't' ? 1 : 0; +            return $value === '1' || $value{0} === 't' || $value{0} === 'y' ? 1 : 0;          }          return 0; @@ -164,10 +163,14 @@ class Csv       */      public function write($filename, array $rows)      { -        $file = new SplFileObject($filename, 'w'); +        $fp = fopen($filename, 'w'); -        foreach ($rows as $row) { -            $file->fputcsv($row, $this->delimiter, $this->enclosure); +        if (is_resource($fp)) { +            foreach ($rows as $row) { +                fputcsv($fp, $row, $this->delimiter, $this->enclosure); +            } + +            fclose($fp);          }          return $this; diff --git a/app/Core/DateParser.php b/app/Core/DateParser.php index 6577af0f..20e79ff9 100644 --- a/app/Core/DateParser.php +++ b/app/Core/DateParser.php @@ -13,67 +13,91 @@ use DateTime;  class DateParser extends Base  {      /** -     * Return true if the date is within the date range +     * List of time formats       *       * @access public -     * @param  DateTime  $date -     * @param  DateTime  $start -     * @param  DateTime  $end -     * @return boolean +     * @return string[]       */ -    public function withinDateRange(DateTime $date, DateTime $start, DateTime $end) +    public function getTimeFormats()      { -        return $date >= $start && $date <= $end; +        return array( +            'H:i', +            'g:i a', +        );      }      /** -     * Get the total number of hours between 2 datetime objects -     * Minutes are rounded to the nearest quarter +     * List of date formats       *       * @access public -     * @param  DateTime $d1 -     * @param  DateTime $d2 -     * @return float +     * @param  boolean  $iso +     * @return string[]       */ -    public function getHours(DateTime $d1, DateTime $d2) +    public function getDateFormats($iso = false)      { -        $seconds = $this->getRoundedSeconds(abs($d1->getTimestamp() - $d2->getTimestamp())); -        return round($seconds / 3600, 2); +        $iso_formats = array( +            'Y-m-d', +            'Y_m_d', +        ); + +        $user_formats = array( +            'm/d/Y', +            'd/m/Y', +            'Y/m/d', +            'd.m.Y', +        ); + +        return $iso ? array_merge($iso_formats, $user_formats) : $user_formats;      }      /** -     * Round the timestamp to the nearest quarter +     * List of datetime formats       *       * @access public -     * @param  integer    $seconds   Timestamp -     * @return integer +     * @param  boolean  $iso +     * @return string[]       */ -    public function getRoundedSeconds($seconds) +    public function getDateTimeFormats($iso = false)      { -        return (int) round($seconds / (15 * 60)) * (15 * 60); +        $formats = array(); + +        foreach ($this->getDateFormats($iso) as $date) { +            foreach ($this->getTimeFormats() as $time) { +                $formats[] = $date.' '.$time; +            } +        } + +        return $formats;      }      /** -     * Return a timestamp if the given date format is correct otherwise return 0 +     * List of all date formats       *       * @access public -     * @param  string   $value  Date to parse -     * @param  string   $format Date format -     * @return integer +     * @param  boolean  $iso +     * @return string[]       */ -    public function getValidDate($value, $format) +    public function getAllDateFormats($iso = false)      { -        $date = DateTime::createFromFormat($format, $value); +        return array_merge($this->getDateFormats($iso), $this->getDateTimeFormats($iso)); +    } -        if ($date !== false) { -            $errors = DateTime::getLastErrors(); -            if ($errors['error_count'] === 0 && $errors['warning_count'] === 0) { -                $timestamp = $date->getTimestamp(); -                return $timestamp > 0 ? $timestamp : 0; -            } +    /** +     * Get available formats (visible in settings) +     * +     * @access public +     * @param  array  $formats +     * @return array +     */ +    public function getAvailableFormats(array $formats) +    { +        $values = array(); + +        foreach ($formats as $format) { +            $values[$format] = date($format);          } -        return 0; +        return $values;      }      /** @@ -85,7 +109,11 @@ class DateParser extends Base       */      public function getTimestamp($value)      { -        foreach ($this->getAllFormats() as $format) { +        if (ctype_digit($value)) { +            return (int) $value; +        } + +        foreach ($this->getAllDateFormats(true) as $format) {              $timestamp = $this->getValidDate($value, $format);              if ($timestamp !== 0) { @@ -97,104 +125,103 @@ class DateParser extends Base      }      /** -     * Get ISO8601 date from user input +     * Return a timestamp if the given date format is correct otherwise return 0       * -     * @access public -     * @param  string   $value   Date to parse -     * @return string +     * @access private +     * @param  string   $value  Date to parse +     * @param  string   $format Date format +     * @return integer       */ -    public function getIsoDate($value) +    private function getValidDate($value, $format)      { -        return date('Y-m-d', ctype_digit($value) ? $value : $this->getTimestamp($value)); +        $date = DateTime::createFromFormat($format, $value); + +        if ($date !== false) { +            $errors = DateTime::getLastErrors(); +            if ($errors['error_count'] === 0 && $errors['warning_count'] === 0) { +                $timestamp = $date->getTimestamp(); +                return $timestamp > 0 ? $timestamp : 0; +            } +        } + +        return 0;      }      /** -     * Get all combinations of date/time formats +     * Return true if the date is within the date range       *       * @access public -     * @return string[] +     * @param  DateTime  $date +     * @param  DateTime  $start +     * @param  DateTime  $end +     * @return boolean       */ -    public function getAllFormats() +    public function withinDateRange(DateTime $date, DateTime $start, DateTime $end)      { -        $formats = array(); - -        foreach ($this->getDateFormats() as $date) { -            foreach ($this->getTimeFormats() as $time) { -                $formats[] = $date.' '.$time; -            } -        } - -        return array_merge($formats, $this->getDateFormats()); +        return $date >= $start && $date <= $end;      }      /** -     * Return the list of supported date formats (for the parser) +     * Get the total number of hours between 2 datetime objects +     * Minutes are rounded to the nearest quarter       *       * @access public -     * @return string[] +     * @param  DateTime $d1 +     * @param  DateTime $d2 +     * @return float       */ -    public function getDateFormats() +    public function getHours(DateTime $d1, DateTime $d2)      { -        return array( -            $this->config->get('application_date_format', 'm/d/Y'), -            'Y-m-d', -            'Y_m_d', -        ); +        $seconds = $this->getRoundedSeconds(abs($d1->getTimestamp() - $d2->getTimestamp())); +        return round($seconds / 3600, 2);      }      /** -     * Return the list of supported time formats (for the parser) +     * Round the timestamp to the nearest quarter       *       * @access public -     * @return string[] +     * @param  integer    $seconds   Timestamp +     * @return integer       */ -    public function getTimeFormats() +    public function getRoundedSeconds($seconds)      { -        return array( -            'H:i', -            'g:i A', -            'g:iA', -        ); +        return (int) round($seconds / (15 * 60)) * (15 * 60);      }      /** -     * Return the list of available date formats (for the config page) +     * Get ISO-8601 date from user input       *       * @access public -     * @return array +     * @param  string   $value   Date to parse +     * @return string       */ -    public function getAvailableFormats() +    public function getIsoDate($value)      { -        return array( -            'm/d/Y' => date('m/d/Y'), -            'd/m/Y' => date('d/m/Y'), -            'Y/m/d' => date('Y/m/d'), -            'd.m.Y' => date('d.m.Y'), -        ); +        return date('Y-m-d', $this->getTimestamp($value));      }      /** -     * Remove the time from a timestamp +     * Get a timetstamp from an ISO date format       *       * @access public -     * @param  integer    $timestamp    Timestamp +     * @param  string   $value       * @return integer       */ -    public function removeTimeFromTimestamp($timestamp) +    public function getTimestampFromIsoFormat($value)      { -        return mktime(0, 0, 0, date('m', $timestamp), date('d', $timestamp), date('Y', $timestamp)); +        return $this->removeTimeFromTimestamp(ctype_digit($value) ? $value : strtotime($value));      }      /** -     * Get a timetstamp from an ISO date format +     * Remove the time from a timestamp       *       * @access public -     * @param  string   $date +     * @param  integer $timestamp       * @return integer       */ -    public function getTimestampFromIsoFormat($date) +    public function removeTimeFromTimestamp($timestamp)      { -        return $this->removeTimeFromTimestamp(ctype_digit($date) ? $date : strtotime($date)); +        return mktime(0, 0, 0, date('m', $timestamp), date('d', $timestamp), date('Y', $timestamp));      }      /** @@ -204,13 +231,10 @@ class DateParser extends Base       * @param  array    $values   Database values       * @param  string[] $fields   Date fields       * @param  string   $format   Date format +     * @return array       */ -    public function format(array &$values, array $fields, $format = '') +    public function format(array $values, array $fields, $format)      { -        if ($format === '') { -            $format = $this->config->get('application_date_format'); -        } -          foreach ($fields as $field) {              if (! empty($values[$field])) {                  $values[$field] = date($format, $values[$field]); @@ -218,23 +242,28 @@ class DateParser extends Base                  $values[$field] = '';              }          } + +        return $values;      }      /** -     * Convert date (form input data) +     * Convert date to timestamp       *       * @access public       * @param  array    $values     Database values       * @param  string[] $fields     Date fields       * @param  boolean  $keep_time  Keep time or not +     * @return array       */ -    public function convert(array &$values, array $fields, $keep_time = false) +    public function convert(array $values, array $fields, $keep_time = false)      {          foreach ($fields as $field) { -            if (! empty($values[$field]) && ! is_numeric($values[$field])) { +            if (! empty($values[$field])) {                  $timestamp = $this->getTimestamp($values[$field]);                  $values[$field] = $keep_time ? $timestamp : $this->removeTimeFromTimestamp($timestamp);              }          } + +        return $values;      }  } diff --git a/app/Core/Event/EventManager.php b/app/Core/Event/EventManager.php new file mode 100644 index 00000000..162d23e8 --- /dev/null +++ b/app/Core/Event/EventManager.php @@ -0,0 +1,63 @@ +<?php + +namespace Kanboard\Core\Event; + +use Kanboard\Model\Task; +use Kanboard\Model\TaskLink; + +/** + * Event Manager + * + * @package  event + * @author   Frederic Guillot + */ +class EventManager +{ +    /** +     * Extended events +     * +     * @access private +     * @var array +     */ +    private $events = array(); + +    /** +     * Add new event +     * +     * @access public +     * @param  string  $event +     * @param  string  $description +     * @return EventManager +     */ +    public function register($event, $description) +    { +        $this->events[$event] = $description; +        return $this; +    } + +    /** +     * Get the list of events and description that can be used from the user interface +     * +     * @access public +     * @return array +     */ +    public function getAll() +    { +        $events = array( +            TaskLink::EVENT_CREATE_UPDATE => t('Task link creation or modification'), +            Task::EVENT_MOVE_COLUMN => t('Move a task to another column'), +            Task::EVENT_UPDATE => t('Task modification'), +            Task::EVENT_CREATE => t('Task creation'), +            Task::EVENT_OPEN => t('Reopen a task'), +            Task::EVENT_CLOSE => t('Closing a task'), +            Task::EVENT_CREATE_UPDATE => t('Task creation or modification'), +            Task::EVENT_ASSIGNEE_CHANGE => t('Task assignee change'), +            Task::EVENT_DAILY_CRONJOB => t('Daily background job for tasks'), +        ); + +        $events = array_merge($events, $this->events); +        asort($events); + +        return $events; +    } +} diff --git a/app/Core/ExternalLink/ExternalLinkInterface.php b/app/Core/ExternalLink/ExternalLinkInterface.php new file mode 100644 index 00000000..2dbc0a19 --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkInterface.php @@ -0,0 +1,36 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +/** + * External Link Interface + * + * @package  externalLink + * @author   Frederic Guillot + */ +interface ExternalLinkInterface +{ +    /** +     * Get link title +     * +     * @access public +     * @return string +     */ +    public function getTitle(); + +    /** +     * Get link URL +     * +     * @access public +     * @return string +     */ +    public function getUrl(); + +    /** +     * Set link URL +     * +     * @access public +     * @param  string $url +     */ +    public function setUrl($url); +} diff --git a/app/Core/ExternalLink/ExternalLinkManager.php b/app/Core/ExternalLink/ExternalLinkManager.php new file mode 100644 index 00000000..1fa423c2 --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkManager.php @@ -0,0 +1,173 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +use Kanboard\Core\Base; + +/** + * External Link Manager + * + * @package  externalLink + * @author   Frederic Guillot + */ +class ExternalLinkManager extends Base +{ +    /** +     * Automatic type value +     * +     * @var string +     */ +    const TYPE_AUTO = 'auto'; + +    /** +     * Registered providers +     * +     * @access private +     * @var array +     */ +    private $providers = array(); + +    /** +     * Type chosen by the user +     * +     * @access private +     * @var string +     */ +    private $userInputType = ''; + +    /** +     * Text entered by the user +     * +     * @access private +     * @var string +     */ +    private $userInputText = ''; + +    /** +     * Register a new provider +     * +     * Providers are registered in a LIFO queue +     * +     * @access public +     * @param  ExternalLinkProviderInterface $provider +     * @return ExternalLinkManager +     */ +    public function register(ExternalLinkProviderInterface $provider) +    { +        array_unshift($this->providers, $provider); +        return $this; +    } + +    /** +     * Get provider +     * +     * @access public +     * @param  string $type +     * @throws ExternalLinkProviderNotFound +     * @return ExternalLinkProviderInterface +     */ +    public function getProvider($type) +    { +        foreach ($this->providers as $provider) { +            if ($provider->getType() === $type) { +                return $provider; +            } +        } + +        throw new ExternalLinkProviderNotFound('Unable to find link provider: '.$type); +    } + +    /** +     * Get link types +     * +     * @access public +     * @return array +     */ +    public function getTypes() +    { +        $types = array(); + +        foreach ($this->providers as $provider) { +            $types[$provider->getType()] = $provider->getName(); +        } + +        asort($types); + +        return array(self::TYPE_AUTO => t('Auto')) + $types; +    } + +    /** +     * Get dependency label from a provider +     * +     * @access public +     * @param  string $type +     * @param  string $dependency +     * @return string +     */ +    public function getDependencyLabel($type, $dependency) +    { +        $provider = $this->getProvider($type); +        $dependencies = $provider->getDependencies(); +        return isset($dependencies[$dependency]) ? $dependencies[$dependency] : $dependency; +    } + +    /** +     * Find a provider that match +     * +     * @access public +     * @throws ExternalLinkProviderNotFound +     * @return ExternalLinkProviderInterface +     */ +    public function find() +    { +        if ($this->userInputType === self::TYPE_AUTO) { +            $provider = $this->findProvider(); +        } else { +            $provider = $this->getProvider($this->userInputType); +            $provider->setUserTextInput($this->userInputText); + +            if (! $provider->match()) { +                throw new ExternalLinkProviderNotFound('Unable to parse URL with selected provider'); +            } +        } + +        if ($provider === null) { +            throw new ExternalLinkProviderNotFound('Unable to find link information from provided information'); +        } + +        return $provider; +    } + +    /** +     * Set form values +     * +     * @access public +     * @param  array $values +     * @return ExternalLinkManager +     */ +    public function setUserInput(array $values) +    { +        $this->userInputType = empty($values['type']) ? self::TYPE_AUTO : $values['type']; +        $this->userInputText = empty($values['text']) ? '' : trim($values['text']); +        return $this; +    } + +    /** +     * Find a provider that user input +     * +     * @access private +     * @return ExternalLinkProviderInterface +     */ +    private function findProvider() +    { +        foreach ($this->providers as $provider) { +            $provider->setUserTextInput($this->userInputText); + +            if ($provider->match()) { +                return $provider; +            } +        } + +        return null; +    } +} diff --git a/app/Core/ExternalLink/ExternalLinkProviderInterface.php b/app/Core/ExternalLink/ExternalLinkProviderInterface.php new file mode 100644 index 00000000..c908e1eb --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkProviderInterface.php @@ -0,0 +1,71 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +/** + * External Link Provider Interface + * + * @package  externalLink + * @author   Frederic Guillot + */ +interface ExternalLinkProviderInterface +{ +    /** +     * Get provider name (label) +     * +     * @access public +     * @return string +     */ +    public function getName(); + +    /** +     * Get link type (will be saved in the database) +     * +     * @access public +     * @return string +     */ +    public function getType(); + +    /** +     * Get a dictionary of supported dependency types by the provider +     * +     * Example: +     * +     * [ +     *     'related' => t('Related'), +     *     'child' => t('Child'), +     *     'parent' => t('Parent'), +     *     'self' => t('Self'), +     * ] +     * +     * The dictionary key is saved in the database. +     * +     * @access public +     * @return array +     */ +    public function getDependencies(); + +    /** +     * Set text entered by the user +     * +     * @access public +     * @param  string $input +     */ +    public function setUserTextInput($input); + +    /** +     * Return true if the provider can parse correctly the user input +     * +     * @access public +     * @return boolean +     */ +    public function match(); + +    /** +     * Get the link found with the properties +     * +     * @access public +     * @return ExternalLinkInterface +     */ +    public function getLink(); +} diff --git a/app/Core/ExternalLink/ExternalLinkProviderNotFound.php b/app/Core/ExternalLink/ExternalLinkProviderNotFound.php new file mode 100644 index 00000000..4fd05202 --- /dev/null +++ b/app/Core/ExternalLink/ExternalLinkProviderNotFound.php @@ -0,0 +1,15 @@ +<?php + +namespace Kanboard\Core\ExternalLink; + +use Exception; + +/** + * External Link Provider Not Found Exception + * + * @package  externalLink + * @author   Frederic Guillot + */ +class ExternalLinkProviderNotFound extends Exception +{ +} diff --git a/app/Core/Group/GroupBackendProviderInterface.php b/app/Core/Group/GroupBackendProviderInterface.php new file mode 100644 index 00000000..74c5cb03 --- /dev/null +++ b/app/Core/Group/GroupBackendProviderInterface.php @@ -0,0 +1,21 @@ +<?php + +namespace Kanboard\Core\Group; + +/** + * Group Backend Provider Interface + * + * @package  group + * @author   Frederic Guillot + */ +interface GroupBackendProviderInterface +{ +    /** +     * Find a group from a search query +     * +     * @access public +     * @param  string $input +     * @return GroupProviderInterface[] +     */ +    public function find($input); +} diff --git a/app/Core/Group/GroupManager.php b/app/Core/Group/GroupManager.php new file mode 100644 index 00000000..48b6c4f8 --- /dev/null +++ b/app/Core/Group/GroupManager.php @@ -0,0 +1,71 @@ +<?php + +namespace Kanboard\Core\Group; + +/** + * Group Manager + * + * @package  group + * @author   Frederic Guillot + */ +class GroupManager +{ +    /** +     * List of backend providers +     * +     * @access private +     * @var array +     */ +    private $providers = array(); + +    /** +     * Register a new group backend provider +     * +     * @access public +     * @param  GroupBackendProviderInterface $provider +     * @return GroupManager +     */ +    public function register(GroupBackendProviderInterface $provider) +    { +        $this->providers[] = $provider; +        return $this; +    } + +    /** +     * Find a group from a search query +     * +     * @access public +     * @param  string $input +     * @return GroupProviderInterface[] +     */ +    public function find($input) +    { +        $groups = array(); + +        foreach ($this->providers as $provider) { +            $groups = array_merge($groups, $provider->find($input)); +        } + +        return $this->removeDuplicates($groups); +    } + +    /** +     * Remove duplicated groups +     * +     * @access private +     * @param  array $groups +     * @return GroupProviderInterface[] +     */ +    private function removeDuplicates(array $groups) +    { +        $result = array(); + +        foreach ($groups as $group) { +            if (! isset($result[$group->getName()])) { +                $result[$group->getName()] = $group; +            } +        } + +        return array_values($result); +    } +} diff --git a/app/Core/Group/GroupProviderInterface.php b/app/Core/Group/GroupProviderInterface.php new file mode 100644 index 00000000..4c7c16ec --- /dev/null +++ b/app/Core/Group/GroupProviderInterface.php @@ -0,0 +1,40 @@ +<?php + +namespace Kanboard\Core\Group; + +/** + * Group Provider Interface + * + * @package  group + * @author   Frederic Guillot + */ +interface GroupProviderInterface +{ +    /** +     * Get internal id +     * +     * You must return 0 if the group come from an external backend +     * +     * @access public +     * @return integer +     */ +    public function getInternalId(); + +    /** +     * Get external id +     * +     * You must return a unique id if the group come from an external provider +     * +     * @access public +     * @return string +     */ +    public function getExternalId(); + +    /** +     * Get group name +     * +     * @access public +     * @return string +     */ +    public function getName(); +} diff --git a/app/Core/Helper.php b/app/Core/Helper.php index 5edaa3f0..bf71769f 100644 --- a/app/Core/Helper.php +++ b/app/Core/Helper.php @@ -20,6 +20,7 @@ use Pimple\Container;   * @property \Helper\Text       $text   * @property \Helper\Url        $url   * @property \Helper\User       $user + * @property \Helper\Layout     $layout   */  class Helper  { diff --git a/app/Core/HttpClient.php b/app/Core/Http/Client.php index 7f4ea47a..12b0a1cb 100644 --- a/app/Core/HttpClient.php +++ b/app/Core/Http/Client.php @@ -1,14 +1,16 @@  <?php -namespace Kanboard\Core; +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base;  /**   * HTTP client   * - * @package  core + * @package  http   * @author   Frederic Guillot   */ -class HttpClient extends Base +class Client extends Base  {      /**       * HTTP connection timeout in seconds @@ -32,6 +34,19 @@ class HttpClient extends Base      const HTTP_USER_AGENT = 'Kanboard';      /** +     * Send a GET HTTP request +     * +     * @access public +     * @param  string     $url +     * @param  string[]   $headers +     * @return string +     */ +    public function get($url, array $headers = array()) +    { +        return $this->doRequest('GET', $url, '', $headers); +    } + +    /**       * Send a GET HTTP request and parse JSON response       *       * @access public @@ -99,6 +114,36 @@ class HttpClient extends Base              return '';          } +        $stream = @fopen(trim($url), 'r', false, stream_context_create($this->getContext($method, $content, $headers))); +        $response = ''; + +        if (is_resource($stream)) { +            $response = stream_get_contents($stream); +        } else { +            $this->logger->error('HttpClient: request failed'); +        } + +        if (DEBUG) { +            $this->logger->debug('HttpClient: url='.$url); +            $this->logger->debug('HttpClient: payload='.$content); +            $this->logger->debug('HttpClient: metadata='.var_export(@stream_get_meta_data($stream), true)); +            $this->logger->debug('HttpClient: response='.$response); +        } + +        return $response; +    } + +    /** +     * Get stream context +     * +     * @access private +     * @param  string     $method +     * @param  string     $content +     * @param  string[]   $headers +     * @return array +     */ +    private function getContext($method, $content, array $headers) +    {          $default_headers = array(              'User-Agent: '.self::HTTP_USER_AGENT,              'Connection: close', @@ -126,22 +171,6 @@ class HttpClient extends Base              $context['http']['request_fulluri'] = true;          } -        $stream = @fopen(trim($url), 'r', false, stream_context_create($context)); -        $response = ''; - -        if (is_resource($stream)) { -            $response = stream_get_contents($stream); -        } else { -            $this->container['logger']->error('HttpClient: request failed'); -        } - -        if (DEBUG) { -            $this->container['logger']->debug('HttpClient: url='.$url); -            $this->container['logger']->debug('HttpClient: payload='.$content); -            $this->container['logger']->debug('HttpClient: metadata='.var_export(@stream_get_meta_data($stream), true)); -            $this->container['logger']->debug('HttpClient: response='.$response); -        } - -        return $response; +        return $context;      }  } diff --git a/app/Core/OAuth2.php b/app/Core/Http/OAuth2.php index a5bbba1a..6fa1fb0a 100644 --- a/app/Core/OAuth2.php +++ b/app/Core/Http/OAuth2.php @@ -1,11 +1,13 @@  <?php -namespace Kanboard\Core; +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base;  /** - * OAuth2 client + * OAuth2 Client   * - * @package  core + * @package  http   * @author   Frederic Guillot   */  class OAuth2 extends Base diff --git a/app/Core/Http/RememberMeCookie.php b/app/Core/Http/RememberMeCookie.php new file mode 100644 index 00000000..a32b35f3 --- /dev/null +++ b/app/Core/Http/RememberMeCookie.php @@ -0,0 +1,120 @@ +<?php + +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; + +/** + * Remember Me Cookie + * + * @package  http + * @author   Frederic Guillot + */ +class RememberMeCookie extends Base +{ +    /** +     * Cookie name +     * +     * @var string +     */ +    const COOKIE_NAME = 'KB_RM'; + +    /** +     * Encode the cookie +     * +     * @access public +     * @param  string   $token        Session token +     * @param  string   $sequence     Sequence token +     * @return string +     */ +    public function encode($token, $sequence) +    { +        return implode('|', array($token, $sequence)); +    } + +    /** +     * Decode the value of a cookie +     * +     * @access public +     * @param  string   $value    Raw cookie data +     * @return array +     */ +    public function decode($value) +    { +        list($token, $sequence) = explode('|', $value); + +        return array( +            'token' => $token, +            'sequence' => $sequence, +        ); +    } + +    /** +     * Return true if the current user has a RememberMe cookie +     * +     * @access public +     * @return bool +     */ +    public function hasCookie() +    { +        return $this->request->getCookie(self::COOKIE_NAME) !== ''; +    } + +    /** +     * Write and encode the cookie +     * +     * @access public +     * @param  string   $token        Session token +     * @param  string   $sequence     Sequence token +     * @param  string   $expiration   Cookie expiration +     * @return boolean +     */ +    public function write($token, $sequence, $expiration) +    { +        return setcookie( +            self::COOKIE_NAME, +            $this->encode($token, $sequence), +            $expiration, +            $this->helper->url->dir(), +            null, +            $this->request->isHTTPS(), +            true +        ); +    } + +    /** +     * Read and decode the cookie +     * +     * @access public +     * @return mixed +     */ +    public function read() +    { +        $cookie = $this->request->getCookie(self::COOKIE_NAME); + +        if (empty($cookie)) { +            return false; +        } + +        return $this->decode($cookie); +    } + +    /** +     * Remove the cookie +     * +     * @access public +     * @return boolean +     */ +    public function remove() +    { +        return setcookie( +            self::COOKIE_NAME, +            '', +            time() - 3600, +            $this->helper->url->dir(), +            null, +            $this->request->isHTTPS(), +            true +        ); +    } +} diff --git a/app/Core/Http/Request.php b/app/Core/Http/Request.php new file mode 100644 index 00000000..1b3036d5 --- /dev/null +++ b/app/Core/Http/Request.php @@ -0,0 +1,337 @@ +<?php + +namespace Kanboard\Core\Http; + +use Pimple\Container; +use Kanboard\Core\Base; + +/** + * Request class + * + * @package  http + * @author   Frederic Guillot + */ +class Request extends Base +{ +    /** +     * Pointer to PHP environment variables +     * +     * @access private +     * @var array +     */ +    private $server; +    private $get; +    private $post; +    private $files; +    private $cookies; + +    /** +     * Constructor +     * +     * @access public +     * @param  \Pimple\Container   $container +     */ +    public function __construct(Container $container, array $server = array(), array $get = array(), array $post = array(), array $files = array(), array $cookies = array()) +    { +        parent::__construct($container); +        $this->server = empty($server) ? $_SERVER : $server; +        $this->get = empty($get) ? $_GET : $get; +        $this->post = empty($post) ? $_POST : $post; +        $this->files = empty($files) ? $_FILES : $files; +        $this->cookies = empty($cookies) ? $_COOKIE : $cookies; +    } + +    /** +     * Set GET parameters +     * +     * @param array $params +     */ +    public function setParams(array $params) +    { +        $this->get = array_merge($this->get, $params); +    } + +    /** +     * Get query string string parameter +     * +     * @access public +     * @param  string   $name            Parameter name +     * @param  string   $default_value   Default value +     * @return string +     */ +    public function getStringParam($name, $default_value = '') +    { +        return isset($this->get[$name]) ? $this->get[$name] : $default_value; +    } + +    /** +     * Get query string integer parameter +     * +     * @access public +     * @param  string   $name            Parameter name +     * @param  integer  $default_value   Default value +     * @return integer +     */ +    public function getIntegerParam($name, $default_value = 0) +    { +        return isset($this->get[$name]) && ctype_digit($this->get[$name]) ? (int) $this->get[$name] : $default_value; +    } + +    /** +     * Get a form value +     * +     * @access public +     * @param  string    $name   Form field name +     * @return string|null +     */ +    public function getValue($name) +    { +        $values = $this->getValues(); +        return isset($values[$name]) ? $values[$name] : null; +    } + +    /** +     * Get form values and check for CSRF token +     * +     * @access public +     * @return array +     */ +    public function getValues() +    { +        if (! empty($this->post) && ! empty($this->post['csrf_token']) && $this->token->validateCSRFToken($this->post['csrf_token'])) { +            unset($this->post['csrf_token']); +            return $this->post; +        } + +        return array(); +    } + +    /** +     * Get the raw body of the HTTP request +     * +     * @access public +     * @return string +     */ +    public function getBody() +    { +        return file_get_contents('php://input'); +    } + +    /** +     * Get the Json request body +     * +     * @access public +     * @return array +     */ +    public function getJson() +    { +        return json_decode($this->getBody(), true) ?: array(); +    } + +    /** +     * Get the content of an uploaded file +     * +     * @access public +     * @param  string   $name   Form file name +     * @return string +     */ +    public function getFileContent($name) +    { +        if (isset($this->files[$name]['tmp_name'])) { +            return file_get_contents($this->files[$name]['tmp_name']); +        } + +        return ''; +    } + +    /** +     * Get the path of an uploaded file +     * +     * @access public +     * @param  string   $name   Form file name +     * @return string +     */ +    public function getFilePath($name) +    { +        return isset($this->files[$name]['tmp_name']) ? $this->files[$name]['tmp_name'] : ''; +    } + +    /** +     * Get info of an uploaded file +     * +     * @access public +     * @param  string   $name   Form file name +     * @return array +     */ +    public function getFileInfo($name) +    { +        return isset($this->files[$name]) ? $this->files[$name] : array(); +    } + +    /** +     * Return HTTP method +     * +     * @access public +     * @return bool +     */ +    public function getMethod() +    { +        return $this->getServerVariable('REQUEST_METHOD'); +    } + +    /** +     * Return true if the HTTP request is sent with the POST method +     * +     * @access public +     * @return bool +     */ +    public function isPost() +    { +        return $this->getServerVariable('REQUEST_METHOD') === 'POST'; +    } + +    /** +     * Return true if the HTTP request is an Ajax request +     * +     * @access public +     * @return bool +     */ +    public function isAjax() +    { +        return $this->getHeader('X-Requested-With') === 'XMLHttpRequest'; +    } + +    /** +     * Check if the page is requested through HTTPS +     * +     * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS +     * +     * @access public +     * @return boolean +     */ +    public function isHTTPS() +    { +        return isset($this->server['HTTPS']) && $this->server['HTTPS'] !== '' && $this->server['HTTPS'] !== 'off'; +    } + +    /** +     * Get cookie value +     * +     * @access public +     * @param  string $name +     * @return string +     */ +    public function getCookie($name) +    { +        return isset($this->cookies[$name]) ? $this->cookies[$name] : ''; +    } + +    /** +     * Return a HTTP header value +     * +     * @access public +     * @param  string   $name   Header name +     * @return string +     */ +    public function getHeader($name) +    { +        $name = 'HTTP_'.str_replace('-', '_', strtoupper($name)); +        return $this->getServerVariable($name); +    } + +    /** +     * Get remote user +     * +     * @access public +     * @return string +     */ +    public function getRemoteUser() +    { +        return $this->getServerVariable(REVERSE_PROXY_USER_HEADER); +    } + +    /** +     * Returns query string +     * +     * @access public +     * @return string +     */ +    public function getQueryString() +    { +        return $this->getServerVariable('QUERY_STRING'); +    } + +    /** +     * Return URI +     * +     * @access public +     * @return string +     */ +    public function getUri() +    { +        return $this->getServerVariable('REQUEST_URI'); +    } + +    /** +     * Get the user agent +     * +     * @access public +     * @return string +     */ +    public function getUserAgent() +    { +        return empty($this->server['HTTP_USER_AGENT']) ? t('Unknown') : $this->server['HTTP_USER_AGENT']; +    } + +    /** +     * Get the IP address of the user +     * +     * @access public +     * @return string +     */ +    public function getIpAddress() +    { +        $keys = array( +            'HTTP_CLIENT_IP', +            'HTTP_X_FORWARDED_FOR', +            'HTTP_X_FORWARDED', +            'HTTP_X_CLUSTER_CLIENT_IP', +            'HTTP_FORWARDED_FOR', +            'HTTP_FORWARDED', +            'REMOTE_ADDR' +        ); + +        foreach ($keys as $key) { +            if ($this->getServerVariable($key) !== '') { +                foreach (explode(',', $this->server[$key]) as $ipAddress) { +                    return trim($ipAddress); +                } +            } +        } + +        return t('Unknown'); +    } + +    /** +     * Get start time +     * +     * @access public +     * @return float +     */ +    public function getStartTime() +    { +        return $this->getServerVariable('REQUEST_TIME_FLOAT') ?: 0; +    } + +    /** +     * Get server variable +     * +     * @access public +     * @param  string $variable +     * @return string +     */ +    public function getServerVariable($variable) +    { +        return isset($this->server[$variable]) ? $this->server[$variable] : ''; +    } +} diff --git a/app/Core/Response.php b/app/Core/Http/Response.php index 528a6302..d098f519 100644 --- a/app/Core/Response.php +++ b/app/Core/Http/Response.php @@ -1,14 +1,17 @@  <?php -namespace Kanboard\Core; +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; +use Kanboard\Core\Csv;  /**   * Response class   * - * @package  core + * @package  http   * @author   Frederic Guillot   */ -class Response +class Response extends Base  {      /**       * Send no cache headers @@ -44,6 +47,8 @@ class Response      public function forceDownload($filename)      {          header('Content-Disposition: attachment; filename="'.$filename.'"'); +        header('Content-Transfer-Encoding: binary'); +        header('Content-Type: application/octet-stream');      }      /** @@ -55,7 +60,7 @@ class Response      public function status($status_code)      {          header('Status: '.$status_code); -        header($_SERVER['SERVER_PROTOCOL'].' '.$status_code); +        header($this->request->getServerVariable('SERVER_PROTOCOL').' '.$status_code);      }      /** @@ -63,11 +68,12 @@ class Response       *       * @access public       * @param  string   $url   Redirection URL +     * @param  boolean  $self  If Ajax request and true: refresh the current page       */ -    public function redirect($url) +    public function redirect($url, $self = false)      { -        if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest') { -            header('X-Ajax-Redirect: '.$url); +        if ($this->request->isAjax()) { +            header('X-Ajax-Redirect: '.($self ? 'self' : $url));          } else {              header('Location: '.$url);          } @@ -215,7 +221,6 @@ class Response       */      public function csp(array $policies = array())      { -        $policies['default-src'] = "'self'";          $values = '';          foreach ($policies as $policy => $acl) { @@ -252,7 +257,7 @@ class Response       */      public function hsts()      { -        if (Request::isHTTPS()) { +        if ($this->request->isHTTPS()) {              header('Strict-Transport-Security: max-age=31536000');          }      } diff --git a/app/Core/Http/Route.php b/app/Core/Http/Route.php new file mode 100644 index 00000000..7836146d --- /dev/null +++ b/app/Core/Http/Route.php @@ -0,0 +1,187 @@ +<?php + +namespace Kanboard\Core\Http; + +use Kanboard\Core\Base; + +/** + * Route Handler + * + * @package http + * @author  Frederic Guillot + */ +class Route extends Base +{ +    /** +     * Flag that enable the routing table +     * +     * @access private +     * @var boolean +     */ +    private $activated = false; + +    /** +     * Store routes for path lookup +     * +     * @access private +     * @var array +     */ +    private $paths = array(); + +    /** +     * Store routes for url lookup +     * +     * @access private +     * @var array +     */ +    private $urls = array(); + +    /** +     * Enable routing table +     * +     * @access public +     * @return Route +     */ +    public function enable() +    { +        $this->activated = true; +        return $this; +    } + +    /** +     * Add route +     * +     * @access public +     * @param  string   $path +     * @param  string   $controller +     * @param  string   $action +     * @param  string   $plugin +     * @return Route +     */ +    public function addRoute($path, $controller, $action, $plugin = '') +    { +        if ($this->activated) { +            $path = ltrim($path, '/'); +            $items = explode('/', $path); +            $params = $this->findParams($items); + +            $this->paths[] = array( +                'items' => $items, +                'count' => count($items), +                'controller' => $controller, +                'action' => $action, +                'plugin' => $plugin, +            ); + +            $this->urls[$plugin][$controller][$action][] = array( +                'path' => $path, +                'params' => $params, +                'count' => count($params), +            ); +        } + +        return $this; +    } + +    /** +     * Find a route according to the given path +     * +     * @access public +     * @param  string   $path +     * @return array +     */ +    public function findRoute($path) +    { +        $items = explode('/', ltrim($path, '/')); +        $count = count($items); + +        foreach ($this->paths as $route) { +            if ($count === $route['count']) { +                $params = array(); + +                for ($i = 0; $i < $count; $i++) { +                    if ($route['items'][$i]{0} === ':') { +                        $params[substr($route['items'][$i], 1)] = $items[$i]; +                    } elseif ($route['items'][$i] !== $items[$i]) { +                        break; +                    } +                } + +                if ($i === $count) { +                    $this->request->setParams($params); +                    return array( +                        'controller' => $route['controller'], +                        'action' => $route['action'], +                        'plugin' => $route['plugin'], +                    ); +                } +            } +        } + +        return array( +            'controller' => 'app', +            'action' => 'index', +            'plugin' => '', +        ); +    } + +    /** +     * Find route url +     * +     * @access public +     * @param  string   $controller +     * @param  string   $action +     * @param  array    $params +     * @param  string   $plugin +     * @return string +     */ +    public function findUrl($controller, $action, array $params = array(), $plugin = '') +    { +        if ($plugin === '' && isset($params['plugin'])) { +            $plugin = $params['plugin']; +            unset($params['plugin']); +        } + +        if (! isset($this->urls[$plugin][$controller][$action])) { +            return ''; +        } + +        foreach ($this->urls[$plugin][$controller][$action] as $route) { +            if (array_diff_key($params, $route['params']) === array()) { +                $url = $route['path']; +                $i = 0; + +                foreach ($params as $variable => $value) { +                    $url = str_replace(':'.$variable, $value, $url); +                    $i++; +                } + +                if ($i === $route['count']) { +                    return $url; +                } +            } +        } + +        return ''; +    } + +    /** +     * Find url params +     * +     * @access public +     * @param  array $items +     * @return array +     */ +    public function findParams(array $items) +    { +        $params = array(); + +        foreach ($items as $item) { +            if ($item !== '' && $item{0} === ':') { +                $params[substr($item, 1)] = true; +            } +        } + +        return $params; +    } +} diff --git a/app/Core/Http/Router.php b/app/Core/Http/Router.php new file mode 100644 index 00000000..0fe80ecc --- /dev/null +++ b/app/Core/Http/Router.php @@ -0,0 +1,169 @@ +<?php + +namespace Kanboard\Core\Http; + +use RuntimeException; +use Kanboard\Core\Base; + +/** + * Route Dispatcher + * + * @package http + * @author  Frederic Guillot + */ +class Router extends Base +{ +    /** +     * Plugin name +     * +     * @access private +     * @var string +     */ +    private $plugin = ''; + +    /** +     * Controller +     * +     * @access private +     * @var string +     */ +    private $controller = ''; + +    /** +     * Action +     * +     * @access private +     * @var string +     */ +    private $action = ''; + +    /** +     * Get plugin name +     * +     * @access public +     * @return string +     */ +    public function getPlugin() +    { +        return $this->plugin; +    } + +    /** +     * Get controller +     * +     * @access public +     * @return string +     */ +    public function getController() +    { +        return $this->controller; +    } + +    /** +     * Get action +     * +     * @access public +     * @return string +     */ +    public function getAction() +    { +        return $this->action; +    } + +    /** +     * Get the path to compare patterns +     * +     * @access public +     * @return string +     */ +    public function getPath() +    { +        $path = substr($this->request->getUri(), strlen($this->helper->url->dir())); + +        if ($this->request->getQueryString() !== '') { +            $path = substr($path, 0, - strlen($this->request->getQueryString()) - 1); +        } + +        if ($path !== '' && $path{0} === '/') { +            $path = substr($path, 1); +        } + +        return $path; +    } + +    /** +     * Find controller/action from the route table or from get arguments +     * +     * @access public +     */ +    public function dispatch() +    { +        $controller = $this->request->getStringParam('controller'); +        $action = $this->request->getStringParam('action'); +        $plugin = $this->request->getStringParam('plugin'); + +        if ($controller === '') { +            $route = $this->route->findRoute($this->getPath()); +            $controller = $route['controller']; +            $action = $route['action']; +            $plugin = $route['plugin']; +        } + +        $this->controller = ucfirst($this->sanitize($controller, 'app')); +        $this->action = $this->sanitize($action, 'index'); +        $this->plugin = ucfirst($this->sanitize($plugin)); + +        return $this->executeAction(); +    } + +    /** +     * Check controller and action parameter +     * +     * @access public +     * @param  string $value +     * @param  string $default +     * @return string +     */ +    public function sanitize($value, $default = '') +    { +        return preg_match('/^[a-zA-Z_0-9]+$/', $value) ? $value : $default; +    } + +    /** +     * Execute controller action +     * +     * @access private +     */ +    private function executeAction() +    { +        $class = $this->getControllerClassName(); + +        if (! class_exists($class)) { +            throw new RuntimeException('Controller not found'); +        } + +        if (! method_exists($class, $this->action)) { +            throw new RuntimeException('Action not implemented'); +        } + +        $instance = new $class($this->container); +        $instance->beforeAction(); +        $instance->{$this->action}(); +        return $instance; +    } + +    /** +     * Get controller class name +     * +     * @access private +     * @return string +     */ +    private function getControllerClassName() +    { +        if ($this->plugin !== '') { +            return '\Kanboard\Plugin\\'.$this->plugin.'\Controller\\'.$this->controller; +        } + +        return '\Kanboard\Controller\\'.$this->controller; +    } +} diff --git a/app/Core/Ldap/Client.php b/app/Core/Ldap/Client.php new file mode 100644 index 00000000..63149ae3 --- /dev/null +++ b/app/Core/Ldap/Client.php @@ -0,0 +1,165 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use LogicException; + +/** + * LDAP Client + * + * @package ldap + * @author  Frederic Guillot + */ +class Client +{ +    /** +     * LDAP resource +     * +     * @access protected +     * @var resource +     */ +    protected $ldap; + +    /** +     * Establish LDAP connection +     * +     * @static +     * @access public +     * @param  string $username +     * @param  string $password +     * @return Client +     */ +    public static function connect($username = null, $password = null) +    { +        $client = new self; +        $client->open($client->getLdapServer()); +        $username = $username ?: $client->getLdapUsername(); +        $password = $password ?: $client->getLdapPassword(); + +        if (empty($username) && empty($password)) { +            $client->useAnonymousAuthentication(); +        } else { +            $client->authenticate($username, $password); +        } + +        return $client; +    } + +    /** +     * Get server connection +     * +     * @access public +     * @return resource +     */ +    public function getConnection() +    { +        return $this->ldap; +    } + +    /** +     * Establish server connection +     * +     * @access public +     * @param  string   $server  LDAP server hostname or IP +     * @param  integer  $port    LDAP port +     * @param  boolean  $tls     Start TLS +     * @param  boolean  $verify  Skip SSL certificate verification +     * @return Client +     */ +    public function open($server, $port = LDAP_PORT, $tls = LDAP_START_TLS, $verify = LDAP_SSL_VERIFY) +    { +        if (! function_exists('ldap_connect')) { +            throw new ClientException('LDAP: The PHP LDAP extension is required'); +        } + +        if (! $verify) { +            putenv('LDAPTLS_REQCERT=never'); +        } + +        $this->ldap = ldap_connect($server, $port); + +        if ($this->ldap === false) { +            throw new ClientException('LDAP: Unable to connect to the LDAP server'); +        } + +        ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3); +        ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, 0); +        ldap_set_option($this->ldap, LDAP_OPT_NETWORK_TIMEOUT, 1); +        ldap_set_option($this->ldap, LDAP_OPT_TIMELIMIT, 1); + +        if ($tls && ! @ldap_start_tls($this->ldap)) { +            throw new ClientException('LDAP: Unable to start TLS'); +        } + +        return $this; +    } + +    /** +     * Anonymous authentication +     * +     * @access public +     * @return boolean +     */ +    public function useAnonymousAuthentication() +    { +        if (! @ldap_bind($this->ldap)) { +            throw new ClientException('Unable to perform anonymous binding'); +        } + +        return true; +    } + +    /** +     * Authentication with username/password +     * +     * @access public +     * @param  string  $bind_rdn +     * @param  string  $bind_password +     * @return boolean +     */ +    public function authenticate($bind_rdn, $bind_password) +    { +        if (! @ldap_bind($this->ldap, $bind_rdn, $bind_password)) { +            throw new ClientException('LDAP authentication failure for "'.$bind_rdn.'"'); +        } + +        return true; +    } + +    /** +     * Get LDAP server name +     * +     * @access public +     * @return string +     */ +    public function getLdapServer() +    { +        if (! LDAP_SERVER) { +            throw new LogicException('LDAP server not configured, check the parameter LDAP_SERVER'); +        } + +        return LDAP_SERVER; +    } + +    /** +     * Get LDAP username (proxy auth) +     * +     * @access public +     * @return string +     */ +    public function getLdapUsername() +    { +        return LDAP_USERNAME; +    } + +    /** +     * Get LDAP password (proxy auth) +     * +     * @access public +     * @return string +     */ +    public function getLdapPassword() +    { +        return LDAP_PASSWORD; +    } +} diff --git a/app/Core/Ldap/ClientException.php b/app/Core/Ldap/ClientException.php new file mode 100644 index 00000000..a0f9f842 --- /dev/null +++ b/app/Core/Ldap/ClientException.php @@ -0,0 +1,15 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use Exception; + +/** + * LDAP Client Exception + * + * @package ldap + * @author  Frederic Guillot + */ +class ClientException extends Exception +{ +} diff --git a/app/Core/Ldap/Entries.php b/app/Core/Ldap/Entries.php new file mode 100644 index 00000000..0e779342 --- /dev/null +++ b/app/Core/Ldap/Entries.php @@ -0,0 +1,63 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Entries + * + * @package ldap + * @author  Frederic Guillot + */ +class Entries +{ +    /** +     * LDAP entries +     * +     * @access protected +     * @var array +     */ +    protected $entries = array(); + +    /** +     * Constructor +     * +     * @access public +     * @param  array $entries +     */ +    public function __construct(array $entries) +    { +        $this->entries = $entries; +    } + +    /** +     * Get all entries +     * +     * @access public +     * @return Entry[] +     */ +    public function getAll() +    { +        $entities = array(); + +        if (! isset($this->entries['count'])) { +            return $entities; +        } + +        for ($i = 0; $i < $this->entries['count']; $i++) { +            $entities[] = new Entry($this->entries[$i]); +        } + +        return $entities; +    } + +    /** +     * Get first entry +     * +     * @access public +     * @return Entry +     */ +    public function getFirstEntry() +    { +        return new Entry(isset($this->entries[0]) ? $this->entries[0] : array()); +    } +} diff --git a/app/Core/Ldap/Entry.php b/app/Core/Ldap/Entry.php new file mode 100644 index 00000000..0b99a58b --- /dev/null +++ b/app/Core/Ldap/Entry.php @@ -0,0 +1,91 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Entry + * + * @package ldap + * @author  Frederic Guillot + */ +class Entry +{ +    /** +     * LDAP entry +     * +     * @access protected +     * @var array +     */ +    protected $entry = array(); + +    /** +     * Constructor +     * +     * @access public +     * @param  array $entry +     */ +    public function __construct(array $entry) +    { +        $this->entry = $entry; +    } + +    /** +     * Get all attribute values +     * +     * @access public +     * @param  string  $attribute +     * @return string[] +     */ +    public function getAll($attribute) +    { +        $attributes = array(); + +        if (! isset($this->entry[$attribute]['count'])) { +            return $attributes; +        } + +        for ($i = 0; $i < $this->entry[$attribute]['count']; $i++) { +            $attributes[] = $this->entry[$attribute][$i]; +        } + +        return $attributes; +    } + +    /** +     * Get first attribute value +     * +     * @access public +     * @param  string  $attribute +     * @param  string  $default +     * @return string +     */ +    public function getFirstValue($attribute, $default = '') +    { +        return isset($this->entry[$attribute][0]) ? $this->entry[$attribute][0] : $default; +    } + +    /** +     * Get entry distinguished name +     * +     * @access public +     * @return string +     */ +    public function getDn() +    { +        return isset($this->entry['dn']) ? $this->entry['dn'] : ''; +    } + +    /** +     * Return true if the given value exists in attribute list +     * +     * @access public +     * @param  string  $attribute +     * @param  string  $value +     * @return boolean +     */ +    public function hasValue($attribute, $value) +    { +        $attributes = $this->getAll($attribute); +        return in_array($value, $attributes); +    } +} diff --git a/app/Core/Ldap/Group.php b/app/Core/Ldap/Group.php new file mode 100644 index 00000000..634d47ee --- /dev/null +++ b/app/Core/Ldap/Group.php @@ -0,0 +1,131 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use LogicException; +use Kanboard\Group\LdapGroupProvider; + +/** + * LDAP Group Finder + * + * @package ldap + * @author  Frederic Guillot + */ +class Group +{ +    /** +     * Query +     * +     * @access protected +     * @var Query +     */ +    protected $query; + +    /** +     * Constructor +     * +     * @access public +     * @param  Query   $query +     */ +    public function __construct(Query $query) +    { +        $this->query = $query; +    } + +    /** +     * Get groups +     * +     * @static +     * @access public +     * @param  Client    $client +     * @param  string    $query +     * @return array +     */ +    public static function getGroups(Client $client, $query) +    { +        $className = get_called_class(); +        $self = new $className(new Query($client)); +        return $self->find($query); +    } + +    /** +     * Find groups +     * +     * @access public +     * @param  string    $query +     * @return array +     */ +    public function find($query) +    { +        $this->query->execute($this->getBasDn(), $query, $this->getAttributes()); +        $groups = array(); + +        if ($this->query->hasResult()) { +            $groups = $this->build(); +        } + +        return $groups; +    } + +    /** +     * Build groups list +     * +     * @access protected +     * @return array +     */ +    protected function build() +    { +        $groups = array(); + +        foreach ($this->query->getEntries()->getAll() as $entry) { +            $groups[] = new LdapGroupProvider($entry->getDn(), $entry->getFirstValue($this->getAttributeName())); +        } + +        return $groups; +    } + +    /** +     * Ge the list of attributes to fetch when reading the LDAP group entry +     * +     * Must returns array with index that start at 0 otherwise ldap_search returns a warning "Array initialization wrong" +     * +     * @access public +     * @return array +     */ +    public function getAttributes() +    { +        return array_values(array_filter(array( +            $this->getAttributeName(), +        ))); +    } + +    /** +     * Get LDAP group name attribute +     * +     * @access public +     * @return string +     */ +    public function getAttributeName() +    { +        if (! LDAP_GROUP_ATTRIBUTE_NAME) { +            throw new LogicException('LDAP full name attribute empty, check the parameter LDAP_GROUP_ATTRIBUTE_NAME'); +        } + +        return LDAP_GROUP_ATTRIBUTE_NAME; +    } + +    /** +     * Get LDAP group base DN +     * +     * @access public +     * @return string +     */ +    public function getBasDn() +    { +        if (! LDAP_GROUP_BASE_DN) { +            throw new LogicException('LDAP group base DN empty, check the parameter LDAP_GROUP_BASE_DN'); +        } + +        return LDAP_GROUP_BASE_DN; +    } +} diff --git a/app/Core/Ldap/Query.php b/app/Core/Ldap/Query.php new file mode 100644 index 00000000..e03495ec --- /dev/null +++ b/app/Core/Ldap/Query.php @@ -0,0 +1,87 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Query + * + * @package ldap + * @author  Frederic Guillot + */ +class Query +{ +    /** +     * LDAP client +     * +     * @access protected +     * @var Client +     */ +    protected $client = null; + +    /** +     * Query result +     * +     * @access protected +     * @var array +     */ +    protected $entries = array(); + +    /** +     * Constructor +     * +     * @access public +     * @param  Client $client +     */ +    public function __construct(Client $client) +    { +        $this->client = $client; +    } + +    /** +     * Execute query +     * +     * @access public +     * @param  string    $baseDn +     * @param  string    $filter +     * @param  array     $attributes +     * @return Query +     */ +    public function execute($baseDn, $filter, array $attributes) +    { +        $sr = ldap_search($this->client->getConnection(), $baseDn, $filter, $attributes); +        if ($sr === false) { +            return $this; +        } + +        $entries = ldap_get_entries($this->client->getConnection(), $sr); +        if ($entries === false || count($entries) === 0 || $entries['count'] == 0) { +            return $this; +        } + +        $this->entries = $entries; + +        return $this; +    } + +    /** +     * Return true if the query returned a result +     * +     * @access public +     * @return boolean +     */ +    public function hasResult() +    { +        return ! empty($this->entries); +    } + +    /** +     * Get LDAP Entries +     * +     * @access public +     * @return Entities +     */ +    public function getEntries() +    { +        return new Entries($this->entries); +    } +} diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php new file mode 100644 index 00000000..d36d6f34 --- /dev/null +++ b/app/Core/Ldap/User.php @@ -0,0 +1,224 @@ +<?php + +namespace Kanboard\Core\Ldap; + +use LogicException; +use Kanboard\Core\Security\Role; +use Kanboard\User\LdapUserProvider; + +/** + * LDAP User Finder + * + * @package ldap + * @author  Frederic Guillot + */ +class User +{ +    /** +     * Query +     * +     * @access protected +     * @var Query +     */ +    protected $query; + +    /** +     * Constructor +     * +     * @access public +     * @param  Query   $query +     */ +    public function __construct(Query $query) +    { +        $this->query = $query; +    } + +    /** +     * Get user profile +     * +     * @static +     * @access public +     * @param  Client    $client +     * @param  string    $username +     * @return LdapUserProvider +     */ +    public static function getUser(Client $client, $username) +    { +        $className = get_called_class(); +        $self = new $className(new Query($client)); +        return $self->find($self->getLdapUserPattern($username)); +    } + +    /** +     * Find user +     * +     * @access public +     * @param  string    $query +     * @return null|LdapUserProvider +     */ +    public function find($query) +    { +        $this->query->execute($this->getBasDn(), $query, $this->getAttributes()); +        $user = null; + +        if ($this->query->hasResult()) { +            $user = $this->build(); +        } + +        return $user; +    } + +    /** +     * Build user profile +     * +     * @access protected +     * @return LdapUserProvider +     */ +    protected function build() +    { +        $entry = $this->query->getEntries()->getFirstEntry(); +        $role = Role::APP_USER; + +        if ($entry->hasValue($this->getAttributeGroup(), $this->getGroupAdminDn())) { +            $role = Role::APP_ADMIN; +        } elseif ($entry->hasValue($this->getAttributeGroup(), $this->getGroupManagerDn())) { +            $role = Role::APP_MANAGER; +        } + +        return new LdapUserProvider( +            $entry->getDn(), +            $entry->getFirstValue($this->getAttributeUsername()), +            $entry->getFirstValue($this->getAttributeName()), +            $entry->getFirstValue($this->getAttributeEmail()), +            $role, +            $entry->getAll($this->getAttributeGroup()) +        ); +    } + +    /** +     * Ge the list of attributes to fetch when reading the LDAP user entry +     * +     * Must returns array with index that start at 0 otherwise ldap_search returns a warning "Array initialization wrong" +     * +     * @access public +     * @return array +     */ +    public function getAttributes() +    { +        return array_values(array_filter(array( +            $this->getAttributeUsername(), +            $this->getAttributeName(), +            $this->getAttributeEmail(), +            $this->getAttributeGroup(), +        ))); +    } + +    /** +     * Get LDAP account id attribute +     * +     * @access public +     * @return string +     */ +    public function getAttributeUsername() +    { +        if (! LDAP_USER_ATTRIBUTE_USERNAME) { +            throw new LogicException('LDAP username attribute empty, check the parameter LDAP_USER_ATTRIBUTE_USERNAME'); +        } + +        return LDAP_USER_ATTRIBUTE_USERNAME; +    } + +    /** +     * Get LDAP user name attribute +     * +     * @access public +     * @return string +     */ +    public function getAttributeName() +    { +        if (! LDAP_USER_ATTRIBUTE_FULLNAME) { +            throw new LogicException('LDAP full name attribute empty, check the parameter LDAP_USER_ATTRIBUTE_FULLNAME'); +        } + +        return LDAP_USER_ATTRIBUTE_FULLNAME; +    } + +    /** +     * Get LDAP account email attribute +     * +     * @access public +     * @return string +     */ +    public function getAttributeEmail() +    { +        if (! LDAP_USER_ATTRIBUTE_EMAIL) { +            throw new LogicException('LDAP email attribute empty, check the parameter LDAP_USER_ATTRIBUTE_EMAIL'); +        } + +        return LDAP_USER_ATTRIBUTE_EMAIL; +    } + +    /** +     * Get LDAP account memberof attribute +     * +     * @access public +     * @return string +     */ +    public function getAttributeGroup() +    { +        return LDAP_USER_ATTRIBUTE_GROUPS; +    } + +    /** +     * Get LDAP admin group DN +     * +     * @access public +     * @return string +     */ +    public function getGroupAdminDn() +    { +        return LDAP_GROUP_ADMIN_DN; +    } + +    /** +     * Get LDAP application manager group DN +     * +     * @access public +     * @return string +     */ +    public function getGroupManagerDn() +    { +        return LDAP_GROUP_MANAGER_DN; +    } + +    /** +     * Get LDAP user base DN +     * +     * @access public +     * @return string +     */ +    public function getBasDn() +    { +        if (! LDAP_USER_BASE_DN) { +            throw new LogicException('LDAP user base DN empty, check the parameter LDAP_USER_BASE_DN'); +        } + +        return LDAP_USER_BASE_DN; +    } + +    /** +     * Get LDAP user pattern +     * +     * @access public +     * @param  string  $username +     * @return string +     */ +    public function getLdapUserPattern($username) +    { +        if (! LDAP_USER_FILTER) { +            throw new LogicException('LDAP user filter empty, check the parameter LDAP_USER_FILTER'); +        } + +        return sprintf(LDAP_USER_FILTER, $username); +    } +} diff --git a/app/Core/Lexer.php b/app/Core/Lexer.php index ca2ef895..df2d90ae 100644 --- a/app/Core/Lexer.php +++ b/app/Core/Lexer.php @@ -39,6 +39,7 @@ class Lexer          "/^(swimlane:)/"                                 => 'T_SWIMLANE',          "/^(ref:)/"                                      => 'T_REFERENCE',          "/^(reference:)/"                                => 'T_REFERENCE', +        "/^(link:)/"                                     => 'T_LINK',          "/^(\s+)/"                                       => 'T_WHITESPACE',          '/^([<=>]{0,2}[0-9]{4}-[0-9]{2}-[0-9]{2})/'      => 'T_DATE',          '/^(yesterday|tomorrow|today)/'                  => 'T_DATE', @@ -118,6 +119,7 @@ class Lexer                  case 'T_COLUMN':                  case 'T_PROJECT':                  case 'T_SWIMLANE': +                case 'T_LINK':                      $next = next($tokens);                      if ($next !== false && $next['token'] === 'T_STRING') { diff --git a/app/Core/Mail/Client.php b/app/Core/Mail/Client.php index 52caef73..e1f31696 100644 --- a/app/Core/Mail/Client.php +++ b/app/Core/Mail/Client.php @@ -45,19 +45,21 @@ class Client extends Base       */      public function send($email, $name, $subject, $html)      { -        $this->container['logger']->debug('Sending email to '.$email.' ('.MAIL_TRANSPORT.')'); +        if (! empty($email)) { +            $this->logger->debug('Sending email to '.$email.' ('.MAIL_TRANSPORT.')'); -        $start_time = microtime(true); -        $author = 'Kanboard'; +            $start_time = microtime(true); +            $author = 'Kanboard'; -        if ($this->userSession->isLogged()) { -            $author = e('%s via Kanboard', $this->user->getFullname($this->session['user'])); -        } +            if ($this->userSession->isLogged()) { +                $author = e('%s via Kanboard', $this->helper->user->getFullname()); +            } -        $this->getTransport(MAIL_TRANSPORT)->sendEmail($email, $name, $subject, $html, $author); +            $this->getTransport(MAIL_TRANSPORT)->sendEmail($email, $name, $subject, $html, $author); -        if (DEBUG) { -            $this->logger->debug('Email sent in '.round(microtime(true) - $start_time, 6).' seconds'); +            if (DEBUG) { +                $this->logger->debug('Email sent in '.round(microtime(true) - $start_time, 6).' seconds'); +            }          }          return $this; diff --git a/app/Core/Mail/Transport/Mail.php b/app/Core/Mail/Transport/Mail.php index 4d833f8f..aff3ee20 100644 --- a/app/Core/Mail/Transport/Mail.php +++ b/app/Core/Mail/Transport/Mail.php @@ -46,7 +46,7 @@ class Mail extends Base implements ClientInterface       * Get SwiftMailer transport       *       * @access protected -     * @return \Swift_Transport +     * @return \Swift_Transport|\Swift_MailTransport|\Swift_SmtpTransport|\Swift_SendmailTransport       */      protected function getTransport()      { diff --git a/app/Core/Mail/Transport/Sendmail.php b/app/Core/Mail/Transport/Sendmail.php index 849e3385..039be705 100644 --- a/app/Core/Mail/Transport/Sendmail.php +++ b/app/Core/Mail/Transport/Sendmail.php @@ -16,7 +16,7 @@ class Sendmail extends Mail       * Get SwiftMailer transport       *       * @access protected -     * @return \Swift_Transport +     * @return \Swift_Transport|\Swift_MailTransport|\Swift_SmtpTransport|\Swift_SendmailTransport       */      protected function getTransport()      { diff --git a/app/Core/Mail/Transport/Smtp.php b/app/Core/Mail/Transport/Smtp.php index 757408ea..66f0a3aa 100644 --- a/app/Core/Mail/Transport/Smtp.php +++ b/app/Core/Mail/Transport/Smtp.php @@ -16,7 +16,7 @@ class Smtp extends Mail       * Get SwiftMailer transport       *       * @access protected -     * @return \Swift_Transport +     * @return \Swift_Transport|\Swift_MailTransport|\Swift_SmtpTransport|\Swift_SendmailTransport       */      protected function getTransport()      { diff --git a/app/Core/Markdown.php b/app/Core/Markdown.php index f08c486a..827fd0df 100644 --- a/app/Core/Markdown.php +++ b/app/Core/Markdown.php @@ -3,7 +3,7 @@  namespace Kanboard\Core;  use Parsedown; -use Kanboard\Helper\Url; +use Pimple\Container;  /**   * Specific Markdown rules for Kanboard @@ -14,22 +14,51 @@ use Kanboard\Helper\Url;   */  class Markdown extends Parsedown  { -    private $link; -    private $helper; +    /** +     * Link params for tasks +     * +     * @access private +     * @var array +     */ +    private $link = array(); -    public function __construct($link, Url $helper) +    /** +     * Container +     * +     * @access private +     * @var Container +     */ +    private $container; + +    /** +     * Constructor +     * +     * @access public +     * @param  Container  $container +     * @param  array      $link +     */ +    public function __construct(Container $container, array $link)      {          $this->link = $link; -        $this->helper = $helper; +        $this->container = $container;          $this->InlineTypes['#'][] = 'TaskLink'; -        $this->inlineMarkerList .= '#'; +        $this->InlineTypes['@'][] = 'UserLink'; +        $this->inlineMarkerList .= '#@';      } -    protected function inlineTaskLink($Excerpt) +    /** +     * Handle Task Links +     * +     * Replace "#123" by a link to the task +     * +     * @access public +     * @param  array  $Excerpt +     * @return array +     */ +    protected function inlineTaskLink(array $Excerpt)      { -        // Replace task #123 by a link to the task          if (! empty($this->link) && preg_match('!#(\d+)!i', $Excerpt['text'], $matches)) { -            $url = $this->helper->href( +            $url = $this->container['helper']->url->href(                  $this->link['controller'],                  $this->link['action'],                  $this->link['params'] + array('task_id' => $matches[1]) @@ -40,7 +69,38 @@ class Markdown extends Parsedown                  'element' => array(                      'name' => 'a',                      'text' => $matches[0], -                    'attributes' => array('href' => $url))); +                    'attributes' => array('href' => $url) +                ), +            ); +        } +    } + +    /** +     * Handle User Mentions +     * +     * Replace "@username" by a link to the user +     * +     * @access public +     * @param  array  $Excerpt +     * @return array +     */ +    protected function inlineUserLink(array $Excerpt) +    { +        if (preg_match('/^@([^\s]+)/', $Excerpt['text'], $matches)) { +            $user_id = $this->container['user']->getIdByUsername($matches[1]); + +            if (! empty($user_id)) { +                $url = $this->container['helper']->url->href('user', 'profile', array('user_id' => $user_id)); + +                return array( +                    'extent' => strlen($matches[0]), +                    'element' => array( +                        'name' => 'a', +                        'text' => $matches[0], +                        'attributes' => array('href' => $url, 'class' => 'user-mention-link'), +                    ), +                ); +            }          }      }  } diff --git a/app/Core/Plugin/Loader.php b/app/Core/Plugin/Loader.php index 4769e5cb..530d9b40 100644 --- a/app/Core/Plugin/Loader.php +++ b/app/Core/Plugin/Loader.php @@ -4,6 +4,7 @@ namespace Kanboard\Core\Plugin;  use DirectoryIterator;  use PDOException; +use LogicException;  use RuntimeException;  use Kanboard\Core\Tool; @@ -59,6 +60,11 @@ class Loader extends \Kanboard\Core\Base      public function load($plugin)      {          $class = '\Kanboard\Plugin\\'.$plugin.'\\Plugin'; + +        if (! class_exists($class)) { +            throw new LogicException('Unable to load this plugin class '.$class); +        } +          $instance = new $class($this->container);          Tool::buildDic($this->container, $instance->getClasses()); diff --git a/app/Core/Request.php b/app/Core/Request.php deleted file mode 100644 index 5eda2d02..00000000 --- a/app/Core/Request.php +++ /dev/null @@ -1,240 +0,0 @@ -<?php - -namespace Kanboard\Core; - -/** - * Request class - * - * @package  core - * @author   Frederic Guillot - */ -class Request -{ -    /** -     * Get URL string parameter -     * -     * @access public -     * @param  string   $name            Parameter name -     * @param  string   $default_value   Default value -     * @return string -     */ -    public function getStringParam($name, $default_value = '') -    { -        return isset($_GET[$name]) ? $_GET[$name] : $default_value; -    } - -    /** -     * Get URL integer parameter -     * -     * @access public -     * @param  string   $name            Parameter name -     * @param  integer  $default_value   Default value -     * @return integer -     */ -    public function getIntegerParam($name, $default_value = 0) -    { -        return isset($_GET[$name]) && ctype_digit($_GET[$name]) ? (int) $_GET[$name] : $default_value; -    } - -    /** -     * Get a form value -     * -     * @access public -     * @param  string    $name   Form field name -     * @return string|null -     */ -    public function getValue($name) -    { -        $values = $this->getValues(); -        return isset($values[$name]) ? $values[$name] : null; -    } - -    /** -     * Get form values and check for CSRF token -     * -     * @access public -     * @return array -     */ -    public function getValues() -    { -        if (! empty($_POST) && Security::validateCSRFFormToken($_POST)) { -            return $_POST; -        } - -        return array(); -    } - -    /** -     * Get the raw body of the HTTP request -     * -     * @access public -     * @return string -     */ -    public function getBody() -    { -        return file_get_contents('php://input'); -    } - -    /** -     * Get the Json request body -     * -     * @access public -     * @return array -     */ -    public function getJson() -    { -        return json_decode($this->getBody(), true) ?: array(); -    } - -    /** -     * Get the content of an uploaded file -     * -     * @access public -     * @param  string   $name   Form file name -     * @return string -     */ -    public function getFileContent($name) -    { -        if (isset($_FILES[$name])) { -            return file_get_contents($_FILES[$name]['tmp_name']); -        } - -        return ''; -    } - -    /** -     * Get the path of an uploaded file -     * -     * @access public -     * @param  string   $name   Form file name -     * @return string -     */ -    public function getFilePath($name) -    { -        return isset($_FILES[$name]['tmp_name']) ? $_FILES[$name]['tmp_name'] : ''; -    } - -    /** -     * Return true if the HTTP request is sent with the POST method -     * -     * @access public -     * @return bool -     */ -    public function isPost() -    { -        return isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST'; -    } - -    /** -     * Return true if the HTTP request is an Ajax request -     * -     * @access public -     * @return bool -     */ -    public function isAjax() -    { -        return $this->getHeader('X-Requested-With') === 'XMLHttpRequest'; -    } - -    /** -     * Check if the page is requested through HTTPS -     * -     * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS -     * -     * @static -     * @access public -     * @return boolean -     */ -    public static function isHTTPS() -    { -        return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off'; -    } - -    /** -     * Return a HTTP header value -     * -     * @access public -     * @param  string   $name   Header name -     * @return string -     */ -    public function getHeader($name) -    { -        $name = 'HTTP_'.str_replace('-', '_', strtoupper($name)); -        return isset($_SERVER[$name]) ? $_SERVER[$name] : ''; -    } - -    /** -     * Returns current request's query string, useful for redirecting -     * -     * @access public -     * @return string -     */ -    public function getQueryString() -    { -        return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; -    } - -    /** -     * Returns uri -     * -     * @access public -     * @return string -     */ -    public function getUri() -    { -        return isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; -    } - -    /** -     * Get the user agent -     * -     * @static -     * @access public -     * @return string -     */ -    public static function getUserAgent() -    { -        return empty($_SERVER['HTTP_USER_AGENT']) ? t('Unknown') : $_SERVER['HTTP_USER_AGENT']; -    } - -    /** -     * Get the real IP address of the user -     * -     * @static -     * @access public -     * @param  bool    $only_public   Return only public IP address -     * @return string -     */ -    public static function getIpAddress($only_public = false) -    { -        $keys = array( -            'HTTP_CLIENT_IP', -            'HTTP_X_FORWARDED_FOR', -            'HTTP_X_FORWARDED', -            'HTTP_X_CLUSTER_CLIENT_IP', -            'HTTP_FORWARDED_FOR', -            'HTTP_FORWARDED', -            'REMOTE_ADDR' -        ); - -        foreach ($keys as $key) { -            if (isset($_SERVER[$key])) { -                foreach (explode(',', $_SERVER[$key]) as $ip_address) { -                    $ip_address = trim($ip_address); - -                    if ($only_public) { - -                        // Return only public IP address -                        if (filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { -                            return $ip_address; -                        } -                    } else { -                        return $ip_address; -                    } -                } -            } -        } - -        return t('Unknown'); -    } -} diff --git a/app/Core/Router.php b/app/Core/Router.php deleted file mode 100644 index 843f5139..00000000 --- a/app/Core/Router.php +++ /dev/null @@ -1,229 +0,0 @@ -<?php - -namespace Kanboard\Core; - -use RuntimeException; - -/** - * Router class - * - * @package core - * @author  Frederic Guillot - */ -class Router extends Base -{ -    /** -     * Controller -     * -     * @access private -     * @var string -     */ -    private $controller = ''; - -    /** -     * Action -     * -     * @access private -     * @var string -     */ -    private $action = ''; - -    /** -     * Store routes for path lookup -     * -     * @access private -     * @var array -     */ -    private $paths = array(); - -    /** -     * Store routes for url lookup -     * -     * @access private -     * @var array -     */ -    private $urls = array(); - -    /** -     * Get action -     * -     * @access public -     * @return string -     */ -    public function getAction() -    { -        return $this->action; -    } - -    /** -     * Get controller -     * -     * @access public -     * @return string -     */ -    public function getController() -    { -        return $this->controller; -    } - -    /** -     * Get the path to compare patterns -     * -     * @access public -     * @param  string  $uri -     * @param  string  $query_string -     * @return string -     */ -    public function getPath($uri, $query_string = '') -    { -        $path = substr($uri, strlen($this->helper->url->dir())); - -        if (! empty($query_string)) { -            $path = substr($path, 0, - strlen($query_string) - 1); -        } - -        if (! empty($path) && $path{0} === '/') { -            $path = substr($path, 1); -        } - -        return $path; -    } - -    /** -     * Add route -     * -     * @access public -     * @param  string   $path -     * @param  string   $controller -     * @param  string   $action -     * @param  array    $params -     */ -    public function addRoute($path, $controller, $action, array $params = array()) -    { -        $pattern = explode('/', $path); - -        $this->paths[] = array( -            'pattern' => $pattern, -            'count' => count($pattern), -            'controller' => $controller, -            'action' => $action, -        ); - -        $this->urls[$controller][$action][] = array( -            'path' => $path, -            'params' => array_flip($params), -            'count' => count($params), -        ); -    } - -    /** -     * Find a route according to the given path -     * -     * @access public -     * @param  string   $path -     * @return array -     */ -    public function findRoute($path) -    { -        $parts = explode('/', $path); -        $count = count($parts); - -        foreach ($this->paths as $route) { -            if ($count === $route['count']) { -                $params = array(); - -                for ($i = 0; $i < $count; $i++) { -                    if ($route['pattern'][$i]{0} === ':') { -                        $params[substr($route['pattern'][$i], 1)] = $parts[$i]; -                    } elseif ($route['pattern'][$i] !== $parts[$i]) { -                        break; -                    } -                } - -                if ($i === $count) { -                    $_GET = array_merge($_GET, $params); -                    return array($route['controller'], $route['action']); -                } -            } -        } - -        return array('app', 'index'); -    } - -    /** -     * Find route url -     * -     * @access public -     * @param  string   $controller -     * @param  string   $action -     * @param  array    $params -     * @return string -     */ -    public function findUrl($controller, $action, array $params = array()) -    { -        if (! isset($this->urls[$controller][$action])) { -            return ''; -        } - -        foreach ($this->urls[$controller][$action] as $pattern) { -            if (array_diff_key($params, $pattern['params']) === array()) { -                $url = $pattern['path']; -                $i = 0; - -                foreach ($params as $variable => $value) { -                    $url = str_replace(':'.$variable, $value, $url); -                    $i++; -                } - -                if ($i === $pattern['count']) { -                    return $url; -                } -            } -        } - -        return ''; -    } - -    /** -     * Check controller and action parameter -     * -     * @access public -     * @param  string $value Controller or action name -     * @param  string $default_value Default value if validation fail -     * @return string -     */ -    public function sanitize($value, $default_value) -    { -        return ! preg_match('/^[a-zA-Z_0-9]+$/', $value) ? $default_value : $value; -    } - -    /** -     * Find controller/action from the route table or from get arguments -     * -     * @access public -     * @param  string  $uri -     * @param  string  $query_string -     */ -    public function dispatch($uri, $query_string = '') -    { -        if (! empty($_GET['controller']) && ! empty($_GET['action'])) { -            $this->controller = $this->sanitize($_GET['controller'], 'app'); -            $this->action = $this->sanitize($_GET['action'], 'index'); -            $plugin = ! empty($_GET['plugin']) ? $this->sanitize($_GET['plugin'], '') : ''; -        } else { -            list($this->controller, $this->action) = $this->findRoute($this->getPath($uri, $query_string)); // TODO: add plugin for routes -            $plugin = ''; -        } - -        $class = '\Kanboard\\'; -        $class .= empty($plugin) ? 'Controller\\'.ucfirst($this->controller) : 'Plugin\\'.ucfirst($plugin).'\Controller\\'.ucfirst($this->controller); - -        if (! class_exists($class) || ! method_exists($class, $this->action)) { -            throw new RuntimeException('Controller or method not found for the given url!'); -        } - -        $instance = new $class($this->container); -        $instance->beforeAction($this->controller, $this->action); -        $instance->{$this->action}(); -    } -} diff --git a/app/Core/Security.php b/app/Core/Security.php deleted file mode 100644 index 54207ee1..00000000 --- a/app/Core/Security.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php - -namespace Kanboard\Core; - -/** - * Security class - * - * @package  core - * @author   Frederic Guillot - */ -class Security -{ -    /** -     * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid() -     * -     * @static -     * @access public -     * @return string  Random token -     */ -    public static function generateToken() -    { -        if (function_exists('openssl_random_pseudo_bytes')) { -            return bin2hex(\openssl_random_pseudo_bytes(30)); -        } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { -            return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30)); -        } - -        return hash('sha256', uniqid(mt_rand(), true)); -    } - -    /** -     * Generate and store a CSRF token in the current session -     * -     * @static -     * @access public -     * @return string  Random token -     */ -    public static function getCSRFToken() -    { -        $nonce = self::generateToken(); - -        if (empty($_SESSION['csrf_tokens'])) { -            $_SESSION['csrf_tokens'] = array(); -        } - -        $_SESSION['csrf_tokens'][$nonce] = true; - -        return $nonce; -    } - -    /** -     * Check if the token exists for the current session (a token can be used only one time) -     * -     * @static -     * @access public -     * @param  string   $token   CSRF token -     * @return bool -     */ -    public static function validateCSRFToken($token) -    { -        if (isset($_SESSION['csrf_tokens'][$token])) { -            unset($_SESSION['csrf_tokens'][$token]); -            return true; -        } - -        return false; -    } - -    /** -     * Check if the token used in a form is correct and then remove the value -     * -     * @static -     * @access public -     * @param  array    $values   Form values -     * @return bool -     */ -    public static function validateCSRFFormToken(array &$values) -    { -        if (! empty($values['csrf_token']) && self::validateCSRFToken($values['csrf_token'])) { -            unset($values['csrf_token']); -            return true; -        } - -        return false; -    } -} diff --git a/app/Core/Security/AccessMap.php b/app/Core/Security/AccessMap.php new file mode 100644 index 00000000..f34c4b00 --- /dev/null +++ b/app/Core/Security/AccessMap.php @@ -0,0 +1,175 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Access Map Definition + * + * @package  security + * @author   Frederic Guillot + */ +class AccessMap +{ +    /** +     * Default role +     * +     * @access private +     * @var string +     */ +    private $defaultRole = ''; + +    /** +     * Role hierarchy +     * +     * @access private +     * @var array +     */ +    private $hierarchy = array(); + +    /** +     * Access map +     * +     * @access private +     * @var array +     */ +    private $map = array(); + +    /** +     * Define the default role when nothing match +     * +     * @access public +     * @param  string $role +     * @return Acl +     */ +    public function setDefaultRole($role) +    { +        $this->defaultRole = $role; +        return $this; +    } + +    /** +     * Define role hierarchy +     * +     * @access public +     * @param  string $role +     * @param  array  $subroles +     * @return Acl +     */ +    public function setRoleHierarchy($role, array $subroles) +    { +        foreach ($subroles as $subrole) { +            if (isset($this->hierarchy[$subrole])) { +                $this->hierarchy[$subrole][] = $role; +            } else { +                $this->hierarchy[$subrole] = array($role); +            } +        } + +        return $this; +    } + +    /** +     * Get computed role hierarchy +     * +     * @access public +     * @param  string  $role +     * @return array +     */ +    public function getRoleHierarchy($role) +    { +        $roles = array($role); + +        if (isset($this->hierarchy[$role])) { +            $roles = array_merge($roles, $this->hierarchy[$role]); +        } + +        return $roles; +    } + +    /** +     * Get the highest role from a list +     * +     * @access public +     * @param  array  $roles +     * @return string +     */ +    public function getHighestRole(array $roles) +    { +        $rank = array(); + +        foreach ($roles as $role) { +            $rank[$role] = count($this->getRoleHierarchy($role)); +        } + +        asort($rank); + +        return key($rank); +    } + +    /** +     * Add new access rules +     * +     * @access public +     * @param  string $controller  Controller class name +     * @param  mixed  $methods     List of method name or just one method +     * @param  string $role        Lowest role required +     * @return Acl +     */ +    public function add($controller, $methods, $role) +    { +        if (is_array($methods)) { +            foreach ($methods as $method) { +                $this->addRule($controller, $method, $role); +            } +        } else { +            $this->addRule($controller, $methods, $role); +        } + +        return $this; +    } + +    /** +     * Add new access rule +     * +     * @access private +     * @param  string $controller +     * @param  string $method +     * @param  string $role +     * @return Acl +     */ +    private function addRule($controller, $method, $role) +    { +        $controller = strtolower($controller); +        $method = strtolower($method); + +        if (! isset($this->map[$controller])) { +            $this->map[$controller] = array(); +        } + +        $this->map[$controller][$method] = $role; + +        return $this; +    } + +    /** +     * Get roles that match the given controller/method +     * +     * @access public +     * @param  string $controller +     * @param  string $method +     * @return boolean +     */ +    public function getRoles($controller, $method) +    { +        $controller = strtolower($controller); +        $method = strtolower($method); + +        foreach (array($method, '*') as $key) { +            if (isset($this->map[$controller][$key])) { +                return $this->getRoleHierarchy($this->map[$controller][$key]); +            } +        } + +        return $this->getRoleHierarchy($this->defaultRole); +    } +} diff --git a/app/Core/Security/AuthenticationManager.php b/app/Core/Security/AuthenticationManager.php new file mode 100644 index 00000000..b1ba76cf --- /dev/null +++ b/app/Core/Security/AuthenticationManager.php @@ -0,0 +1,187 @@ +<?php + +namespace Kanboard\Core\Security; + +use LogicException; +use Kanboard\Core\Base; +use Kanboard\Event\AuthFailureEvent; +use Kanboard\Event\AuthSuccessEvent; + +/** + * Authentication Manager + * + * @package  security + * @author   Frederic Guillot + */ +class AuthenticationManager extends Base +{ +    /** +     * Event names +     * +     * @var string +     */ +    const EVENT_SUCCESS = 'auth.success'; +    const EVENT_FAILURE = 'auth.failure'; + +    /** +     * List of authentication providers +     * +     * @access private +     * @var array +     */ +    private $providers = array(); + +    /** +     * Register a new authentication provider +     * +     * @access public +     * @param  AuthenticationProviderInterface $provider +     * @return AuthenticationManager +     */ +    public function register(AuthenticationProviderInterface $provider) +    { +        $this->providers[$provider->getName()] = $provider; +        return $this; +    } + +    /** +     * Register a new authentication provider +     * +     * @access public +     * @param  string $name +     * @return AuthenticationProviderInterface|OAuthAuthenticationProviderInterface|PasswordAuthenticationProviderInterface|PreAuthenticationProviderInterface|OAuthAuthenticationProviderInterface +     */ +    public function getProvider($name) +    { +        if (! isset($this->providers[$name])) { +            throw new LogicException('Authentication provider not found: '.$name); +        } + +        return $this->providers[$name]; +    } + +    /** +     * Execute providers that are able to validate the current session +     * +     * @access public +     * @return boolean +     */ +    public function checkCurrentSession() +    { +        if ($this->userSession->isLogged()) { +            foreach ($this->filterProviders('SessionCheckProviderInterface') as $provider) { +                if (! $provider->isValidSession()) { +                    $this->logger->debug('Invalidate session for '.$this->userSession->getUsername()); +                    $this->sessionStorage->flush(); +                    $this->preAuthentication(); +                    return false; +                } +            } +        } + +        return true; +    } + +    /** +     * Execute pre-authentication providers +     * +     * @access public +     * @return boolean +     */ +    public function preAuthentication() +    { +        foreach ($this->filterProviders('PreAuthenticationProviderInterface') as $provider) { +            if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) { +                $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName())); +                return true; +            } +        } + +        return false; +    } + +    /** +     * Execute username/password authentication providers +     * +     * @access public +     * @param  string  $username +     * @param  string  $password +     * @param  boolean $fireEvent +     * @return boolean +     */ +    public function passwordAuthentication($username, $password, $fireEvent = true) +    { +        foreach ($this->filterProviders('PasswordAuthenticationProviderInterface') as $provider) { +            $provider->setUsername($username); +            $provider->setPassword($password); + +            if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) { +                if ($fireEvent) { +                    $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName())); +                } + +                return true; +            } +        } + +        if ($fireEvent) { +            $this->dispatcher->dispatch(self::EVENT_FAILURE, new AuthFailureEvent($username)); +        } + +        return false; +    } + +    /** +     * Perform OAuth2 authentication +     * +     * @access public +     * @param  string  $name +     * @return boolean +     */ +    public function oauthAuthentication($name) +    { +        $provider = $this->getProvider($name); + +        if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) { +            $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName())); +            return true; +        } + +        $this->dispatcher->dispatch(self::EVENT_FAILURE, new AuthFailureEvent); + +        return false; +    } + +    /** +     * Get the last Post-Authentication provider +     * +     * @access public +     * @return PostAuthenticationProviderInterface +     */ +    public function getPostAuthenticationProvider() +    { +        $providers = $this->filterProviders('PostAuthenticationProviderInterface'); + +        if (empty($providers)) { +            throw new LogicException('You must have at least one Post-Authentication Provider configured'); +        } + +        return array_pop($providers); +    } + +    /** +     * Filter registered providers by interface type +     * +     * @access private +     * @param  string $interface +     * @return array +     */ +    private function filterProviders($interface) +    { +        $interface = '\Kanboard\Core\Security\\'.$interface; + +        return array_filter($this->providers, function(AuthenticationProviderInterface $provider) use ($interface) { +            return is_a($provider, $interface); +        }); +    } +} diff --git a/app/Core/Security/AuthenticationProviderInterface.php b/app/Core/Security/AuthenticationProviderInterface.php new file mode 100644 index 00000000..828e272c --- /dev/null +++ b/app/Core/Security/AuthenticationProviderInterface.php @@ -0,0 +1,28 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Authentication Provider Interface + * + * @package  security + * @author   Frederic Guillot + */ +interface AuthenticationProviderInterface +{ +    /** +     * Get authentication provider name +     * +     * @access public +     * @return string +     */ +    public function getName(); + +    /** +     * Authenticate the user +     * +     * @access public +     * @return boolean +     */ +    public function authenticate(); +} diff --git a/app/Core/Security/Authorization.php b/app/Core/Security/Authorization.php new file mode 100644 index 00000000..980db048 --- /dev/null +++ b/app/Core/Security/Authorization.php @@ -0,0 +1,46 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Authorization Handler + * + * @package  security + * @author   Frederic Guillot + */ +class Authorization +{ +    /** +     * Access Map +     * +     * @access private +     * @var AccessMap +     */ +    private $accessMap; + +    /** +     * Constructor +     * +     * @access public +     * @param  AccessMap  $accessMap +     */ +    public function __construct(AccessMap $accessMap) +    { +        $this->accessMap = $accessMap; +    } + +    /** +     * Check if the given role is allowed to access to the specified resource +     * +     * @access public +     * @param  string  $controller +     * @param  string  $method +     * @param  string  $role +     * @return boolean +     */ +    public function isAllowed($controller, $method, $role) +    { +        $roles = $this->accessMap->getRoles($controller, $method); +        return in_array($role, $roles); +    } +} diff --git a/app/Core/Security/OAuthAuthenticationProviderInterface.php b/app/Core/Security/OAuthAuthenticationProviderInterface.php new file mode 100644 index 00000000..c32339e0 --- /dev/null +++ b/app/Core/Security/OAuthAuthenticationProviderInterface.php @@ -0,0 +1,46 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * OAuth2 Authentication Provider Interface + * + * @package  security + * @author   Frederic Guillot + */ +interface OAuthAuthenticationProviderInterface extends AuthenticationProviderInterface +{ +    /** +     * Get user object +     * +     * @access public +     * @return UserProviderInterface +     */ +    public function getUser(); + +    /** +     * Unlink user +     * +     * @access public +     * @param  integer $userId +     * @return bool +     */ +    public function unlink($userId); + +    /** +     * Get configured OAuth2 service +     * +     * @access public +     * @return Kanboard\Core\Http\OAuth2 +     */ +    public function getService(); + +    /** +     * Set OAuth2 code +     * +     * @access public +     * @param  string  $code +     * @return OAuthAuthenticationProviderInterface +     */ +    public function setCode($code); +} diff --git a/app/Core/Security/PasswordAuthenticationProviderInterface.php b/app/Core/Security/PasswordAuthenticationProviderInterface.php new file mode 100644 index 00000000..918a4aec --- /dev/null +++ b/app/Core/Security/PasswordAuthenticationProviderInterface.php @@ -0,0 +1,36 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Password Authentication Provider Interface + * + * @package  security + * @author   Frederic Guillot + */ +interface PasswordAuthenticationProviderInterface extends AuthenticationProviderInterface +{ +    /** +     * Get user object +     * +     * @access public +     * @return UserProviderInterface +     */ +    public function getUser(); + +    /** +     * Set username +     * +     * @access public +     * @param  string $username +     */ +    public function setUsername($username); + +    /** +     * Set password +     * +     * @access public +     * @param  string $password +     */ +    public function setPassword($password); +} diff --git a/app/Core/Security/PostAuthenticationProviderInterface.php b/app/Core/Security/PostAuthenticationProviderInterface.php new file mode 100644 index 00000000..3f628bb0 --- /dev/null +++ b/app/Core/Security/PostAuthenticationProviderInterface.php @@ -0,0 +1,69 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Post Authentication Provider Interface + * + * @package  security + * @author   Frederic Guillot + */ +interface PostAuthenticationProviderInterface extends AuthenticationProviderInterface +{ +    /** +     * Called only one time before to prompt the user for pin code +     * +     * @access public +     */ +    public function beforeCode(); + +    /** +     * Set user pin-code +     * +     * @access public +     * @param  string $code +     */ +    public function setCode($code); + +    /** +     * Generate secret if necessary +     * +     * @access public +     * @return string +     */ +    public function generateSecret(); + +    /** +     * Set secret token (fetched from user profile) +     * +     * @access public +     * @param  string  $secret +     */ +    public function setSecret($secret); + +    /** +     * Get secret token (will be saved in user profile) +     * +     * @access public +     * @return string +     */ +    public function getSecret(); + +    /** +     * Get QR code url (empty if no QR can be provided) +     * +     * @access public +     * @param  string $label +     * @return string +     */ +    public function getQrCodeUrl($label); + +    /** +     * Get key url (empty if no url can be provided) +     * +     * @access public +     * @param  string $label +     * @return string +     */ +    public function getKeyUrl($label); +} diff --git a/app/Core/Security/PreAuthenticationProviderInterface.php b/app/Core/Security/PreAuthenticationProviderInterface.php new file mode 100644 index 00000000..391e8d0f --- /dev/null +++ b/app/Core/Security/PreAuthenticationProviderInterface.php @@ -0,0 +1,20 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Pre-Authentication Provider Interface + * + * @package  security + * @author   Frederic Guillot + */ +interface PreAuthenticationProviderInterface extends AuthenticationProviderInterface +{ +    /** +     * Get user object +     * +     * @access public +     * @return UserProviderInterface +     */ +    public function getUser(); +} diff --git a/app/Core/Security/Role.php b/app/Core/Security/Role.php new file mode 100644 index 00000000..cb45a8af --- /dev/null +++ b/app/Core/Security/Role.php @@ -0,0 +1,64 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Role Definitions + * + * @package  security + * @author   Frederic Guillot + */ +class Role +{ +    const APP_ADMIN       = 'app-admin'; +    const APP_MANAGER     = 'app-manager'; +    const APP_USER        = 'app-user'; +    const APP_PUBLIC      = 'app-public'; + +    const PROJECT_MANAGER = 'project-manager'; +    const PROJECT_MEMBER  = 'project-member'; +    const PROJECT_VIEWER  = 'project-viewer'; + +    /** +     * Get application roles +     * +     * @access public +     * @return array +     */ +    public function getApplicationRoles() +    { +        return array( +            self::APP_ADMIN => t('Administrator'), +            self::APP_MANAGER => t('Manager'), +            self::APP_USER => t('User'), +        ); +    } + +    /** +     * Get project roles +     * +     * @access public +     * @return array +     */ +    public function getProjectRoles() +    { +        return array( +            self::PROJECT_MANAGER => t('Project Manager'), +            self::PROJECT_MEMBER => t('Project Member'), +            self::PROJECT_VIEWER => t('Project Viewer'), +        ); +    } + +    /** +     * Get role name +     * +     * @access public +     * @param  string $role +     * @return string +     */ +    public function getRoleName($role) +    { +        $roles = $this->getApplicationRoles() + $this->getProjectRoles(); +        return isset($roles[$role]) ? $roles[$role] : t('Unknown'); +    } +} diff --git a/app/Core/Security/SessionCheckProviderInterface.php b/app/Core/Security/SessionCheckProviderInterface.php new file mode 100644 index 00000000..232fe1db --- /dev/null +++ b/app/Core/Security/SessionCheckProviderInterface.php @@ -0,0 +1,20 @@ +<?php + +namespace Kanboard\Core\Security; + +/** + * Session Check Provider Interface + * + * @package  security + * @author   Frederic Guillot + */ +interface SessionCheckProviderInterface +{ +    /** +     * Check if the user session is valid +     * +     * @access public +     * @return boolean +     */ +    public function isValidSession(); +} diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php new file mode 100644 index 00000000..cbd784a8 --- /dev/null +++ b/app/Core/Security/Token.php @@ -0,0 +1,61 @@ +<?php + +namespace Kanboard\Core\Security; + +use Kanboard\Core\Base; + +/** + * Token Handler + * + * @package  security + * @author   Frederic Guillot + */ +class Token extends Base +{ +    /** +     * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid() +     * +     * @static +     * @access public +     * @return string  Random token +     */ +    public static function getToken() +    { +        return bin2hex(random_bytes(30)); +    } + +    /** +     * Generate and store a CSRF token in the current session +     * +     * @access public +     * @return string  Random token +     */ +    public function getCSRFToken() +    { +        if (! isset($this->sessionStorage->csrf)) { +            $this->sessionStorage->csrf = array(); +        } + +        $nonce = self::getToken(); +        $this->sessionStorage->csrf[$nonce] = true; + +        return $nonce; +    } + +    /** +     * Check if the token exists for the current session (a token can be used only one time) +     * +     * @access public +     * @param  string   $token   CSRF token +     * @return bool +     */ +    public function validateCSRFToken($token) +    { +        if (isset($this->sessionStorage->csrf[$token])) { +            unset($this->sessionStorage->csrf[$token]); +            return true; +        } + +        return false; +    } +} diff --git a/app/Core/Session.php b/app/Core/Session.php deleted file mode 100644 index a93131c7..00000000 --- a/app/Core/Session.php +++ /dev/null @@ -1,143 +0,0 @@ -<?php - -namespace Kanboard\Core; - -use ArrayAccess; - -/** - * Session class - * - * @package  core - * @author   Frederic Guillot - */ -class Session implements ArrayAccess -{ -    /** -     * Return true if the session is open -     * -     * @static -     * @access public -     * @return boolean -     */ -    public static function isOpen() -    { -        return session_id() !== ''; -    } - -    /** -     * Open a session -     * -     * @access public -     * @param  string   $base_path    Cookie path -     */ -    public function open($base_path = '/') -    { -        // HttpOnly and secure flags for session cookie -        session_set_cookie_params( -            SESSION_DURATION, -            $base_path ?: '/', -            null, -            Request::isHTTPS(), -            true -        ); - -        // Avoid session id in the URL -        ini_set('session.use_only_cookies', '1'); - -        // Enable strict mode -        if (version_compare(PHP_VERSION, '7.0.0') < 0) { -            ini_set('session.use_strict_mode', '1'); -        } - -        // Ensure session ID integrity -        ini_set('session.entropy_file', '/dev/urandom'); -        ini_set('session.entropy_length', '32'); -        ini_set('session.hash_bits_per_character', 6); - -        // If the session was autostarted with session.auto_start = 1 in php.ini destroy it -        if (isset($_SESSION)) { -            session_destroy(); -        } - -        // Custom session name -        session_name('__S'); - -        // Start the session -        session_start(); - -        // Regenerate the session id to avoid session fixation issue -        if (empty($_SESSION['__validated'])) { -            session_regenerate_id(true); -            $_SESSION['__validated'] = 1; -        } -    } - -    /** -     * Destroy the session -     * -     * @access public -     */ -    public function close() -    { -        // Flush all sessions variables -        $_SESSION = array(); - -        // Destroy the session cookie -        $params = session_get_cookie_params(); - -        setcookie( -            session_name(), -            '', -            time() - 42000, -            $params['path'], -            $params['domain'], -            $params['secure'], -            $params['httponly'] -        ); - -        // Destroy session data -        session_destroy(); -    } - -    /** -     * Register a flash message (success notification) -     * -     * @access public -     * @param  string   $message   Message -     */ -    public function flash($message) -    { -        $_SESSION['flash_message'] = $message; -    } - -    /** -     * Register a flash error message (error notification) -     * -     * @access public -     * @param  string   $message   Message -     */ -    public function flashError($message) -    { -        $_SESSION['flash_error_message'] = $message; -    } - -    public function offsetSet($offset, $value) -    { -        $_SESSION[$offset] = $value; -    } - -    public function offsetExists($offset) -    { -        return isset($_SESSION[$offset]); -    } - -    public function offsetUnset($offset) -    { -        unset($_SESSION[$offset]); -    } - -    public function offsetGet($offset) -    { -        return isset($_SESSION[$offset]) ? $_SESSION[$offset] : null; -    } -} diff --git a/app/Core/Session/FlashMessage.php b/app/Core/Session/FlashMessage.php new file mode 100644 index 00000000..e02d056d --- /dev/null +++ b/app/Core/Session/FlashMessage.php @@ -0,0 +1,71 @@ +<?php + +namespace Kanboard\Core\Session; + +use Kanboard\Core\Base; + +/** + * Session Flash Message + * + * @package  session + * @author   Frederic Guillot + */ +class FlashMessage extends Base +{ +    /** +     * Add success message +     * +     * @access public +     * @param  string  $message +     */ +    public function success($message) +    { +        $this->setMessage('success', $message); +    } + +    /** +     * Add failure message +     * +     * @access public +     * @param  string  $message +     */ +    public function failure($message) +    { +        $this->setMessage('failure', $message); +    } + +    /** +     * Add new flash message +     * +     * @access public +     * @param  string  $key +     * @param  string  $message +     */ +    public function setMessage($key, $message) +    { +        if (! isset($this->sessionStorage->flash)) { +            $this->sessionStorage->flash = array(); +        } + +        $this->sessionStorage->flash[$key] = $message; +    } + +    /** +     * Get flash message +     * +     * @access public +     * @param  string  $key +     * @return string +     */ +    public function getMessage($key) +    { +        $message = ''; + +        if (isset($this->sessionStorage->flash[$key])) { +            $message = $this->sessionStorage->flash[$key]; +            unset($this->sessionStorage->flash[$key]); +        } + +        return $message; +    } +} diff --git a/app/Core/Session/SessionManager.php b/app/Core/Session/SessionManager.php new file mode 100644 index 00000000..4f9f2c0a --- /dev/null +++ b/app/Core/Session/SessionManager.php @@ -0,0 +1,110 @@ +<?php + +namespace Kanboard\Core\Session; + +use Kanboard\Core\Base; + +/** + * Session Manager + * + * @package  session + * @author   Frederic Guillot + */ +class SessionManager extends Base +{ +    /** +     * Event names +     * +     * @var string +     */ +    const EVENT_DESTROY = 'session.destroy'; + +    /** +     * Return true if the session is open +     * +     * @static +     * @access public +     * @return boolean +     */ +    public static function isOpen() +    { +        return session_id() !== ''; +    } + +    /** +     * Create a new session +     * +     * @access public +     */ +    public function open() +    { +        $this->configure(); + +        if (ini_get('session.auto_start') == 1) { +            session_destroy(); +        } + +        session_name('KB_SID'); +        session_start(); + +        $this->sessionStorage->setStorage($_SESSION); +    } + +    /** +     * Destroy the session +     * +     * @access public +     */ +    public function close() +    { +        $this->dispatcher->dispatch(self::EVENT_DESTROY); + +        // Destroy the session cookie +        $params = session_get_cookie_params(); + +        setcookie( +            session_name(), +            '', +            time() - 42000, +            $params['path'], +            $params['domain'], +            $params['secure'], +            $params['httponly'] +        ); + +        session_unset(); +        session_destroy(); +    } + +    /** +     * Define session settings +     * +     * @access private +     */ +    private function configure() +    { +        // Session cookie: HttpOnly and secure flags +        session_set_cookie_params( +            SESSION_DURATION, +            $this->helper->url->dir() ?: '/', +            null, +            $this->request->isHTTPS(), +            true +        ); + +        // Avoid session id in the URL +        ini_set('session.use_only_cookies', '1'); +        ini_set('session.use_trans_sid', '0'); + +        // Enable strict mode +        ini_set('session.use_strict_mode', '1'); + +        // Better session hash +        ini_set('session.hash_function', '1'); // 'sha512' is not compatible with FreeBSD, only MD5 '0' and SHA-1 '1' seems to work +        ini_set('session.hash_bits_per_character', 6); + +        // Set an additional entropy +        ini_set('session.entropy_file', '/dev/urandom'); +        ini_set('session.entropy_length', '256'); +    } +} diff --git a/app/Core/Session/SessionStorage.php b/app/Core/Session/SessionStorage.php new file mode 100644 index 00000000..667d9253 --- /dev/null +++ b/app/Core/Session/SessionStorage.php @@ -0,0 +1,89 @@ +<?php + +namespace Kanboard\Core\Session; + +/** + * Session Storage + * + * @package  session + * @author   Frederic Guillot + * + * @property array  $user + * @property array  $flash + * @property array  $csrf + * @property array  $postAuthenticationValidated + * @property array  $filters + * @property string $redirectAfterLogin + * @property string $captcha + * @property string $commentSorting + * @property bool   $hasSubtaskInProgress + * @property bool   $hasRememberMe + * @property bool   $boardCollapsed + * @property bool   $twoFactorBeforeCodeCalled + * @property string $twoFactorSecret + */ +class SessionStorage +{ +    /** +     * Pointer to external storage +     * +     * @access private +     * @var array +     */ +    private $storage = array(); + +    /** +     * Set external storage +     * +     * @access public +     * @param  array  $storage  External session storage (example: $_SESSION) +     */ +    public function setStorage(array &$storage) +    { +        $this->storage =& $storage; + +        // Load dynamically existing session variables into object properties +        foreach ($storage as $key => $value) { +            $this->$key = $value; +        } +    } + +    /** +     * Get all session variables +     * +     * @access public +     * @return array +     */ +    public function getAll() +    { +        $session = get_object_vars($this); +        unset($session['storage']); + +        return $session; +    } + +    /** +     * Flush session data +     * +     * @access public +     */ +    public function flush() +    { +        $session = get_object_vars($this); +        unset($session['storage']); + +        foreach (array_keys($session) as $property) { +            unset($this->$property); +        } +    } + +    /** +     * Copy class properties to external storage +     * +     * @access public +     */ +    public function __destruct() +    { +        $this->storage = $this->getAll(); +    } +} diff --git a/app/Core/Template.php b/app/Core/Template.php index ce2884a7..8ded6f7c 100644 --- a/app/Core/Template.php +++ b/app/Core/Template.php @@ -19,6 +19,50 @@ class Template extends Helper      private $overrides = array();      /** +     * Rendering start time +     * +     * @access private +     * @var float +     */ +    private $startTime = 0; + +    /** +     * Total rendering time +     * +     * @access private +     * @var float +     */ +    private $renderingTime = 0; + +    /** +     * Method executed before the rendering +     * +     * @access protected +     * @param  string $template +     */ +    protected function beforeRender($template) +    { +        if (DEBUG) { +            $this->startTime = microtime(true); +        } +    } + +    /** +     * Method executed after the rendering +     * +     * @access protected +     * @param  string $template +     */ +    protected function afterRender($template) +    { +        if (DEBUG) { +            $duration = microtime(true) - $this->startTime; +            $this->renderingTime += $duration; +            $this->container['logger']->debug('Rendering '.$template.' in '.$duration.'s, total='.$this->renderingTime); +        } +    } + +    /**       * Render a template       *       * Example: @@ -32,11 +76,16 @@ class Template extends Helper       */      public function render($__template_name, array $__template_args = array())      { -        extract($__template_args); +        $this->beforeRender($__template_name); +        extract($__template_args);          ob_start();          include $this->getTemplateFile($__template_name); -        return ob_get_clean(); +        $html = ob_get_clean(); + +        $this->afterRender($__template_name); + +        return $html;      }      /** diff --git a/app/Core/Tool.php b/app/Core/Tool.php index 247fda1a..edd2e609 100644 --- a/app/Core/Tool.php +++ b/app/Core/Tool.php @@ -39,6 +39,7 @@ class Tool       * @access public       * @param  Container  $container       * @param  array      $namespaces +     * @return Container       */      public static function buildDIC(Container $container, array $namespaces)      { @@ -50,6 +51,8 @@ class Tool                  };              }          } + +        return $container;      }      /** diff --git a/app/Core/Translator.php b/app/Core/Translator.php index 96a481f6..113c0dc6 100644 --- a/app/Core/Translator.php +++ b/app/Core/Translator.php @@ -147,32 +147,6 @@ class Translator      }      /** -     * Get a formatted datetime -     * -     * $translator->datetime('%Y-%m-%d', time()); -     * -     * @access public -     * @param  string   $format      Format defined by the strftime function -     * @param  integer  $timestamp   Unix timestamp -     * @return string -     */ -    public function datetime($format, $timestamp) -    { -        if (! $timestamp) { -            return ''; -        } - -        $format = $this->get($format, $format); - -        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { -            $format = str_replace('%e', '%d', $format); -            $format = str_replace('%k', '%H', $format); -        } - -        return strftime($format, (int) $timestamp); -    } - -    /**       * Get an identifier from the translations or return the default       *       * @access public @@ -199,8 +173,6 @@ class Translator       */      public static function load($language, $path = self::PATH)      { -        setlocale(LC_TIME, $language.'.UTF-8', $language); -          $filename = $path.DIRECTORY_SEPARATOR.$language.DIRECTORY_SEPARATOR.'translations.php';          if (file_exists($filename)) { diff --git a/app/Core/User/GroupSync.php b/app/Core/User/GroupSync.php new file mode 100644 index 00000000..573acd47 --- /dev/null +++ b/app/Core/User/GroupSync.php @@ -0,0 +1,32 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; + +/** + * Group Synchronization + * + * @package  user + * @author   Frederic Guillot + */ +class GroupSync extends Base +{ +    /** +     * Synchronize group membership +     * +     * @access public +     * @param  integer  $userId +     * @param  array    $groupIds +     */ +    public function synchronize($userId, array $groupIds) +    { +        foreach ($groupIds as $groupId) { +            $group = $this->group->getByExternalId($groupId); + +            if (! empty($group) && ! $this->groupMember->isMember($group['id'], $userId)) { +                $this->groupMember->addUser($group['id'], $userId); +            } +        } +    } +} diff --git a/app/Core/User/UserProfile.php b/app/Core/User/UserProfile.php new file mode 100644 index 00000000..ef325801 --- /dev/null +++ b/app/Core/User/UserProfile.php @@ -0,0 +1,62 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; + +/** + * User Profile + * + * @package  user + * @author   Frederic Guillot + */ +class UserProfile extends Base +{ +    /** +     * Assign provider data to the local user +     * +     * @access public +     * @param  integer                $userId +     * @param  UserProviderInterface  $user +     * @return boolean +     */ +    public function assign($userId, UserProviderInterface $user) +    { +        $profile = $this->user->getById($userId); + +        $values = UserProperty::filterProperties($profile, UserProperty::getProperties($user)); +        $values['id'] = $userId; + +        if ($this->user->update($values)) { +            $profile = array_merge($profile, $values); +            $this->userSession->initialize($profile); +            return true; +        } + +        return false; +    } + +    /** +     * Synchronize user properties with the local database and create the user session +     * +     * @access public +     * @param  UserProviderInterface $user +     * @return boolean +     */ +    public function initialize(UserProviderInterface $user) +    { +        if ($user->getInternalId()) { +            $profile = $this->user->getById($user->getInternalId()); +        } elseif ($user->getExternalIdColumn() && $user->getExternalId()) { +            $profile = $this->userSync->synchronize($user); +            $this->groupSync->synchronize($profile['id'], $user->getExternalGroupIds()); +        } + +        if (! empty($profile) && $profile['is_active'] == 1) { +            $this->userSession->initialize($profile); +            return true; +        } + +        return false; +    } +} diff --git a/app/Core/User/UserProperty.php b/app/Core/User/UserProperty.php new file mode 100644 index 00000000..f8b08a3d --- /dev/null +++ b/app/Core/User/UserProperty.php @@ -0,0 +1,70 @@ +<?php + +namespace Kanboard\Core\User; + +/** + * User Property + * + * @package  user + * @author   Frederic Guillot + */ +class UserProperty +{ +    /** +     * Get filtered user properties from user provider +     * +     * @static +     * @access public +     * @param  UserProviderInterface $user +     * @return array +     */ +    public static function getProperties(UserProviderInterface $user) +    { +        $properties = array( +            'username' => $user->getUsername(), +            'name' => $user->getName(), +            'email' => $user->getEmail(), +            'role' => $user->getRole(), +            $user->getExternalIdColumn() => $user->getExternalId(), +        ); + +        $properties = array_merge($properties, $user->getExtraAttributes()); + +        return array_filter($properties, array(__NAMESPACE__.'\UserProperty', 'isNotEmptyValue')); +    } + +    /** +     * Filter user properties compared to existing user profile +     * +     * @static +     * @access public +     * @param  array  $profile +     * @param  array  $properties +     * @return array +     */ +    public static function filterProperties(array $profile, array $properties) +    { +        $values = array(); + +        foreach ($properties as $property => $value) { +            if (array_key_exists($property, $profile) && ! self::isNotEmptyValue($profile[$property])) { +                $values[$property] = $value; +            } +        } + +        return $values; +    } + +    /** +     * Check if a value is not empty +     * +     * @static +     * @access public +     * @param  string $value +     * @return boolean +     */ +    public static function isNotEmptyValue($value) +    { +        return $value !== null && $value !== ''; +    } +} diff --git a/app/Core/User/UserProviderInterface.php b/app/Core/User/UserProviderInterface.php new file mode 100644 index 00000000..07e01f42 --- /dev/null +++ b/app/Core/User/UserProviderInterface.php @@ -0,0 +1,103 @@ +<?php + +namespace Kanboard\Core\User; + +/** + * User Provider Interface + * + * @package  user + * @author   Frederic Guillot + */ +interface UserProviderInterface +{ +    /** +     * Return true to allow automatic user creation +     * +     * @access public +     * @return boolean +     */ +    public function isUserCreationAllowed(); + +    /** +     * Get external id column name +     * +     * Example: google_id, github_id, gitlab_id... +     * +     * @access public +     * @return string +     */ +    public function getExternalIdColumn(); + +    /** +     * Get internal id +     * +     * If a value is returned the user properties won't be updated in the local database +     * +     * @access public +     * @return integer +     */ +    public function getInternalId(); + +    /** +     * Get external id +     * +     * @access public +     * @return string +     */ +    public function getExternalId(); + +    /** +     * Get user role +     * +     * Return an empty string to not override role stored in the database +     * +     * @access public +     * @return string +     */ +    public function getRole(); + +    /** +     * Get username +     * +     * @access public +     * @return string +     */ +    public function getUsername(); + +    /** +     * Get user full name +     * +     * @access public +     * @return string +     */ +    public function getName(); + +    /** +     * Get user email +     * +     * @access public +     * @return string +     */ +    public function getEmail(); + +    /** +     * Get external group ids +     * +     * A synchronization is done at login time, +     * the user will be member of those groups if they exists in the database +     * +     * @access public +     * @return string[] +     */ +    public function getExternalGroupIds(); + +    /** +     * Get extra user attributes +     * +     * Example: is_ldap_user, disable_login_form, notifications_enabled... +     * +     * @access public +     * @return array +     */ +    public function getExtraAttributes(); +} diff --git a/app/Core/User/UserSession.php b/app/Core/User/UserSession.php new file mode 100644 index 00000000..534e5192 --- /dev/null +++ b/app/Core/User/UserSession.php @@ -0,0 +1,204 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; +use Kanboard\Core\Security\Role; + +/** + * User Session + * + * @package  user + * @author   Frederic Guillot + */ +class UserSession extends Base +{ +    /** +     * Update user session +     * +     * @access public +     * @param  array  $user +     */ +    public function initialize(array $user) +    { +        foreach (array('password', 'is_admin', 'is_project_admin', 'twofactor_secret') as $column) { +            if (isset($user[$column])) { +                unset($user[$column]); +            } +        } + +        $user['id'] = (int) $user['id']; +        $user['is_ldap_user'] = isset($user['is_ldap_user']) ? (bool) $user['is_ldap_user'] : false; +        $user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false; + +        $this->sessionStorage->user = $user; +        $this->sessionStorage->postAuthenticationValidated = false; +    } + +    /** +     * Get user application role +     * +     * @access public +     * @return string +     */ +    public function getRole() +    { +        return $this->sessionStorage->user['role']; +    } + +    /** +     * Return true if the user has validated the 2FA key +     * +     * @access public +     * @return bool +     */ +    public function isPostAuthenticationValidated() +    { +        return isset($this->sessionStorage->postAuthenticationValidated) && $this->sessionStorage->postAuthenticationValidated === true; +    } + +    /** +     * Validate 2FA for the current session +     * +     * @access public +     */ +    public function validatePostAuthentication() +    { +        $this->sessionStorage->postAuthenticationValidated = true; +    } + +    /** +     * Return true if the user has 2FA enabled +     * +     * @access public +     * @return bool +     */ +    public function hasPostAuthentication() +    { +        return isset($this->sessionStorage->user['twofactor_activated']) && $this->sessionStorage->user['twofactor_activated'] === true; +    } + +    /** +     * Disable 2FA for the current session +     * +     * @access public +     */ +    public function disablePostAuthentication() +    { +        $this->sessionStorage->user['twofactor_activated'] = false; +    } + +    /** +     * Return true if the logged user is admin +     * +     * @access public +     * @return bool +     */ +    public function isAdmin() +    { +        return isset($this->sessionStorage->user['role']) && $this->sessionStorage->user['role'] === Role::APP_ADMIN; +    } + +    /** +     * Get the connected user id +     * +     * @access public +     * @return integer +     */ +    public function getId() +    { +        return isset($this->sessionStorage->user['id']) ? (int) $this->sessionStorage->user['id'] : 0; +    } + +    /** +     * Get username +     * +     * @access public +     * @return string +     */ +    public function getUsername() +    { +        return isset($this->sessionStorage->user['username']) ? $this->sessionStorage->user['username'] : ''; +    } + +    /** +     * Check is the user is connected +     * +     * @access public +     * @return bool +     */ +    public function isLogged() +    { +        return isset($this->sessionStorage->user) && ! empty($this->sessionStorage->user); +    } + +    /** +     * Get project filters from the session +     * +     * @access public +     * @param  integer  $project_id +     * @return string +     */ +    public function getFilters($project_id) +    { +        return ! empty($this->sessionStorage->filters[$project_id]) ? $this->sessionStorage->filters[$project_id] : 'status:open'; +    } + +    /** +     * Save project filters in the session +     * +     * @access public +     * @param  integer  $project_id +     * @param  string   $filters +     */ +    public function setFilters($project_id, $filters) +    { +        $this->sessionStorage->filters[$project_id] = $filters; +    } + +    /** +     * Is board collapsed or expanded +     * +     * @access public +     * @param  integer  $project_id +     * @return boolean +     */ +    public function isBoardCollapsed($project_id) +    { +        return ! empty($this->sessionStorage->boardCollapsed[$project_id]) ? $this->sessionStorage->boardCollapsed[$project_id] : false; +    } + +    /** +     * Set board display mode +     * +     * @access public +     * @param  integer  $project_id +     * @param  boolean  $is_collapsed +     */ +    public function setBoardDisplayMode($project_id, $is_collapsed) +    { +        $this->sessionStorage->boardCollapsed[$project_id] = $is_collapsed; +    } + +    /** +     * Set comments sorting +     * +     * @access public +     * @param  string $order +     */ +    public function setCommentSorting($order) +    { +        $this->sessionStorage->commentSorting = $order; +    } + +    /** +     * Get comments sorting direction +     * +     * @access public +     * @return string +     */ +    public function getCommentSorting() +    { +        return empty($this->sessionStorage->commentSorting) ? 'ASC' : $this->sessionStorage->commentSorting; +    } +} diff --git a/app/Core/User/UserSync.php b/app/Core/User/UserSync.php new file mode 100644 index 00000000..d450a0bd --- /dev/null +++ b/app/Core/User/UserSync.php @@ -0,0 +1,76 @@ +<?php + +namespace Kanboard\Core\User; + +use Kanboard\Core\Base; + +/** + * User Synchronization + * + * @package  user + * @author   Frederic Guillot + */ +class UserSync extends Base +{ +    /** +     * Synchronize user profile +     * +     * @access public +     * @param  UserProviderInterface $user +     * @return array +     */ +    public function synchronize(UserProviderInterface $user) +    { +        $profile = $this->user->getByExternalId($user->getExternalIdColumn(), $user->getExternalId()); +        $properties = UserProperty::getProperties($user); + +        if (! empty($profile)) { +            $profile = $this->updateUser($profile, $properties); +        } elseif ($user->isUserCreationAllowed()) { +            $profile = $this->createUser($user, $properties); +        } + +        return $profile; +    } + +    /** +     * Update user profile +     * +     * @access public +     * @param  array    $profile +     * @param  array    $properties +     * @return array +     */ +    private function updateUser(array $profile, array $properties) +    { +        $values = UserProperty::filterProperties($profile, $properties); + +        if (! empty($values)) { +            $values['id'] = $profile['id']; +            $result = $this->user->update($values); +            return $result ? array_merge($profile, $properties) : $profile; +        } + +        return $profile; +    } + +    /** +     * Create user +     * +     * @access public +     * @param  UserProviderInterface  $user +     * @param  array                  $properties +     * @return array +     */ +    private function createUser(UserProviderInterface $user, array $properties) +    { +        $id = $this->user->create($properties); + +        if ($id === false) { +            $this->logger->error('Unable to create user profile: '.$user->getExternalId()); +            return array(); +        } + +        return $this->user->getById($id); +    } +} | 
