forked from vergnet/site-accueil-insa
247 lines
7.8 KiB
PHP
247 lines
7.8 KiB
PHP
<?php
|
|
|
|
namespace Piwik\Plugins\UsersManager\Repository;
|
|
|
|
use Piwik\Auth\Password;
|
|
use Piwik\Container\StaticContainer;
|
|
use Piwik\Date;
|
|
use Piwik\Metrics\Formatter;
|
|
use Piwik\Piwik;
|
|
use Piwik\Plugin;
|
|
use Piwik\Plugins\CoreAdminHome\Emails\UserCreatedEmail;
|
|
use Piwik\Plugins\UsersManager\API;
|
|
use Piwik\Plugins\UsersManager\Emails\UserInviteEmail;
|
|
use Piwik\Plugins\UsersManager\LastSeenTimeLogger;
|
|
use Piwik\Plugins\UsersManager\Model;
|
|
use Piwik\Plugins\UsersManager\UserAccessFilter;
|
|
use Piwik\Plugins\UsersManager\UsersManager;
|
|
use Piwik\Plugins\UsersManager\Validators\Email;
|
|
use Piwik\Plugins\UsersManager\Validators\Login;
|
|
use Piwik\Site;
|
|
use Piwik\Validators\BaseValidator;
|
|
|
|
class UserRepository
|
|
{
|
|
/**
|
|
* @var Model
|
|
*/
|
|
protected $model;
|
|
|
|
/**
|
|
* @var UserAccessFilter
|
|
*/
|
|
protected $filter;
|
|
|
|
/**
|
|
* @var Password
|
|
*/
|
|
protected $password;
|
|
|
|
public function __construct(Model $model, UserAccessFilter $filter, Password $password)
|
|
{
|
|
$this->model = $model;
|
|
$this->filter = $filter;
|
|
$this->password = $password;
|
|
}
|
|
|
|
/**
|
|
* @param string $userLogin
|
|
* @param string $email
|
|
* @param int $initialIdSite
|
|
* @param string $password
|
|
* @param bool $isPasswordHashed
|
|
* @throws \Exception
|
|
*/
|
|
public function create(
|
|
string $userLogin,
|
|
string $email,
|
|
?int $initialIdSite = null,
|
|
string $password = '',
|
|
bool $isPasswordHashed = false
|
|
): void {
|
|
|
|
|
|
if (!Piwik::hasUserSuperUserAccess()) {
|
|
// check if the user has admin access to the site
|
|
Piwik::checkUserHasAdminAccess($initialIdSite);
|
|
}
|
|
|
|
BaseValidator::check(Piwik::translate('General_Username'), $userLogin, [new Login(true)]);
|
|
BaseValidator::check(Piwik::translate('Installation_Email'), $email, [new Email(true)]);
|
|
|
|
if (!empty($password)) {
|
|
if (!$isPasswordHashed) {
|
|
$passwordTransformed = UsersManager::getPasswordHash($password);
|
|
} else {
|
|
$passwordTransformed = $password;
|
|
}
|
|
$password = $this->password->hash($passwordTransformed);
|
|
}
|
|
|
|
$this->model->addUser($userLogin, $password, $email, Date::now()->getDatetime());
|
|
|
|
if ($initialIdSite) {
|
|
API::getInstance()->setUserAccess($userLogin, 'view', $initialIdSite);
|
|
}
|
|
|
|
$this->sendUserCreationNotification($userLogin);
|
|
}
|
|
|
|
public function inviteUser(string $userLogin, string $email, ?int $initialIdSite = null, $expiryInDays = null): void
|
|
{
|
|
$this->create($userLogin, $email, $initialIdSite);
|
|
$this->model->updateUserFields($userLogin, ['invited_by' => Piwik::getCurrentUserLogin()]);
|
|
$user = $this->model->getUser($userLogin);
|
|
$generatedToken = $this->model->generateRandomInviteToken();
|
|
$this->model->attachInviteToken($userLogin, $generatedToken, $expiryInDays);
|
|
$this->sendInvitationEmail($user, $generatedToken, $expiryInDays);
|
|
}
|
|
|
|
public function reInviteUser(string $userLogin, $expiryInDays = null): void
|
|
{
|
|
$user = $this->model->getUser($userLogin);
|
|
$generatedToken = $this->model->generateRandomInviteToken();
|
|
$this->model->attachInviteToken($userLogin, $generatedToken, $expiryInDays);
|
|
$this->sendInvitationEmail($user, $generatedToken, $expiryInDays);
|
|
}
|
|
|
|
protected function sendUserCreationNotification(string $createdUserLogin): void
|
|
{
|
|
$mail = StaticContainer::getContainer()->make(UserCreatedEmail::class, [
|
|
'login' => Piwik::getCurrentUserLogin(),
|
|
'emailAddress' => Piwik::getCurrentUserEmail(),
|
|
'userLogin' => $createdUserLogin,
|
|
]);
|
|
$mail->safeSend();
|
|
}
|
|
|
|
protected function sendInvitationEmail(array $user, string $inviteToken, int $expiryInDays): void
|
|
{
|
|
$site = $this->model->getSitesAccessFromUser($user['login']);
|
|
|
|
if (isset($site[0])) {
|
|
$siteName = Site::getNameFor($site[0]['site']);
|
|
} else {
|
|
$siteName = "Default Site";
|
|
}
|
|
|
|
$email = StaticContainer::getContainer()->make(UserInviteEmail::class, [
|
|
'currentUser' => Piwik::getCurrentUserLogin(),
|
|
'invitedUser' => $user,
|
|
'siteName' => $siteName,
|
|
'token' => $inviteToken,
|
|
'expiryInDays' => $expiryInDays
|
|
]);
|
|
$email->safeSend();
|
|
}
|
|
|
|
/**
|
|
* @param array $user
|
|
* @return array
|
|
* @throws \Exception
|
|
*/
|
|
public function enrichUser(array $user): array
|
|
{
|
|
if (empty($user)) {
|
|
return $user;
|
|
}
|
|
|
|
unset($user['token_auth']);
|
|
unset($user['password']);
|
|
unset($user['ts_password_modified']);
|
|
unset($user['idchange_last_viewed']);
|
|
|
|
if ($lastSeen = LastSeenTimeLogger::getLastSeenTimeForUser($user['login'])) {
|
|
$user['last_seen'] = Date::getDatetimeFromTimestamp($lastSeen);
|
|
}
|
|
|
|
$user['invite_status'] = 'active';
|
|
|
|
if (!empty($user['invite_expired_at'])) {
|
|
$inviteExpireAt = Date::factory($user['invite_expired_at']);
|
|
// if token expired
|
|
if (Date::now()->isLater($inviteExpireAt)) {
|
|
$user['invite_status'] = 'expired';
|
|
}
|
|
// if token not expired
|
|
if (Date::now()->isEarlier($inviteExpireAt)) {
|
|
$dayLeft = floor(Date::secondsToDays($inviteExpireAt->getTimestamp() - Date::now()->getTimestamp()));
|
|
$user['invite_status'] = $dayLeft;
|
|
}
|
|
}
|
|
|
|
if (Piwik::hasUserSuperUserAccess()) {
|
|
$user['uses_2fa'] = !empty($user['twofactor_secret']) && $this->isTwoFactorAuthPluginEnabled();
|
|
unset($user['twofactor_secret']);
|
|
return $user;
|
|
}
|
|
|
|
$newUser = ['login' => $user['login']];
|
|
|
|
if ($user['login'] === Piwik::getCurrentUserLogin() || !empty($user['superuser_access'])) {
|
|
$newUser['email'] = $user['email'];
|
|
}
|
|
|
|
if (isset($user['role'])) {
|
|
$newUser['role'] = $user['role'] == 'superuser' ? 'admin' : $user['role'];
|
|
}
|
|
if (isset($user['capabilities'])) {
|
|
$newUser['capabilities'] = $user['capabilities'];
|
|
}
|
|
|
|
if (isset($user['superuser_access'])) {
|
|
$newUser['superuser_access'] = $user['superuser_access'];
|
|
}
|
|
|
|
if (isset($user['last_seen'])) {
|
|
$newUser['last_seen'] = $user['last_seen'];
|
|
}
|
|
$newUser['invite_status'] = $user['invite_status'];
|
|
if (isset($user['invited_by'])) {
|
|
$newUser['invited_by'] = $user['invited_by'];
|
|
}
|
|
|
|
return $newUser;
|
|
}
|
|
|
|
/**
|
|
* @param array $users
|
|
* @return mixed
|
|
* @throws \Exception
|
|
*/
|
|
public function enrichUsers(array $users): array
|
|
{
|
|
if (!empty($users)) {
|
|
foreach ($users as $index => $user) {
|
|
$users[$index] = $this->enrichUser($user);
|
|
}
|
|
}
|
|
return $users;
|
|
}
|
|
|
|
/**
|
|
* @param array $users
|
|
* @return mixed
|
|
*/
|
|
public function enrichUsersWithLastSeen(array $users): array
|
|
{
|
|
$formatter = new Formatter();
|
|
|
|
$lastSeenTimes = LastSeenTimeLogger::getLastSeenTimesForAllUsers();
|
|
foreach ($users as &$user) {
|
|
$login = $user['login'];
|
|
if (isset($lastSeenTimes[$login])) {
|
|
$user['last_seen'] = $formatter->getPrettyTimeFromSeconds(time() - $lastSeenTimes[$login]);
|
|
}
|
|
}
|
|
return $users;
|
|
}
|
|
|
|
private function isTwoFactorAuthPluginEnabled(): bool
|
|
{
|
|
if (!isset($this->twoFaPluginActivated)) {
|
|
$this->twoFaPluginActivated = Plugin\Manager::getInstance()->isPluginActivated('TwoFactorAuth');
|
|
}
|
|
return $this->twoFaPluginActivated;
|
|
}
|
|
}
|