Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/UsersManager/Repository/UserRepository.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/UsersManager/Repository/UserRepository.php')
-rw-r--r--plugins/UsersManager/Repository/UserRepository.php197
1 files changed, 111 insertions, 86 deletions
diff --git a/plugins/UsersManager/Repository/UserRepository.php b/plugins/UsersManager/Repository/UserRepository.php
index 51dd49636b..e806211abc 100644
--- a/plugins/UsersManager/Repository/UserRepository.php
+++ b/plugins/UsersManager/Repository/UserRepository.php
@@ -16,18 +16,26 @@ use Piwik\Plugins\UsersManager\UserAccessFilter;
use Piwik\Plugins\UsersManager\UsersManager;
use Piwik\Plugins\UsersManager\Validators\Email;
use Piwik\Plugins\UsersManager\Validators\Login;
+use Piwik\Site;
use Piwik\Validators\BaseValidator;
use Piwik\Validators\IdSite;
use Piwik\Plugin;
-
class UserRepository
{
-
+ /**
+ * @var Model
+ */
protected $model;
+ /**
+ * @var UserAccessFilter
+ */
protected $filter;
+ /**
+ * @var Password
+ */
protected $password;
public function __construct(Model $model, UserAccessFilter $filter, Password $password)
@@ -37,36 +45,35 @@ class UserRepository
$this->password = $password;
}
-
- public function index($userLogin, $pending)
- {
- Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin);
- $this->checkUserExists($userLogin);
-
- $user = $this->model->getUser($userLogin, $pending);
-
- $user = $this->filter->filterUser($user);
- return $this->enrichUser($user);
- }
-
- public function create($userLogin, $email, $initialIdSite, $password = '', $_isPasswordHashed = false)
- {
- $this->validateAccess();
+ /**
+ * @param string $userLogin
+ * @param string $email
+ * @param int $initialIdSite
+ * @param string $password
+ * @param bool $isPasswordHashed
+ * @throws \Exception
+ */
+ public function create(
+ string $userLogin,
+ string $email,
+ ?int $initialIdSite = null,
+ string $password = '',
+ bool $isPasswordHashed = false
+ ): void {
if (!Piwik::hasUserSuperUserAccess()) {
if (empty($initialIdSite)) {
throw new \Exception(Piwik::translate("UsersManager_AddUserNoInitialAccessError"));
}
- // check if the site exist
+ // check if the site exists
BaseValidator::check('siteId', $initialIdSite, [new IdSite()]);
Piwik::checkUserHasAdminAccess($initialIdSite);
}
- //validate info
- BaseValidator::check('userLogin', $userLogin, [new Login(true)]);
- BaseValidator::check('email', $email, [new Email(true)]);
+ BaseValidator::check(Piwik::translate('General_Username'), $userLogin, [new Login(true)]);
+ BaseValidator::check(Piwik::translate('Installation_Email'), $email, [new Email(true)]);
if (!empty($password)) {
- if (!$_isPasswordHashed) {
+ if (!$isPasswordHashed) {
$passwordTransformed = UsersManager::getPasswordHash($password);
} else {
$passwordTransformed = $password;
@@ -74,67 +81,69 @@ class UserRepository
$password = $this->password->hash($passwordTransformed);
}
- //insert user into database.
- $this->model->addUser($userLogin, $password, $email, Date::now()->getDatetime(), empty($password));
-
- /**
- * Triggered after a new user is invited.
- *
- * @param string $userLogin The new user's details handle.
- */
- Piwik::postEvent('UsersManager.inviteUser.end', array($userLogin, $email));
+ $this->model->addUser($userLogin, $password, $email, Date::now()->getDatetime());
if ($initialIdSite) {
API::getInstance()->setUserAccess($userLogin, 'view', $initialIdSite);
}
+
+ $this->sendUserCreationNotification($userLogin);
}
- public function sendNewUserEmails($userLogin, $expired = 7, $newUser = true)
+ public function inviteUser(string $userLogin, string $email, ?int $initialIdSite = null, $expiryInDays = null): void
{
+ $this->create($userLogin, $email, $initialIdSite);
+ $this->model->updateUserFields($userLogin, ['invited_by' => Piwik::getCurrentUserLogin()]);
+ $user = $this->model->getUser($userLogin);
+ $generatedToken = $this->model->generateRandomInviteToken();
+ $this->model->attachInviteToken($userLogin, $generatedToken, $expiryInDays);
+ $this->sendInvitationEmail($user, $generatedToken, $expiryInDays);
+ }
- //send Admin Email
- if ($newUser) {
- $mail = StaticContainer::getContainer()->make(UserCreatedEmail::class, array(
- 'login' => Piwik::getCurrentUserLogin(),
- 'emailAddress' => Piwik::getCurrentUserEmail(),
- 'userLogin' => $userLogin,
- ));
- $mail->safeSend();
- }
-
-
- if (!empty($expired)) {
- //retrieve user details
- $user = API::getInstance()->getUser($userLogin);
-
- //remove all previous token
- $this->model->deleteAllTokensForUser($userLogin);
-
- //generate Token
- $generatedToken = $this->model->generateRandomTokenAuth();
-
- //attach token to user
- $this->model->addTokenAuth($userLogin, $generatedToken, "Invite Token", Date::now()->getDatetime(),
- Date::now()->addDay($expired)->getDatetime());
-
+ public function reInviteUser(string $userLogin, $expiryInDays = null): void
+ {
+ $user = $this->model->getUser($userLogin);
+ $generatedToken = $this->model->generateRandomInviteToken();
+ $this->model->attachInviteToken($userLogin, $generatedToken, $expiryInDays);
+ $this->sendInvitationEmail($user, $generatedToken, $expiryInDays);
+ }
- // send email
- $email = StaticContainer::getContainer()->make(UserInviteEmail::class, array(
- 'currentUser' => Piwik::getCurrentUserLogin(),
- 'user' => $user,
- 'token' => $generatedToken
- ));
- $email->safeSend();
- }
+ protected function sendUserCreationNotification(string $createdUserLogin): void
+ {
+ $mail = StaticContainer::getContainer()->make(UserCreatedEmail::class, [
+ 'login' => Piwik::getCurrentUserLogin(),
+ 'emailAddress' => Piwik::getCurrentUserEmail(),
+ 'userLogin' => $createdUserLogin,
+ ]);
+ $mail->safeSend();
}
- private function validateAccess()
+ protected function sendInvitationEmail(array $user, string $inviteToken, int $expiryInDays): void
{
- Piwik::checkUserHasSomeAdminAccess();
- UsersManager::dieIfUsersAdminIsDisabled();
+ $site = $this->model->getSitesAccessFromUser($user['login']);
+
+ if (isset($site[0])) {
+ $siteName = Site::getNameFor($site[0]['site']);
+ } else {
+ $siteName = "Default Site";
+ }
+
+ $email = StaticContainer::getContainer()->make(UserInviteEmail::class, [
+ 'currentUser' => Piwik::getCurrentUserLogin(),
+ 'invitedUser' => $user,
+ 'siteName' => $siteName,
+ 'token' => $inviteToken,
+ 'expiryInDays' => $expiryInDays
+ ]);
+ $email->safeSend();
}
- public function enrichUser($user)
+ /**
+ * @param array $user
+ * @return array
+ * @throws \Exception
+ */
+ public function enrichUser(array $user): array
{
if (empty($user)) {
return $user;
@@ -149,22 +158,28 @@ class UserRepository
$user['last_seen'] = Date::getDatetimeFromTimestamp($lastSeen);
}
+ $user['invite_status'] = 'active';
+
+ if (!empty($user['invite_expired_at'])) {
+ $inviteExpireAt = Date::factory($user['invite_expired_at']);
+ // if token expired
+ if (Date::now()->isLater($inviteExpireAt)) {
+ $user['invite_status'] = 'expired';
+ }
+ // if token not expired
+ if (Date::now()->isEarlier($inviteExpireAt)) {
+ $dayLeft = floor(Date::secondsToDays($inviteExpireAt->getTimestamp() - Date::now()->getTimestamp()));
+ $user['invite_status'] = $dayLeft;
+ }
+ }
+
if (Piwik::hasUserSuperUserAccess()) {
$user['uses_2fa'] = !empty($user['twofactor_secret']) && $this->isTwoFactorAuthPluginEnabled();
unset($user['twofactor_secret']);
- if (!empty($user['invite_status']) && $user['invite_status'] === 'pending') {
- $validToken = $this->model->checkUserHasUnexpiredToken($user['login']);
- if (!$validToken) {
- $user['invite_status'] = 'expired';
- }
- }
- if (empty($user['invite_status'])) {
- $user['invite_status'] = 'accept';
- }
return $user;
}
- $newUser = array('login' => $user['login']);
+ $newUser = ['login' => $user['login']];
if ($user['login'] === Piwik::getCurrentUserLogin() || !empty($user['superuser_access'])) {
$newUser['email'] = $user['email'];
@@ -184,11 +199,20 @@ class UserRepository
if (isset($user['last_seen'])) {
$newUser['last_seen'] = $user['last_seen'];
}
+ $newUser['invite_status'] = $user['invite_status'];
+ if (isset($user['invited_by'])) {
+ $newUser['invited_by'] = $user['invited_by'];
+ }
return $newUser;
}
- public function enrichUsers($users)
+ /**
+ * @param array $users
+ * @return mixed
+ * @throws \Exception
+ */
+ public function enrichUsers(array $users): array
{
if (!empty($users)) {
foreach ($users as $index => $user) {
@@ -198,7 +222,11 @@ class UserRepository
return $users;
}
- public function enrichUsersWithLastSeen($users)
+ /**
+ * @param array $users
+ * @return mixed
+ */
+ public function enrichUsersWithLastSeen(array $users): array
{
$formatter = new Formatter();
@@ -212,14 +240,11 @@ class UserRepository
return $users;
}
-
- private function isTwoFactorAuthPluginEnabled()
+ private function isTwoFactorAuthPluginEnabled(): bool
{
if (!isset($this->twoFaPluginActivated)) {
$this->twoFaPluginActivated = Plugin\Manager::getInstance()->isPluginActivated('TwoFactorAuth');
}
return $this->twoFaPluginActivated;
}
-
-
-} \ No newline at end of file
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 09:38:57 +0300