diff options
Diffstat (limited to 'plugins/UsersManager/Repository/UserRepository.php')
-rw-r--r-- | plugins/UsersManager/Repository/UserRepository.php | 197 |
1 files changed, 111 insertions, 86 deletions
diff --git a/plugins/UsersManager/Repository/UserRepository.php b/plugins/UsersManager/Repository/UserRepository.php index 51dd49636b..e806211abc 100644 --- a/plugins/UsersManager/Repository/UserRepository.php +++ b/plugins/UsersManager/Repository/UserRepository.php @@ -16,18 +16,26 @@ use Piwik\Plugins\UsersManager\UserAccessFilter; use Piwik\Plugins\UsersManager\UsersManager; use Piwik\Plugins\UsersManager\Validators\Email; use Piwik\Plugins\UsersManager\Validators\Login; +use Piwik\Site; use Piwik\Validators\BaseValidator; use Piwik\Validators\IdSite; use Piwik\Plugin; - class UserRepository { - + /** + * @var Model + */ protected $model; + /** + * @var UserAccessFilter + */ protected $filter; + /** + * @var Password + */ protected $password; public function __construct(Model $model, UserAccessFilter $filter, Password $password) @@ -37,36 +45,35 @@ class UserRepository $this->password = $password; } - - public function index($userLogin, $pending) - { - Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin); - $this->checkUserExists($userLogin); - - $user = $this->model->getUser($userLogin, $pending); - - $user = $this->filter->filterUser($user); - return $this->enrichUser($user); - } - - public function create($userLogin, $email, $initialIdSite, $password = '', $_isPasswordHashed = false) - { - $this->validateAccess(); + /** + * @param string $userLogin + * @param string $email + * @param int $initialIdSite + * @param string $password + * @param bool $isPasswordHashed + * @throws \Exception + */ + public function create( + string $userLogin, + string $email, + ?int $initialIdSite = null, + string $password = '', + bool $isPasswordHashed = false + ): void { if (!Piwik::hasUserSuperUserAccess()) { if (empty($initialIdSite)) { throw new \Exception(Piwik::translate("UsersManager_AddUserNoInitialAccessError")); } - // check if the site exist + // check if the site exists BaseValidator::check('siteId', $initialIdSite, [new IdSite()]); Piwik::checkUserHasAdminAccess($initialIdSite); } - //validate info - BaseValidator::check('userLogin', $userLogin, [new Login(true)]); - BaseValidator::check('email', $email, [new Email(true)]); + BaseValidator::check(Piwik::translate('General_Username'), $userLogin, [new Login(true)]); + BaseValidator::check(Piwik::translate('Installation_Email'), $email, [new Email(true)]); if (!empty($password)) { - if (!$_isPasswordHashed) { + if (!$isPasswordHashed) { $passwordTransformed = UsersManager::getPasswordHash($password); } else { $passwordTransformed = $password; @@ -74,67 +81,69 @@ class UserRepository $password = $this->password->hash($passwordTransformed); } - //insert user into database. - $this->model->addUser($userLogin, $password, $email, Date::now()->getDatetime(), empty($password)); - - /** - * Triggered after a new user is invited. - * - * @param string $userLogin The new user's details handle. - */ - Piwik::postEvent('UsersManager.inviteUser.end', array($userLogin, $email)); + $this->model->addUser($userLogin, $password, $email, Date::now()->getDatetime()); if ($initialIdSite) { API::getInstance()->setUserAccess($userLogin, 'view', $initialIdSite); } + + $this->sendUserCreationNotification($userLogin); } - public function sendNewUserEmails($userLogin, $expired = 7, $newUser = true) + public function inviteUser(string $userLogin, string $email, ?int $initialIdSite = null, $expiryInDays = null): void { + $this->create($userLogin, $email, $initialIdSite); + $this->model->updateUserFields($userLogin, ['invited_by' => Piwik::getCurrentUserLogin()]); + $user = $this->model->getUser($userLogin); + $generatedToken = $this->model->generateRandomInviteToken(); + $this->model->attachInviteToken($userLogin, $generatedToken, $expiryInDays); + $this->sendInvitationEmail($user, $generatedToken, $expiryInDays); + } - //send Admin Email - if ($newUser) { - $mail = StaticContainer::getContainer()->make(UserCreatedEmail::class, array( - 'login' => Piwik::getCurrentUserLogin(), - 'emailAddress' => Piwik::getCurrentUserEmail(), - 'userLogin' => $userLogin, - )); - $mail->safeSend(); - } - - - if (!empty($expired)) { - //retrieve user details - $user = API::getInstance()->getUser($userLogin); - - //remove all previous token - $this->model->deleteAllTokensForUser($userLogin); - - //generate Token - $generatedToken = $this->model->generateRandomTokenAuth(); - - //attach token to user - $this->model->addTokenAuth($userLogin, $generatedToken, "Invite Token", Date::now()->getDatetime(), - Date::now()->addDay($expired)->getDatetime()); - + public function reInviteUser(string $userLogin, $expiryInDays = null): void + { + $user = $this->model->getUser($userLogin); + $generatedToken = $this->model->generateRandomInviteToken(); + $this->model->attachInviteToken($userLogin, $generatedToken, $expiryInDays); + $this->sendInvitationEmail($user, $generatedToken, $expiryInDays); + } - // send email - $email = StaticContainer::getContainer()->make(UserInviteEmail::class, array( - 'currentUser' => Piwik::getCurrentUserLogin(), - 'user' => $user, - 'token' => $generatedToken - )); - $email->safeSend(); - } + protected function sendUserCreationNotification(string $createdUserLogin): void + { + $mail = StaticContainer::getContainer()->make(UserCreatedEmail::class, [ + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'userLogin' => $createdUserLogin, + ]); + $mail->safeSend(); } - private function validateAccess() + protected function sendInvitationEmail(array $user, string $inviteToken, int $expiryInDays): void { - Piwik::checkUserHasSomeAdminAccess(); - UsersManager::dieIfUsersAdminIsDisabled(); + $site = $this->model->getSitesAccessFromUser($user['login']); + + if (isset($site[0])) { + $siteName = Site::getNameFor($site[0]['site']); + } else { + $siteName = "Default Site"; + } + + $email = StaticContainer::getContainer()->make(UserInviteEmail::class, [ + 'currentUser' => Piwik::getCurrentUserLogin(), + 'invitedUser' => $user, + 'siteName' => $siteName, + 'token' => $inviteToken, + 'expiryInDays' => $expiryInDays + ]); + $email->safeSend(); } - public function enrichUser($user) + /** + * @param array $user + * @return array + * @throws \Exception + */ + public function enrichUser(array $user): array { if (empty($user)) { return $user; @@ -149,22 +158,28 @@ class UserRepository $user['last_seen'] = Date::getDatetimeFromTimestamp($lastSeen); } + $user['invite_status'] = 'active'; + + if (!empty($user['invite_expired_at'])) { + $inviteExpireAt = Date::factory($user['invite_expired_at']); + // if token expired + if (Date::now()->isLater($inviteExpireAt)) { + $user['invite_status'] = 'expired'; + } + // if token not expired + if (Date::now()->isEarlier($inviteExpireAt)) { + $dayLeft = floor(Date::secondsToDays($inviteExpireAt->getTimestamp() - Date::now()->getTimestamp())); + $user['invite_status'] = $dayLeft; + } + } + if (Piwik::hasUserSuperUserAccess()) { $user['uses_2fa'] = !empty($user['twofactor_secret']) && $this->isTwoFactorAuthPluginEnabled(); unset($user['twofactor_secret']); - if (!empty($user['invite_status']) && $user['invite_status'] === 'pending') { - $validToken = $this->model->checkUserHasUnexpiredToken($user['login']); - if (!$validToken) { - $user['invite_status'] = 'expired'; - } - } - if (empty($user['invite_status'])) { - $user['invite_status'] = 'accept'; - } return $user; } - $newUser = array('login' => $user['login']); + $newUser = ['login' => $user['login']]; if ($user['login'] === Piwik::getCurrentUserLogin() || !empty($user['superuser_access'])) { $newUser['email'] = $user['email']; @@ -184,11 +199,20 @@ class UserRepository if (isset($user['last_seen'])) { $newUser['last_seen'] = $user['last_seen']; } + $newUser['invite_status'] = $user['invite_status']; + if (isset($user['invited_by'])) { + $newUser['invited_by'] = $user['invited_by']; + } return $newUser; } - public function enrichUsers($users) + /** + * @param array $users + * @return mixed + * @throws \Exception + */ + public function enrichUsers(array $users): array { if (!empty($users)) { foreach ($users as $index => $user) { @@ -198,7 +222,11 @@ class UserRepository return $users; } - public function enrichUsersWithLastSeen($users) + /** + * @param array $users + * @return mixed + */ + public function enrichUsersWithLastSeen(array $users): array { $formatter = new Formatter(); @@ -212,14 +240,11 @@ class UserRepository return $users; } - - private function isTwoFactorAuthPluginEnabled() + private function isTwoFactorAuthPluginEnabled(): bool { if (!isset($this->twoFaPluginActivated)) { $this->twoFaPluginActivated = Plugin\Manager::getInstance()->isPluginActivated('TwoFactorAuth'); } return $this->twoFaPluginActivated; } - - -}
\ No newline at end of file +} |