diff --git a/ext/user/events.php b/ext/user/events.php index 61ab8bab..e93391af 100644 --- a/ext/user/events.php +++ b/ext/user/events.php @@ -20,14 +20,10 @@ class UserBlockBuildingEvent extends Event class UserOperationsBuildingEvent extends Event { public array $parts = []; - public User $user; - public BaseConfig $user_config; - public function __construct(User $user, BaseConfig $user_config) + public function __construct(public User $user, public BaseConfig $user_config) { parent::__construct(); - $this->user = $user; - $this->user_config = $user_config; } public function add_html(string $html): void @@ -38,13 +34,11 @@ class UserOperationsBuildingEvent extends Event class UserPageBuildingEvent extends Event { - public User $display_user; public array $stats = []; - public function __construct(User $display_user) + public function __construct(public User $display_user) { parent::__construct(); - $this->display_user = $display_user; } public function add_stats(string $html, int $position=50) @@ -58,38 +52,29 @@ class UserPageBuildingEvent extends Event class UserCreationEvent extends Event { - public string $username; - public string $password; - public string $email; - public bool $login; - - public function __construct(string $name, string $pass, string $email, bool $login) - { + public function __construct( + public string $username, + public string $password, + public string $password2, + public string $email, + public bool $login + ) { parent::__construct(); - $this->username = $name; - $this->password = $pass; - $this->email = $email; - $this->login = $login; } } class UserLoginEvent extends Event { - public User $user; - public function __construct(User $user) + public function __construct(public User $user) { parent::__construct(); - $this->user = $user; } } class UserDeletionEvent extends Event { - public int $id; - - public function __construct(int $id) + public function __construct(public int $id) { parent::__construct(); - $this->id = $id; } } diff --git a/ext/user/main.php b/ext/user/main.php index 84481aea..75ab6154 100644 --- a/ext/user/main.php +++ b/ext/user/main.php @@ -79,7 +79,7 @@ class NullUserException extends SCoreException { } -#[Type(name: "LoginResult")] +#[Type] class LoginResult { public function __construct( @@ -92,11 +92,11 @@ class LoginResult ) { } - #[Mutation(name: "login")] - public static function login(string $name, string $pass): LoginResult + #[Mutation] + public static function login(string $username, string $password): LoginResult { global $config; - $duser = User::by_name_and_pass($name, $pass); + $duser = User::by_name_and_pass($username, $password); if (!is_null($duser)) { return new LoginResult( $duser, @@ -112,7 +112,28 @@ class LoginResult ); } } + + #[Mutation] + public static function create_user(string $username, string $password1, string $password2, string $email): LoginResult + { + global $config; + try { + $uce = send_event(new UserCreationEvent($username, $password1, $password2, $email, true)); + return new LoginResult( + User::by_name($username), + UserPage::get_session_id($username), + null + ); + } catch (UserCreationException $ex) { + return new LoginResult( + User::by_id($config->get_int("anon_id", 0)), + null, + $ex->getMessage() + ); + } + } } + class UserPage extends Extension { /** @var UserPageTheme $theme */ @@ -154,7 +175,7 @@ class UserPage extends Extension } elseif ($event->get_arg(0) == "create") { $this->page_create(); } elseif ($event->get_arg(0) == "create_other") { - send_event(new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['email'], false)); + send_event(new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['pass1'], $_POST['email'], false)); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("admin")); $page->flash("Created new user"); @@ -393,7 +414,36 @@ class UserPage extends Extension public function onUserCreation(UserCreationEvent $event) { - $this->check_user_creation($event); + $name = $event->username; + //$pass = $event->password; + //$email = $event->email; + + global $config, $page, $user; + if (!$user->can(Permissions::CREATE_USER)) { + throw new UserCreationException("Account creation is currently disabled"); + } + if (!$config->get_bool("login_signup_enabled")) { + throw new UserCreationException("Account creation is currently disabled"); + } + if (strlen($name) < 1) { + throw new UserCreationException("Username must be at least 1 character"); + } + if (!preg_match('/^[a-zA-Z0-9-_]+$/', $name)) { + throw new UserCreationException( + "Username contains invalid characters. Allowed characters are ". + "letters, numbers, dash, and underscore" + ); + } + if (User::by_name($name)) { + throw new UserCreationException("That username is already taken"); + } + if (!captcha_check()) { + throw new UserCreationException("Error in captcha"); + } + if ($event->password != $event->password2) { + throw new UserCreationException("Passwords don't match"); + } + $new_user = $this->create_user($event); if ($event->login) { send_event(new UserLoginEvent($new_user)); @@ -533,15 +583,9 @@ class UserPage extends Extension $this->theme->display_signups_disabled($page); } elseif (!isset($_POST['name'])) { $this->theme->display_signup_page($page); - } elseif ($_POST['pass1'] != $_POST['pass2']) { - $this->theme->display_error(400, "Password Mismatch", "Passwords don't match"); } else { try { - if (!captcha_check()) { - throw new UserCreationException("Error in captcha"); - } - - $uce = send_event(new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['email'], true)); + $uce = send_event(new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['pass2'], $_POST['email'], true)); $this->set_login_cookie($uce->username); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("user")); @@ -551,24 +595,6 @@ class UserPage extends Extension } } - private function check_user_creation(UserCreationEvent $event): void - { - $name = $event->username; - //$pass = $event->password; - //$email = $event->email; - - if (strlen($name) < 1) { - throw new UserCreationException("Username must be at least 1 character"); - } elseif (!preg_match('/^[a-zA-Z0-9-_]+$/', $name)) { - throw new UserCreationException( - "Username contains invalid characters. Allowed characters are ". - "letters, numbers, dash, and underscore" - ); - } elseif (User::by_name($name)) { - throw new UserCreationException("That username is already taken"); - } - } - private function create_user(UserCreationEvent $event): User { global $database; diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 612c8838..e6d8b72b 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -41,6 +41,7 @@ $config->set_string("thumb_engine", "static"); # GD has less overhead per-call $config->set_bool("nice_urls", true); send_event(new DatabaseUpgradeEvent()); send_event(new InitExtEvent()); +$user = User::by_id($config->get_int("anon_id", 0)); $_tracer->end(); abstract class ShimmiePHPUnitTestCase extends TestCase @@ -100,7 +101,7 @@ abstract class ShimmiePHPUnitTestCase extends TestCase { if (is_null(User::by_name($name))) { $userPage = new UserPage(); - $userPage->onUserCreation(new UserCreationEvent($name, $name, "", false)); + $userPage->onUserCreation(new UserCreationEvent($name, $name, $name, "", false)); assert(!is_null(User::by_name($name)), "Creation of user $name failed"); } }