API: move create/delete user calls to usermanager

This only moves the calls. A proper refactoring of the user manager would make sense: 1) introduce a helper component covering the basic operations including proper error signalling using Exceptions 2) refactor admin and cli components to make use of 1) 3) make the operations in 1) available via the API
2024-01-05 13:58:01 +01:00 · 2024-01-05 13:58:01 +01:00 · 0caa81c700
parent f1cc602f77
commit 0caa81c700
2 changed files with 102 additions and 93 deletions
--- a/inc/Remote/ApiCore.php
+++ b/inc/Remote/ApiCore.php
@ -70,10 +70,6 @@ class ApiCore

            'core.saveMedia' => new ApiCall([$this, 'saveMedia'], 'media'),
            'core.deleteMedia' => new ApiCall([$this, 'deleteMedia'], 'media'),
-
-
-            'core.createUser' => new ApiCall([$this, 'createUser'], 'user'),
-            'core.deleteUser' => new ApiCall([$this, 'deleteUser'], 'user'),
        ];
    }

@ -977,95 +973,6 @@ class ApiCore
    // endregion


-    /**
-     * Create a new user
-     *
-     * If no password is provided, a password is auto generated. If the user can't be created
-     * by the auth backend a return value of `false` is returned. You need to check this return
-     * value rather than relying on the error code only.
-     *
-     * Superuser permission are required to create users.
-     *
-     * @param string $user The user's login name
-     * @param string $name The user's full name
-     * @param string $mail The user's email address
-     * @param string[] $groups The groups the user should be in
-     * @param string $password The user's password, empty for autogeneration
-     * @param bool $notify Whether to send a notification email to the user
-     * @return bool Wether the user was successfully created
-     * @throws AccessDeniedException
-     * @throws RemoteException
-     * @todo move to user manager plugin
-     * @todo handle error messages from auth backend
-     */
-    public function createUser($user, $name, $mail, $groups, $password = '', $notify = false)
-    {
-        if (!auth_isadmin()) {
-            throw new AccessDeniedException('Only admins are allowed to create users', 114);
-        }
-
-        /** @var AuthPlugin $auth */
-        global $auth;
-
-        if (!$auth->canDo('addUser')) {
-            throw new AccessDeniedException(
-                sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()),
-                114
-            );
-        }
-
-        $user = trim($auth->cleanUser($user));
-        $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name));
-        $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail));
-
-        if ($user === '') throw new RemoteException('empty or invalid user', 401);
-        if ($name === '') throw new RemoteException('empty or invalid user name', 402);
-        if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403);
-
-        if ((string)$password === '') {
-            try {
-                $password = auth_pwgen($user);
-            } catch (\Exception $e) {
-                throw new RemoteException('Could not generate password', 404); // FIXME adjust code
-            }
-        }
-
-        if (!is_array($groups) || $groups === []) {
-            $groups = null;
-        }
-
-        $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]);
-
-        if ($ok && $notify) {
-            auth_sendPassword($user, $password);
-        }
-
-        return $ok;
-    }
-
-
-    /**
-     * Remove a user
-     *
-     * You need to be a superuser to delete users.
-     *
-     * @param string[] $user The login name of the user to delete
-     * @return bool wether the user was successfully deleted
-     * @throws AccessDeniedException
-     * @todo move to user manager plugin
-     * @todo handle error messages from auth backend
-     */
-    public function deleteUser($user)
-    {
-        if (!auth_isadmin()) {
-            throw new AccessDeniedException('Only admins are allowed to delete users', 114);
-        }
-        /** @var AuthPlugin $auth */
-        global $auth;
-        return (bool)$auth->triggerUserMod('delete', [[$user]]);
-    }
-
-
    /**
     * Resolve page id
     *
--- a/lib/plugins/usermanager/remote.php
+++ b/lib/plugins/usermanager/remote.php
@ -0,0 +1,102 @@
+<?php
+
+use dokuwiki\Extension\AuthPlugin;
+use dokuwiki\Extension\RemotePlugin;
+use dokuwiki\Remote\AccessDeniedException;
+use dokuwiki\Remote\RemoteException;
+
+/**
+ * DokuWiki Plugin usermanager (Action Component)
+ *
+ * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
+ * @author Chris Smith <chris@jalakai.co.uk>
+ */
+class remote_plugin_usermanager extends RemotePlugin
+{
+
+    /**
+     * Create a new user
+     *
+     * If no password is provided, a password is auto generated. If the user can't be created
+     * by the auth backend a return value of `false` is returned. You need to check this return
+     * value rather than relying on the error code only.
+     *
+     * Superuser permission are required to create users.
+     *
+     * @param string $user The user's login name
+     * @param string $name The user's full name
+     * @param string $mail The user's email address
+     * @param string[] $groups The groups the user should be in
+     * @param string $password The user's password, empty for autogeneration
+     * @param bool $notify Whether to send a notification email to the user
+     * @return bool Wether the user was successfully created
+     * @throws AccessDeniedException
+     * @throws RemoteException
+     * @todo handle error messages from auth backend
+     */
+    public function createUser($user, $name, $mail, $groups, $password = '', $notify = false)
+    {
+        if (!auth_isadmin()) {
+            throw new AccessDeniedException('Only admins are allowed to create users', 114);
+        }
+
+        /** @var AuthPlugin $auth */
+        global $auth;
+
+        if (!$auth->canDo('addUser')) {
+            throw new AccessDeniedException(
+                sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()),
+                114
+            );
+        }
+
+        $user = trim($auth->cleanUser($user));
+        $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name));
+        $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail));
+
+        if ($user === '') throw new RemoteException('empty or invalid user', 401);
+        if ($name === '') throw new RemoteException('empty or invalid user name', 402);
+        if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403);
+
+        if ((string)$password === '') {
+            try {
+                $password = auth_pwgen($user);
+            } catch (\Exception $e) {
+                throw new RemoteException('Could not generate password', 404); // FIXME adjust code
+            }
+        }
+
+        if (!is_array($groups) || $groups === []) {
+            $groups = null;
+        }
+
+        $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]);
+
+        if ($ok && $notify) {
+            auth_sendPassword($user, $password);
+        }
+
+        return $ok;
+    }
+
+
+    /**
+     * Remove a user
+     *
+     * You need to be a superuser to delete users.
+     *
+     * @param string[] $user The login name of the user to delete
+     * @return bool wether the user was successfully deleted
+     * @throws AccessDeniedException
+     * @todo handle error messages from auth backend
+     */
+    public function deleteUser($user)
+    {
+        if (!auth_isadmin()) {
+            throw new AccessDeniedException('Only admins are allowed to delete users', 114);
+        }
+        /** @var AuthPlugin $auth */
+        global $auth;
+        return (bool)$auth->triggerUserMod('delete', [[$user]]);
+    }
+}