1 files changed, 68 insertions, 65 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 5209edc84..7d3c010c4 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -4,17 +4,6 @@
  * Controller to handle user actions.
  */
 class FreshRSS_user_Controller extends Minz_ActionController {
-	// Will also have to be computed client side on mobile devices,
-	// so do not use a too high cost
-	const BCRYPT_COST = 9;
-
-	public static function hashPassword($passwordPlain) {
-		$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
-		$passwordPlain = '';
-		$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
-		return $passwordHash == '' ? '' : $passwordHash;
-	}
-
 	/**
 	 * The username is also used as folder name, file name, and part of SQL table name.
 	 * '_' is a reserved internal username.
@@ -25,15 +14,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
-	public static function deleteFeverKey($username) {
-		$userConfig = get_user_configuration($username);
-		if ($userConfig !== null && ctype_xdigit($userConfig->feverKey)) {
-			return @unlink(DATA_PATH . '/fever/.key-' . sha1(FreshRSS_Context::$system_conf->salt) . '-' . $userConfig->feverKey . '.txt');
-		}
-		return false;
-	}
-
-	public static function updateUser($user, $email, $passwordPlain, $apiPasswordPlain, $userConfigUpdated = array()) {
+	public static function updateUser($user, $email, $passwordPlain, $userConfigUpdated = array()) {
 		$userConfig = get_user_configuration($user);
 		if ($userConfig === null) {
 			return false;
@@ -51,33 +32,10 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 
 		if ($passwordPlain != '') {
-			$passwordHash = self::hashPassword($passwordPlain);
+			$passwordHash = FreshRSS_password_Util::hash($passwordPlain);
 			$userConfig->passwordHash = $passwordHash;
 		}
 
-		if ($apiPasswordPlain != '') {
-			$apiPasswordHash = self::hashPassword($apiPasswordPlain);
-			$userConfig->apiPasswordHash = $apiPasswordHash;
-
-			$feverPath = DATA_PATH . '/fever/';
-
-			if (!file_exists($feverPath)) {
-				@mkdir($feverPath, 0770, true);
-			}
-
-			if (!is_writable($feverPath)) {
-				Minz_Log::error("Could not save Fever API credentials. The directory does not have write access.");
-			} else {
-				self::deleteFeverKey($user);
-				$userConfig->feverKey = strtolower(md5("{$user}:{$apiPasswordPlain}"));
-				$ok = file_put_contents($feverPath . '.key-' . sha1(FreshRSS_Context::$system_conf->salt) . '-' . $userConfig->feverKey . '.txt', $user) !== false;
-
-				if (!$ok) {
-					Minz_Log::warning('Could not save Fever API credentials. Unknown error.', ADMIN_LOG);
-				}
-			}
-		}
-
 		if (is_array($userConfigUpdated)) {
 			foreach ($userConfigUpdated as $configName => $configValue) {
 				if ($configValue !== null) {
@@ -100,10 +58,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
 			$_POST['newPasswordPlain'] = '';
 
-			$apiPasswordPlain = Minz_Request::param('apiPasswordPlain', '', true);
-
 			$username = Minz_Request::param('username');
-			$ok = self::updateUser($username, null, $passwordPlain, $apiPasswordPlain, array(
+			$ok = self::updateUser($username, null, $passwordPlain, array(
 				'token' => Minz_Request::param('token', null),
 			));
 
@@ -118,7 +74,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				Minz_Request::bad(_t('feedback.user.updated.error', $username),
 				                  array('c' => 'user', 'a' => 'manage'));
 			}
-
 		}
 	}
 
@@ -130,7 +85,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Error::error(403);
 		}
 
-		$email_not_verified = FreshRSS_Context::$user_conf->email_validation_token !== '';
+		$email_not_verified = FreshRSS_Context::$user_conf->email_validation_token != '';
 		$this->view->disable_aside = false;
 		if ($email_not_verified) {
 			$this->view->_layout('simple');
@@ -151,8 +106,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
 			$_POST['newPasswordPlain'] = '';
 
-			$apiPasswordPlain = Minz_Request::param('apiPasswordPlain', '', true);
-
 			if ($system_conf->force_email_validation && empty($email)) {
 				Minz_Request::bad(
 					_t('user.email.feedback.required'),
@@ -171,7 +124,6 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				Minz_Session::param('currentUser'),
 				$email,
 				$passwordPlain,
-				$apiPasswordPlain,
 				array(
 					'token' => Minz_Request::param('token', null),
 				)
@@ -194,6 +146,23 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 	}
 
+	public function purgeAction() {
+		if (!FreshRSS_Auth::hasAccess('admin')) {
+			Minz_Error::error(403);
+		}
+
+		if (Minz_Request::isPost()) {
+			$username = Minz_Request::param('username');
+
+			if (!FreshRSS_UserDAO::exists($username)) {
+				Minz_Error::error(404);
+			}
+
+			$feedDAO = FreshRSS_Factory::createFeedDao($username);
+			$feedDAO->purge();
+		}
+	}
+
 	/**
 	 * This action displays the user management page.
 	 */
@@ -204,22 +173,26 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 		Minz_View::prependTitle(_t('admin.user.title') . ' · ');
 
+		if (Minz_Request::isPost()) {
+			$action = Minz_Request::param('action');
+			if ('delete' === $action) {
+				$this->deleteAction();
+			} elseif ('update' === $action) {
+				$this->updateAction();
+			} elseif ('purge' === $action) {
+				$this->purgeAction();
+			}
+		}
+
 		$this->view->show_email_field = FreshRSS_Context::$system_conf->force_email_validation;
 		$this->view->current_user = Minz_Request::param('u');
 
-		$this->view->nb_articles = 0;
-		$this->view->size_user = 0;
-		if ($this->view->current_user) {
-			// Get information about the current user.
-			$entryDAO = FreshRSS_Factory::createEntryDao($this->view->current_user);
-			$this->view->nb_articles = $entryDAO->count();
-
-			$databaseDAO = FreshRSS_Factory::createDatabaseDAO($this->view->current_user);
-			$this->view->size_user = $databaseDAO->size();
+		foreach (listUsers() as $user) {
+			$this->view->users[$user] = $this->retrieveUserDetails($user);
 		}
 	}
 
-	public static function createUser($new_user_name, $email, $passwordPlain, $apiPasswordPlain = '', $userConfigOverride = [], $insertDefaultFeeds = true) {
+	public static function createUser($new_user_name, $email, $passwordPlain, $userConfigOverride = [], $insertDefaultFeeds = true) {
 		$userConfig = [];
 
 		$customUserConfigPath = join_path(DATA_PATH, 'config-user.custom.php');
@@ -271,7 +244,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				}
 			}
 
-			$ok &= self::updateUser($new_user_name, $email, $passwordPlain, $apiPasswordPlain);
+			$ok &= self::updateUser($new_user_name, $email, $passwordPlain);
 		}
 		return $ok;
 	}
@@ -326,7 +299,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				);
 			}
 
-			$ok = self::createUser($new_user_name, $email, $passwordPlain, '', array('language' => $new_user_language));
+			$ok = self::createUser($new_user_name, $email, $passwordPlain, array('language' => $new_user_language));
 			Minz_Request::_param('new_user_passwordPlain');	//Discard plain-text password ASAP
 			$_POST['new_user_passwordPlain'] = '';
 			invalidateHttpCache();
@@ -366,7 +339,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$user_data = join_path(DATA_PATH, 'users', $username);
 		$ok &= is_dir($user_data);
 		if ($ok) {
-			self::deleteFeverKey($username);
+			FreshRSS_fever_Util::deleteKey($username);
 			$oldUserDAO = FreshRSS_Factory::createUserDao($username);
 			$ok &= $oldUserDAO->deleteUser();
 			$ok &= recursive_unlink($user_data);
@@ -542,4 +515,34 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 		Minz_Request::forward($redirect_url, true);
 	}
+
+	public function detailsAction() {
+		if (!FreshRSS_Auth::hasAccess('admin')) {
+			Minz_Error::error(403);
+		}
+
+		$username = Minz_Request::param('username');
+		if (!FreshRSS_UserDAO::exists($username)) {
+			Minz_Error::error(404);
+		}
+
+		$this->view->username = $username;
+		$this->view->details = $this->retrieveUserDetails($username);
+	}
+
+	private function retrieveUserDetails($username) {
+		$feedDAO = FreshRSS_Factory::createFeedDao($username);
+		$entryDAO = FreshRSS_Factory::createEntryDao($username);
+		$databaseDAO = FreshRSS_Factory::createDatabaseDAO($username);
+
+		$userConfiguration = get_user_configuration($username);
+
+		return array(
+			'feed_count' => $feedDAO->count(),
+			'article_count' => $entryDAO->count(),
+			'database_size' => $databaseDAO->size(),
+			'language' => $userConfiguration->language,
+			'mail_login' => $userConfiguration->mail_login,
+		);
+	}
 }