yohan/SemanticScuttle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out bookmark query updates and additional column to User table. Added additional tests

Browse Source
This commit is contained in:
Mark Pemberton 2011-03-19 01:40:56 -04:00
parent c18207edb9
commit 331f7e9687
14 changed files with 200 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
data/tables.sql
View File

@ -73,8 +73,7 @@ CREATE TABLE `sc_users` (
`email` varchar(50) NOT NULL default '',
`homepage` varchar(255) default NULL,
`uContent` text,
`privateKey` varchar(32) NULL,
`enablePrivateKey` int(1) default '0',
`privateKey` varchar(33) default NULL,
PRIMARY KEY (`uId`),
UNIQUE KEY `privateKey` (`privateKey`)
) CHARACTER SET utf8 COLLATE utf8_general_ci ;

2
data/templates/editprofile.tpl.php
View File

@ -32,7 +32,7 @@ $this->includeTemplate($GLOBALS['top_include']);
</tr>
<tr>
<th align="left"><?php echo T_('Private RSS Feed'); ?></th>
<td><input type="checkbox" id="pEnablePrivateKey" name="pEnablePrivateKey" value="1" <?php if ($objectUser->getEnablePrivateKey()==1) echo 'checked="checked"'; ?>><?php echo T_('Enable'); ?>&nbsp;&nbsp;&nbsp;<input type="text" id="pPrivateKey" name="pPrivateKey" size="40" value="<?php echo $privateKey;?>" readonly /><input type="submit" name="submittedPK" value="<?php echo T_('Generate New Key'); ?>" /></td>
<td><input type="checkbox" id="pEnablePrivateKey" name="pEnablePrivateKey" value="1" <?php if (strlen($privateKey)==32) echo 'checked="checked"'; ?>><?php echo T_('Enable'); ?>&nbsp;&nbsp;&nbsp;<input type="text" id="pPrivateKey" name="pPrivateKey" size="40" value="<?php echo substr($privateKey, -32);?>" readonly /><input type="submit" name="submittedPK" value="<?php echo T_('Generate New Key'); ?>" /></td>
</tr>
</table>

4
data/templates/rss.tpl.php
View File

@ -3,7 +3,7 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n";
?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title><?php echo htmlspecialchars($feedtitle); ?></title>
<title><?php echo $feedtitle; ?></title>
<link><?php echo htmlspecialchars($feedlink); ?></link>
<description><?php echo htmlspecialchars($feeddescription); ?></description>
<pubDate><?php echo date('r'); ?></pubDate>
@ -23,4 +23,4 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n";
</item>
<?php endforeach; ?>
</channel>
</rss>
</rss>

11
data/templates/top.inc.php
View File

@ -5,14 +5,13 @@
<title><?php echo filter($GLOBALS['sitename'] .(isset($pagetitle) ? ' » ' . $pagetitle : '')); ?></title>
<link rel="icon" type="image/png" href="<?php echo ROOT ?>icon.png" />
<link rel="stylesheet" type="text/css" href="<?php echo ROOT ?>scuttle.css" />
<link rel="search" type="application/opensearchdescription+xml" href="<?php echo ROOT ?>api/opensearch.php" title="<?php echo htmlspecialchars($GLOBALS['sitename']) ?>"/>
<link rel="search" type="application/opensearchdescription+xml" href="<?php echo ROOT ?>api/opensearch.php" title="<?php echo $GLOBALS['sitename'] ?>"/>
<?php
if (isset($rsschannels)) {
$size = count($rsschannels);
for ($i = 0; $i < $size; $i++) {
echo ' <link rel="alternate" type="application/rss+xml" title="'
. htmlspecialchars($rsschannels[$i][0]) . '"'
. ' href="'. $rsschannels[$i][1] .'" />';
$size = count($rsschannels);
for ($i = 0; $i < $size; $i++) {
echo ' <link rel="alternate" type="application/rss+xml" title="' . htmlspecialchars($rsschannels[$i][0]) . '"'
. ' href="'. $rsschannels[$i][1] .'" />'."\n";
}
}
?>

17
src/SemanticScuttle/Model/User.php
View File

@ -36,7 +36,6 @@ class SemanticScuttle_Model_User
var $datetime;
var $isAdmin;
var $privateKey;
var $enablePrivateKey;
/**
* Create a new user object
@ -86,22 +85,6 @@ class SemanticScuttle_Model_User
return $this->privateKey;
}
/**
* Returns private key flag
*
* @return integer private key 1=enabled, 0=disabled
*/
public function getEnablePrivateKey()
{
// Look for value only if not already set
if (!isset($this->enablePrivateKey)) {
$us = SemanticScuttle_Service_Factory::get('User');
$user = $us->getUser($this->id);
$this->enablePrivateKey = $user['enablePrivateKey'];
}
return $this->enablePrivateKey;
}
/**
* Returns full user name as specified in the profile.
*

91
src/SemanticScuttle/Service/Bookmark.php
View File

@ -303,7 +303,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
function editAllowed($bookmark)
{
if (!is_numeric($bookmark)
&& (!is_array($bookmark) || !isset($bookmark['bId']) || !is_numeric($bookmark['bId']))
&& (!is_array($bookmark)
|| !isset($bookmark['bId'])
|| !is_numeric($bookmark['bId']))
) {
return false;
}
@ -667,26 +669,26 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* each bookmark array contains two additional keys:
* 'hasVoted' and 'vote'.
*
* @param integer $start Page number
* @param integer $perpage Number of bookmarks per page
* @param integer $user User ID
* @param mixed $tags Array of tags or tags separated
* by "+" signs
* @param string $terms Search terms separated by spaces
* @param string $sortOrder One of the following values:
* "date_asc", "date_desc",
* "title_desc", "title_asc",
* "url_desc", "url_asc",
* "voting_asc", "voting_desc"
* @param boolean $watched True if only watched bookmarks
* shall be returned (FIXME)
* @param integer $startdate Filter for creation date.
* SQL-DateTime value
* "YYYY-MM-DD hh:ii:ss'
* @param integer $enddate Filter for creation date.
* SQL-DateTime value
* "YYYY-MM-DD hh:ii:ss'
* @param string $hash Filter by URL hash
* @param integer $start Page number
* @param integer $perpage Number of bookmarks per page
* @param integer $user User ID
* @param mixed $tags Array of tags or tags separated
* by "+" signs
* @param string $terms Search terms separated by spaces
* @param string $sortOrder One of the following values:
* "date_asc", "date_desc",
* "title_desc", "title_asc",
* "url_desc", "url_asc",
* "voting_asc", "voting_desc"
* @param boolean $watched True if only watched bookmarks
* shall be returned (FIXME)
* @param integer $startdate Filter for creation date.
* SQL-DateTime value
* "YYYY-MM-DD hh:ii:ss'
* @param integer $enddate Filter for creation date.
* SQL-DateTime value
* "YYYY-MM-DD hh:ii:ss'
* @param string $hash Filter by URL hash
*
* @return array Array with two keys: 'bookmarks' and 'total'.
* First contains an array of bookmarks, 'total'
@ -705,15 +707,16 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
if ($userservice->isLoggedOn()) {
// All public bookmarks, user's own bookmarks
// and any shared with user
$privacy = ' ((B.bStatus = 0) OR (B.uId = '. $sId .')';
$watchlist = $userservice->getWatchlist($sId);
foreach ($watchlist as $watchuserID) {
$privacy .= ' OR (B.uId = '. $watchuserID .' AND B.bStatus = 1)';
$privacy = ' AND ((B.bStatus = 0) OR (B.uId = '. $sId .')';
$watchnames = $userservice->getWatchNames($sId, true);
foreach ($watchnames as $watchuser) {
$privacy .= ' OR (U.username = "'. $watchuser;
$privacy .= '" AND B.bStatus = 1)';
}
$privacy .= ')';
} else {
// Just public bookmarks
$privacy = ' B.bStatus = 0';
$privacy = ' AND B.bStatus = 0';
}
// Set up the tags, if need be.
@ -727,20 +730,17 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
}
// Set up the SQL query.
$query_1 = 'SELECT DISTINCT(B.bHash), ';
$query_1.= '(select '. $userservice->getFieldName('username');
$query_1.= ' from '. $userservice->getTableName();
$query_1.= ' where uId=B.uId';
$query_1.= ') as '. $userservice->getFieldName('username') .', ';
$query_1 = 'SELECT DISTINCT ';
if (SQL_LAYER == 'mysql4') {
$query_1 .= 'SQL_CALC_FOUND_ROWS ';
}
$query_1 .= 'B.*';
$query_1 .= 'B.*, U.'. $userservice->getFieldName('username');
$query_2 = ' FROM '. $this->getTableName() .' AS B';
$query_2 = ' FROM '. $userservice->getTableName() .' AS U'
. ', '. $this->getTableName() .' AS B';
$query_3 = ' WHERE '. $privacy;
$query_3 = ' WHERE B.uId = U.'. $userservice->getFieldName('primary');
$query_3 .= $privacy;
if ($GLOBALS['enableVoting'] && $GLOBALS['hideBelowVoting'] !== null
&& !$userservice->isAdmin($userservice->getCurrentUserId())
@ -749,11 +749,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
}
if (is_null($watched)) {
/*
if (!is_null($user)) {
$query_3 .= ' AND B.uId = '. $user;
}
*/
} else {
$arrWatch = $userservice->getWatchlist($user);
if (count($arrWatch) > 0) {
@ -769,14 +767,20 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
}
$query_5 = '';
if ($hash == null) {
$query_5.= ' GROUP BY B.bHash';
}
//Voting system
//needs to be directly after FROM bookmarks
if ($GLOBALS['enableVoting'] && $userservice->isLoggedOn()) {
$cuid = $userservice->getCurrentUserId();
$vs = SemanticScuttle_Service_Factory::get('Vote');
$query_1 .= ', (select !ISNULL(bId) from '.$vs->getTableName().' where bId=B.bId and uId='.(int)$cuid.') as hasVoted, (select vote from '.$vs->getTableName().' where bId=B.bId and uId='.(int)$cuid.') as vote';
$query_1 .= ', !ISNULL(V.bId) as hasVoted, V.vote as vote';
$query_2 .= ' LEFT JOIN ' . $vs->getTableName() . ' AS V'
. ' ON B.bId = V.bId'
. ' AND V.uId = ' . (int)$cuid;
}
switch($sortOrder) {
@ -805,11 +809,6 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
$query_5 .= ' ORDER BY B.' . $GLOBALS['dateOrderField'] . ' DESC ';
}
// Add GROUP BY only if tag is given
if ($tagcount > 0) {
$query_5 = ' GROUP BY B.bHash' . $query_5;
}
// Handle the parts of the query that depend on any tags that are present.
$query_4 = '';
for ($i = 0; $i < $tagcount; $i ++) {
@ -859,9 +858,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
$query_4 .= ' OR B.bPrivateNote LIKE "'
. $this->db->sql_escape($aTerms[$i])
.'%"';
$query_4 .= ' OR B.uId = (select '.$userservice->getFieldName('primary').' from '.$userservice->getTableName().' where '.$userservice->getFieldName('username').'="'
$query_4 .= ' OR U.username = "'
. $this->db->sql_escape($aTerms[$i])
. '")';
. '"'; //exact match for username
if ($dotags) {
$query_4 .= ' OR T.tag LIKE "'
. $this->db->sql_escape($aTerms[$i])

67
src/SemanticScuttle/Service/User.php
View File

@ -577,6 +577,13 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
*/
public function loginPrivateKey($username, $privatekey)
{
/* Check for size, only 32 char keys will work */
/* Failsafe to hopefully lessen hackability and */
/* deactivated keys (preceded by dash) */
if (strlen($privatekey) != 32) {
return false;
}
$query = 'SELECT '. $this->getFieldName('primary') .' FROM '
. $this->getTableName() .' WHERE '
. $this->getFieldName('username') .' = "'
@ -789,33 +796,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
* No checks are done in here - you ought to have checked
* everything before calling this method!
*
* @param string $username Username to use
* @param string $password Password to use
* @param string $email Email to use
* @param string $privateKey Key for RSS auth
* @param integer $enablePrivateKey Flag to enable Private RSS
* @param string $username Username to use
* @param string $password Password to use
* @param string $email Email to use
* @param string $privateKey Key for RSS auth
*
* @return mixed Integer user ID if all is well,
* boolean false if an error occured
*/
public function addUser(
$username, $password, $email, $privateKey=null, $enablePrivateKey=0
) {
public function addUser($username, $password, $email, $privateKey=null)
{
// Set up the SQL UPDATE statement.
$datetime = gmdate('Y-m-d H:i:s', time());
$password = $this->sanitisePassword($password);
// set new private key if enabled but user forgot to generate
if ($enablePrivateKey == 1) {
$privateKey = $this->getNewPrivateKey();
}
$values = array(
'username' => $username,
'password' => $password,
'email' => $email,
'uDatetime' => $datetime,
'uModified' => $datetime,
'privateKey' => $privateKey,
'enablePrivateKey' => $enablePrivateKey
'privateKey' => $privateKey
);
$sql = 'INSERT INTO '. $this->getTableName()
. ' '. $this->db->sql_build_array('INSERT', $values);
@ -839,39 +839,52 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
/**
* Update User Record
*
* @param string $uId User ID
* @param string $password User Password
* @param string $name User Name
* @param string $email Email Address
* @param string $homepage Homepage URL
* @param string $uContent Content
* @param string $privateKey RSS Private Key
* @param integer $enablePrivateKey Flag to enable RSS Private Key
* @param string $uId User ID
* @param string $password User Password
* @param string $name User Name
* @param string $email Email Address
* @param string $homepage Homepage URL
* @param string $uContent Content
* @param string $privateKey RSS Private Key
* @param string $enablePrivateRSS RSS Private Key
*
* @return boolean true if it successful, false if not
*/
function updateUser(
$uId, $password, $name, $email, $homepage, $uContent,
$privateKey=null, $enablePrivateKey=0
$privateKey=null, $enablePrivateRSS=0
) {
if (!is_numeric($uId)) {
return false;
}
// prepend - to privateKey if disabled
if ($privateKey!=null and strlen($privateKey)==32 and $enablePrivateRSS==0) {
$privateKey = "-".$privateKey;
}
// remove - from privateKey if enabling
if ($privateKey!=null and strlen($privateKey)==33 and $enablePrivateRSS==1) {
$privateKey = substr($privateKey, 1, 32);
}
// if new user is enabling Private RSS, create new key
if ($privateKey==null and $enablePrivateRSS==1) {
$privateKey = $this->getNewPrivateKey();
}
// Set up the SQL UPDATE statement.
$moddatetime = gmdate('Y-m-d H:i:s', time());
if ($password == '') {
$updates = array (
'uModified' => $moddatetime, 'name' => $name,
'email' => $email, 'homepage' => $homepage,
'uContent' => $uContent, 'privateKey' => $privateKey,
'enablePrivateKey' => $enablePrivateKey);
'uContent' => $uContent, 'privateKey' => $privateKey);
} else {
$updates = array ('uModified' => $moddatetime,
'password' => $this->sanitisePassword($password),
'name' => $name, 'email' => $email, 'homepage' => $homepage,
'uContent' => $uContent, 'privateKey' => $privateKey,
'enablePrivateKey' => $enablePrivateKey);
'uContent' => $uContent, 'privateKey' => $privateKey);
}
$sql = 'UPDATE '. $this->getTableName() .' SET '
. $this->db->sql_build_array('UPDATE', $updates) .' WHERE '

47
tests/BookmarkTest.php
View File

@ -1164,7 +1164,7 @@ class BookmarkTest extends TestBase
//create bookmarks for main user and other one
$this->addBookmark($uid, $address, 0);
$this->addBookmark($friendPublic1, $address, 1);//1 is shared
$this->addBookmark($friendPublic1, $address, 1);//1 is shared
//log main user in
$this->us->setCurrentUserId($uid);
@ -1342,6 +1342,51 @@ class BookmarkTest extends TestBase
);
}
/**
* Test private bookmarks
*
* @return void
*/
public function testPrivateBookmarks()
{
$uid = $this->addUser();
/* create private bookmark */
$this->bs->addBookmark(
'http://test', 'test', 'desc', 'note',
2,//private
array(), null, null, false, false, $uid
);
/* create public bookmark */
$this->bs->addBookmark(
'http://example.org', 'title', 'desc', 'priv',
0,//public
array(), null, null, false, false, $uid
);
$this->assertEquals(1, $this->bs->countBookmarks($uid, 'public'));
$this->assertEquals(1, $this->bs->countBookmarks($uid, 'private'));
$this->assertEquals(0, $this->bs->countBookmarks($uid, 'shared'));
$this->assertEquals(2, $this->bs->countBookmarks($uid, 'all'));
$this->us->setCurrentUserId($uid);
$bookmarks = $this->bs->getBookmarks();
// first record should be private bookmark
$b0 = $bookmarks['bookmarks'][0];
$this->assertEquals('test', $b0['bTitle']);
// second record should be public bookmark
$b0 = $bookmarks['bookmarks'][1];
$this->assertEquals('title', $b0['bTitle']);
// test non authenticated query
$this->us->setCurrentUserId(null);
$bookmarks = $this->bs->getBookmarks();
// should only result in one link - public
$b2 = $bookmarks['bookmarks'][0];
$this->assertEquals('title', $b2['bTitle']);
// there should be no second record
$this->assertNull($bookmarks['bookmarks'][1]);
}
}

51
tests/UserTest.php
View File

@ -221,6 +221,57 @@ class UserTest extends TestBase
$this->assertTrue($this->us->privateKeyExists($randKey));
}
/**
* Test loginPrivateKey() function returns righ
*
* @return void
*/
public function testLoginWithPrivateKey()
{
/* normal user with enabled privatekey */
$randKey = $this->us->getNewPrivateKey();
$uid1 = $this->addUser('testusername', 'passw0rd', $randKey);
/* user that has disabled privatekey */
$randKey2 = '-'.$this->us->getNewPrivateKey();
$uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2);
/* test invalid credentials - both invalid login and key */
$this->assertFalse(
$this->us->loginPrivateKey('userdoesnot', '02848248084082408240824802408248')
);
/* test valid credentials with private key enabled */
$this->assertTrue(
$this->us->loginPrivateKey('testusername', $randKey)
);
/* test valid credentials with private key enabled but invalid key */
$this->assertFalse(
$this->us->loginPrivateKey('testusername', '123')
);
/* confirm user exists so future fails should be due to randkey */
$this->assertTrue(
$this->us->login('seconduser', 'passw0RD', false)
);
/* test valid credentials with private key disabled */
$this->assertFalse(
$this->us->loginPrivateKey('seconduser', $randKey2)
);
/* test valid credentials with private key disabled and invalid key */
$this->assertFalse(
$this->us->loginPrivateKey('seconduser', '-1')
);
$this->assertFalse(
$this->us->loginPrivateKey('seconduser', null)
);
}
}

2
tests/prepare.php
View File

@ -36,4 +36,4 @@ if ($GLOBALS['debugMode'] == true
. '!!! The combination of debugMode and dbtype==mysql4'
. ' will wreck some tests' . "\n\n";
}
?>
?>

2
www/bookmarks.php
View File

@ -259,7 +259,7 @@ if ($templatename == 'editbookmark.tpl') {
)
);
if ($userservice->isLoggedOn()) {
if ($currentUser->getPrivateKey() <> null && $currentUser->getEnablePrivateKey() == 1) {
if (strlen($currentUser->getPrivateKey()) == 32) {
array_push(
$tplVars['rsschannels'],
array(

4
www/index.php
View File

@ -44,12 +44,12 @@ $tplVars['rsschannels'] = array(
);
if ($userservice->isLoggedOn()) {
$currentUsername = $currentUser->getUsername();
if ($currentUser->getPrivateKey() <> null && $currentUser->getEnablePrivateKey() == 1) {
if ($currentUser->getPrivateKey() <> null && strlen($currentUser->getPrivateKey()) == 32) {
array_push(
$tplVars['rsschannels'],
array(
filter($sitename . sprintf(T_(': (private) ')) . $sitename),
createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey())
createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privatekey='.$currentUser->getPrivateKey())
)
);
}

1
www/profile.php
View File

@ -66,7 +66,6 @@ if ($user) {
if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) {
$title = T_('My Profile');
$tplVars['privateKey'] = $currentUser->getPrivateKey();
$tplVars['enablePrivateKey'] = $currentUser->getPrivateKey();
} else {
$title = T_('Profile') .': '. $user;
$tplVars['privateKey'] = '';

5
www/rss.php
View File

@ -82,6 +82,11 @@ if ($user && $user != 'all') {
if ($privatekey != null) {
if ($userservice->loginPrivateKey($user, $privatekey)) {
$isTempLogin = true;
} else {
$tplVars['error'] = sprintf(T_('Failed to Autenticate User with username %s using private key'), $user);
$templateservice->loadTemplate('error.404.tpl', $tplVars);
//throw a 404 error
exit();
}
}
}