2010-11-30 07:46:10 +09:00
|
|
|
<?php
|
|
|
|
/*
|
|
|
|
* StatusNet - the distributed open-source microblogging tool
|
|
|
|
* Copyright (C) 2008, 2009, StatusNet, Inc.
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
class Nickname
|
|
|
|
{
|
|
|
|
/**
|
2010-12-10 09:43:35 +09:00
|
|
|
* Regex fragment for pulling a formated nickname *OR* ID number.
|
|
|
|
* Suitable for router def of 'id' parameters on API actions.
|
|
|
|
*
|
|
|
|
* Not guaranteed to be valid after normalization; run the string through
|
|
|
|
* Nickname::normalize() to get the canonical form, or Nickname::isValid()
|
|
|
|
* if you just need to check if it's properly formatted.
|
|
|
|
*
|
2014-03-18 18:46:24 +09:00
|
|
|
* This, DISPLAY_FMT, and CANONICAL_FMT should not be enclosed in []s.
|
2010-12-10 09:43:35 +09:00
|
|
|
*
|
|
|
|
* @fixme would prefer to define in reference to the other constants
|
|
|
|
*/
|
|
|
|
const INPUT_FMT = '(?:[0-9]+|[0-9a-zA-Z_]{1,64})';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Regex fragment for acceptable user-formatted variant of a nickname.
|
2014-03-18 18:46:24 +09:00
|
|
|
*
|
2010-12-10 09:43:35 +09:00
|
|
|
* This includes some chars such as underscore which will be removed
|
|
|
|
* from the normalized canonical form, but still must fit within
|
|
|
|
* field length limits.
|
2010-11-30 07:46:10 +09:00
|
|
|
*
|
|
|
|
* Not guaranteed to be valid after normalization; run the string through
|
2010-12-02 04:21:00 +09:00
|
|
|
* Nickname::normalize() to get the canonical form, or Nickname::isValid()
|
2010-11-30 07:46:10 +09:00
|
|
|
* if you just need to check if it's properly formatted.
|
|
|
|
*
|
2014-03-18 18:46:24 +09:00
|
|
|
* This, INPUT_FMT and CANONICAL_FMT should not be enclosed in []s.
|
2010-11-30 07:46:10 +09:00
|
|
|
*/
|
2010-12-10 09:43:35 +09:00
|
|
|
const DISPLAY_FMT = '[0-9a-zA-Z_]{1,64}';
|
2010-11-30 07:46:10 +09:00
|
|
|
|
2015-06-06 04:24:41 +09:00
|
|
|
/**
|
|
|
|
* Simplified regex fragment for acceptable full WebFinger ID of a user
|
|
|
|
*
|
|
|
|
* We could probably use an email regex here, but mainly we are interested
|
|
|
|
* in matching it in our URLs, like https://social.example/user@example.com
|
|
|
|
*/
|
2017-08-10 18:06:52 +09:00
|
|
|
const WEBFINGER_FMT = '(?:\w+[\w\-\_\.]*)?\w+\@'.URL_REGEX_DOMAIN_NAME;
|
|
|
|
|
|
|
|
// old one without support for -_. in nickname part:
|
|
|
|
// const WEBFINGER_FMT = '[0-9a-zA-Z_]{1,64}\@[0-9a-zA-Z_-.]{3,255}';
|
2015-06-06 04:24:41 +09:00
|
|
|
|
2010-11-30 07:46:10 +09:00
|
|
|
/**
|
|
|
|
* Regex fragment for checking a canonical nickname.
|
|
|
|
*
|
|
|
|
* Any non-matching string is not a valid canonical/normalized nickname.
|
|
|
|
* Matching strings are valid and canonical form, but may still be
|
|
|
|
* unavailable for registration due to blacklisting et.
|
|
|
|
*
|
|
|
|
* Only the canonical forms should be stored as keys in the database;
|
|
|
|
* there are multiple possible denormalized forms for each valid
|
|
|
|
* canonical-form name.
|
|
|
|
*
|
2014-03-18 18:46:24 +09:00
|
|
|
* This, INPUT_FMT and DISPLAY_FMT should not be enclosed in []s.
|
2010-11-30 07:46:10 +09:00
|
|
|
*/
|
|
|
|
const CANONICAL_FMT = '[0-9a-z]{1,64}';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Maximum number of characters in a canonical-form nickname.
|
|
|
|
*/
|
|
|
|
const MAX_LEN = 64;
|
|
|
|
|
2016-02-26 08:08:51 +09:00
|
|
|
/**
|
|
|
|
* Regex with non-capturing group that matches whitespace and some
|
|
|
|
* characters which are allowed right before an @ or ! when mentioning
|
|
|
|
* other users. Like: 'This goes out to:@mmn (@chimo too) (!awwyiss).'
|
|
|
|
*
|
|
|
|
* FIXME: Make this so you can have multiple whitespace but not multiple
|
|
|
|
* parenthesis or something. '(((@n_n@)))' might as well be a smiley.
|
|
|
|
*/
|
|
|
|
const BEFORE_MENTIONS = '(?:^|[\s\.\,\:\;\[\(]+)';
|
|
|
|
|
2010-11-30 07:46:10 +09:00
|
|
|
/**
|
|
|
|
* Nice simple check of whether the given string is a valid input nickname,
|
|
|
|
* which can be normalized into an internally canonical form.
|
|
|
|
*
|
|
|
|
* Note that valid nicknames may be in use or reserved.
|
|
|
|
*
|
2013-10-16 20:55:32 +09:00
|
|
|
* @param string $str The nickname string to test
|
|
|
|
* @param boolean $checkuse Check if it's in use (return false if it is)
|
|
|
|
*
|
|
|
|
* @return boolean True if nickname is valid. False if invalid (or taken if checkuse==true).
|
2010-11-30 07:46:10 +09:00
|
|
|
*/
|
2013-10-16 20:55:32 +09:00
|
|
|
public static function isValid($str, $checkuse=false)
|
2010-11-30 07:46:10 +09:00
|
|
|
{
|
|
|
|
try {
|
2013-10-16 20:55:32 +09:00
|
|
|
self::normalize($str, $checkuse);
|
2010-11-30 07:46:10 +09:00
|
|
|
} catch (NicknameException $e) {
|
|
|
|
return false;
|
|
|
|
}
|
2013-10-16 20:55:32 +09:00
|
|
|
|
|
|
|
return true;
|
2010-11-30 07:46:10 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Validate an input nickname string, and normalize it to its canonical form.
|
|
|
|
* The canonical form will be returned, or an exception thrown if invalid.
|
|
|
|
*
|
2013-10-16 20:55:32 +09:00
|
|
|
* @param string $str The nickname string to test
|
|
|
|
* @param boolean $checkuse Check if it's in use (return false if it is)
|
2010-11-30 07:46:10 +09:00
|
|
|
* @return string Normalized canonical form of $str
|
|
|
|
*
|
|
|
|
* @throws NicknameException (base class)
|
2013-10-16 20:55:32 +09:00
|
|
|
* @throws NicknameBlacklistedException
|
2010-11-30 07:46:10 +09:00
|
|
|
* @throws NicknameEmptyException
|
2013-10-16 20:55:32 +09:00
|
|
|
* @throws NicknameInvalidException
|
|
|
|
* @throws NicknamePathCollisionException
|
|
|
|
* @throws NicknameTakenException
|
2010-11-30 07:46:10 +09:00
|
|
|
* @throws NicknameTooLongException
|
|
|
|
*/
|
2013-10-16 20:55:32 +09:00
|
|
|
public static function normalize($str, $checkuse=false)
|
2010-11-30 07:46:10 +09:00
|
|
|
{
|
2016-08-09 13:12:25 +09:00
|
|
|
if (mb_strlen($str) > self::MAX_LEN) {
|
|
|
|
// Display forms must also fit!
|
|
|
|
throw new NicknameTooLongException();
|
|
|
|
}
|
|
|
|
|
2013-10-16 21:58:22 +09:00
|
|
|
// We should also have UTF-8 normalization (å to a etc.)
|
2010-11-30 07:46:10 +09:00
|
|
|
$str = trim($str);
|
|
|
|
$str = str_replace('_', '', $str);
|
|
|
|
$str = mb_strtolower($str);
|
|
|
|
|
2016-08-09 13:12:25 +09:00
|
|
|
if (mb_strlen($str) < 1) {
|
2010-11-30 07:46:10 +09:00
|
|
|
throw new NicknameEmptyException();
|
2013-10-16 21:58:22 +09:00
|
|
|
} elseif (!self::isCanonical($str)) {
|
2010-11-30 07:46:10 +09:00
|
|
|
throw new NicknameInvalidException();
|
2013-10-16 21:58:22 +09:00
|
|
|
} elseif (self::isBlacklisted($str)) {
|
2013-10-16 20:55:32 +09:00
|
|
|
throw new NicknameBlacklistedException();
|
2013-10-16 21:58:22 +09:00
|
|
|
} elseif (self::isSystemPath($str)) {
|
2013-10-16 20:55:32 +09:00
|
|
|
throw new NicknamePathCollisionException();
|
2013-10-17 08:16:03 +09:00
|
|
|
} elseif ($checkuse) {
|
|
|
|
$profile = self::isTaken($str);
|
|
|
|
if ($profile instanceof Profile) {
|
|
|
|
throw new NicknameTakenException($profile);
|
2013-10-16 20:55:32 +09:00
|
|
|
}
|
2013-10-16 20:22:43 +09:00
|
|
|
}
|
2010-11-30 07:46:10 +09:00
|
|
|
|
|
|
|
return $str;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Is the given string a valid canonical nickname form?
|
|
|
|
*
|
|
|
|
* @param string $str
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public static function isCanonical($str)
|
|
|
|
{
|
|
|
|
return preg_match('/^(?:' . self::CANONICAL_FMT . ')$/', $str);
|
|
|
|
}
|
2013-10-16 20:55:32 +09:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Is the given string in our nickname blacklist?
|
|
|
|
*
|
|
|
|
* @param string $str
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public static function isBlacklisted($str)
|
|
|
|
{
|
|
|
|
$blacklist = common_config('nickname', 'blacklist');
|
2016-08-09 13:12:25 +09:00
|
|
|
if(!$blacklist)
|
|
|
|
return false;
|
2013-10-16 20:55:32 +09:00
|
|
|
return in_array($str, $blacklist);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Is the given string identical to a system path or route?
|
|
|
|
* This could probably be put in some other class, but at
|
|
|
|
* at the moment, only Nickname requires this functionality.
|
|
|
|
*
|
|
|
|
* @param string $str
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public static function isSystemPath($str)
|
|
|
|
{
|
|
|
|
$paths = array();
|
|
|
|
|
|
|
|
// All directory and file names in site root should be blacklisted
|
|
|
|
$d = dir(INSTALLDIR);
|
|
|
|
while (false !== ($entry = $d->read())) {
|
2016-02-12 10:21:11 +09:00
|
|
|
$paths[$entry] = true;
|
2013-10-16 20:55:32 +09:00
|
|
|
}
|
|
|
|
$d->close();
|
|
|
|
|
|
|
|
// All top level names in the router should be blacklisted
|
|
|
|
$router = Router::get();
|
2016-02-12 10:21:11 +09:00
|
|
|
foreach ($router->m->getPaths() as $path) {
|
|
|
|
if (preg_match('/^([^\/\?]+)[\/\?]/',$path,$matches) && isset($matches[1])) {
|
|
|
|
$paths[$matches[1]] = true;
|
2013-10-16 20:55:32 +09:00
|
|
|
}
|
|
|
|
}
|
2016-02-12 10:29:33 +09:00
|
|
|
|
|
|
|
// FIXME: this assumes the 'path' is in the first-level directory, though common it's not certain
|
|
|
|
foreach (['avatar', 'attachments'] as $cat) {
|
|
|
|
$paths[basename(common_config($cat, 'path'))] = true;
|
|
|
|
}
|
|
|
|
|
2016-02-12 10:21:11 +09:00
|
|
|
return in_array($str, array_keys($paths));
|
2013-10-16 20:55:32 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Is the nickname already in use locally? Checks the User table.
|
|
|
|
*
|
|
|
|
* @param string $str
|
2013-10-17 08:16:03 +09:00
|
|
|
* @return Profile|null Returns Profile if nickname found, otherwise null
|
2013-10-16 20:55:32 +09:00
|
|
|
*/
|
|
|
|
public static function isTaken($str)
|
|
|
|
{
|
2013-10-17 08:16:03 +09:00
|
|
|
$found = User::getKV('nickname', $str);
|
|
|
|
if ($found instanceof User) {
|
|
|
|
return $found->getProfile();
|
|
|
|
}
|
|
|
|
|
|
|
|
$found = Local_group::getKV('nickname', $str);
|
|
|
|
if ($found instanceof Local_group) {
|
|
|
|
return $found->getProfile();
|
|
|
|
}
|
|
|
|
|
|
|
|
$found = Group_alias::getKV('alias', $str);
|
|
|
|
if ($found instanceof Group_alias) {
|
|
|
|
return $found->getProfile();
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
2013-10-16 20:55:32 +09:00
|
|
|
}
|
2010-11-30 07:46:10 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
class NicknameException extends ClientException
|
|
|
|
{
|
|
|
|
function __construct($msg=null, $code=400)
|
|
|
|
{
|
|
|
|
if ($msg === null) {
|
|
|
|
$msg = $this->defaultMessage();
|
|
|
|
}
|
|
|
|
parent::__construct($msg, $code);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Default localized message for this type of exception.
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class NicknameInvalidException extends NicknameException {
|
|
|
|
/**
|
|
|
|
* Default localized message for this type of exception.
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
|
|
|
return _('Nickname must have only lowercase letters and numbers and no spaces.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-10-16 20:55:32 +09:00
|
|
|
class NicknameEmptyException extends NicknameInvalidException
|
2010-11-30 07:46:10 +09:00
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Default localized message for this type of exception.
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
|
|
|
return _('Nickname cannot be empty.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class NicknameTooLongException extends NicknameInvalidException
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Default localized message for this type of exception.
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
|
|
|
return sprintf(_m('Nickname cannot be more than %d character long.',
|
|
|
|
'Nickname cannot be more than %d characters long.',
|
|
|
|
Nickname::MAX_LEN),
|
|
|
|
Nickname::MAX_LEN);
|
|
|
|
}
|
|
|
|
}
|
2013-10-16 20:22:43 +09:00
|
|
|
|
2013-10-16 20:55:32 +09:00
|
|
|
class NicknameBlacklistedException extends NicknameException
|
|
|
|
{
|
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
|
|
|
return _('Nickname is disallowed through blacklist.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class NicknamePathCollisionException extends NicknameException
|
|
|
|
{
|
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
|
|
|
return _('Nickname is identical to system path names.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class NicknameTakenException extends NicknameException
|
2013-10-16 20:22:43 +09:00
|
|
|
{
|
2013-10-17 08:16:03 +09:00
|
|
|
public $profile = null; // the Profile which occupies the nickname
|
2013-10-16 20:55:32 +09:00
|
|
|
|
2013-10-17 08:16:03 +09:00
|
|
|
public function __construct(Profile $profile, $msg=null, $code=400)
|
2013-10-16 20:55:32 +09:00
|
|
|
{
|
2013-10-17 08:16:03 +09:00
|
|
|
$this->profile = $profile;
|
2013-10-16 20:55:32 +09:00
|
|
|
|
|
|
|
if ($msg === null) {
|
|
|
|
$msg = $this->defaultMessage();
|
|
|
|
}
|
|
|
|
|
|
|
|
parent::__construct($msg, $code);
|
|
|
|
}
|
|
|
|
|
2013-10-16 20:22:43 +09:00
|
|
|
protected function defaultMessage()
|
|
|
|
{
|
|
|
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
2013-10-16 20:55:32 +09:00
|
|
|
return _('Nickname is already in use on this server.');
|
2013-10-16 20:22:43 +09:00
|
|
|
}
|
|
|
|
}
|