Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/utils/MWRestrictions.php
Brad Jorsch ef5bd7347b Move grant and IP restriction logic from OAuth to core 
This also adds code to User to allow SessionProviders to apply the grant
restrictions without needing to hook UserGetRights.

Change-Id: Ida2b686157aab7c8240d6a7a5a5046374ef86d52
2016-01-12 22:37:33 +00:00

144 lines
3.7 KiB
PHP
Raw Blame History

<?php
/**
* A class to check request restrictions expressed as a JSON object
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*/
/**
* A class to check request restrictions expressed as a JSON object
*/
class MWRestrictions {
private $ipAddresses = array( '0.0.0.0/0', '::/0' );
/**
* @param array $restrictions
*/
protected function __construct( array $restrictions = null ) {
if ( $restrictions !== null ) {
$this->loadFromArray( $restrictions );
}
}
/**
* @return MWRestrictions
*/
public static function newDefault() {
return new self();
}
/**
* @param array $restrictions
* @return MWRestrictions
*/
public static function newFromArray( array $restrictions ) {
return new self( $restrictions );
}
/**
* @param string $json JSON representation of the restrictions
* @return MWRestrictions
*/
public static function newFromJson( $json ) {
$restrictions = FormatJson::decode( $json, true );
if ( !is_array( $restrictions ) ) {
throw new InvalidArgumentException( 'Invalid restrictions JSON' );
}
return new self( $restrictions );
}
private function loadFromArray( array $restrictions ) {
static $validKeys = array( 'IPAddresses' );
static $neededKeys = array( 'IPAddresses' );
$keys = array_keys( $restrictions );
$invalidKeys = array_diff( $keys, $validKeys );
if ( $invalidKeys ) {
throw new InvalidArgumentException(
'Array contains invalid keys: ' . join( ', ', $invalidKeys )
);
}
$missingKeys = array_diff( $neededKeys, $keys );
if ( $missingKeys ) {
throw new InvalidArgumentException(
'Array is missing required keys: ' . join( ', ', $missingKeys )
);
}
if ( !is_array( $restrictions['IPAddresses'] ) ) {
throw new InvalidArgumentException( 'IPAddresses is not an array' );
}
foreach ( $restrictions['IPAddresses'] as $ip ) {
if ( !\IP::isIPAddress( $ip ) ) {
throw new InvalidArgumentException( "Invalid IP address: $ip" );
}
}
$this->ipAddresses = $restrictions['IPAddresses'];
}
/**
* Return the restrictions as an array
* @return array
*/
public function toArray() {
return array(
'IPAddresses' => $this->ipAddresses,
);
}
/**
* Return the restrictions as a JSON string
* @param bool|string $pretty Pretty-print the JSON output, see FormatJson::encode
* @return string
*/
public function toJson( $pretty = false ) {
return FormatJson::encode( $this->toArray(), $pretty, FormatJson::ALL_OK );
}
public function __toString() {
return $this->toJson();
}
/**
* Test against the passed WebRequest
* @param WebRequest $request
* @return Status
*/
public function check( WebRequest $request ) {
$ok = array(
'ip' => $this->checkIP( $request->getIP() ),
);
$status = Status::newGood();
$status->setResult( $ok === array_filter( $ok ), $ok );
return $status;
}
/**
* Test an IP address
* @param string $ip
* @return bool
*/
public function checkIP( $ip ) {
foreach ( $this->ipAddresses as $range ) {
if ( \IP::isInRange( $ip, $range ) ) {
return true;
}
}
return false;
}
}
Reference in a new issue View git blame Copy permalink