Account
class Account extends AuthEntity
Class representing a user account in the database
Can inherit properties from groups. Can have any number of registered clients, can have registered two factor, can provide secret-key crypto services, provides contact info
Traits
Trait that overrides some BaseObject functions to allow inheriting properties from Groups
Constants
| IDLength |
The length of the ID used to identify the object |
| DISABLE_PERMANENT |
|
| DISABLE_PENDING_CONTACT |
|
| DEFAULT_SEARCH_MAX |
|
| OBJECT_FULL |
|
| OBJECT_ADMIN |
|
Properties
| protected | $database | The object's primary reference to the database |
from BaseObject |
| protected Scalar> | $scalars | from BaseObject | |
| protected ObjectRef> | $objects | from BaseObject | |
| protected ObjectRefs> | $objectrefs | from BaseObject | |
| private | $modified | whether or not this object has been modified |
from BaseObject |
| private | $deleted | whether or not this object has been deleted |
from BaseObject |
| private | $dbDeleted | whether or not this object has been deleted by DB |
from BaseObject |
| private | $deleteLater | from BaseObject | |
| private | $created | True if this object has been created and not yet saved to DB |
from BaseObject |
| static private | $group_handlers | ||
| static private | $delete_handlers | ||
| private | $cryptoAvailable | ||
| static private | $crypto_handlers |
Methods
Gets a template array of the object's properties (columns).
Returns the name of the class that should be used in the database for the table name (cast down at save)
Counts objects in the DB matching the given query
Loads an array of objects from the DB matching the given query
Deletes objects from the DB matching the given query
Loads a unique object matching the given query
Loads all objects of this type from the database
Loads objects from the database with the given object ID as the value of the given field
Deletes objects from the database with the given object ID as the value of the given field
Loads a unique object matching the given field
Deletes a unique object matching the given field
Loads objects from the database with the given object referenced by the given field
Deletes objects from the database with the given object referenced by the given field
Loads a unique object from the database with the given object referenced by the given field
Deletes a unique object from the database with the given object referenced by the given field
Returns the string "id:class" where id is the object ID and class is its short class name
Returns the delta of the given scalar (non-zero if modified)
Checks if the object reference is not-null without actually loading it (faster)
Gets the ID of a referenced object without actually loading it (faster)
Same as GetObjectID() but returns null instead of throwing exceptions
Gets the class name of a referenced object without actually loading it (faster)
Gets the class name of a referenced object without actually loading it (faster)
Gets an array of objects that reference this object
Gets the counter of objects referencing this object
Loads the object that joins together two classes using a FieldTypes\ObjectJoin
Same as GetJoinObject() but returns null instead of throwing exceptions
Deletes all objects that reference this object
Sets a scalar field to the given value
Increment a counter by the given value
Sets a field to reference the given object
Same as BoolSetObject() but returns $this
Adds an object reference, checking for a limit on the number of references
Removes the given object from a collection of referenced objects
Constructs the object by initializing its field template with values from the database
Function to allow subclasses to do something after being constructed without overriding the constructor
Collects fields that have changed and saves them to the database
whether or not this object has been, or should be considered, deleted
Deletes this account and all associated objects
True if this object has been created and not yet saved to DB (should not be overriden)
Returns the timestamp value stored in the given date field
Returns the timestamp value stored in the given date field
Sets the value of the given date field to the given value
Gets the value of the given feature field as an int (used for config)
Gets the value of the given feature field as an int (used for config)
Gets the value of the given feature field as a bool (used for config)
Gets the value of the given feature field as a bool (used for config)
Sets the value of the given feature field to the given (?int) value
Sets the value of the given feature field to the given (?bool) value
Returns true if the given feature has been modified
Gets the value of the given counter limit field
Gets the value of the given counter limit field
Sets the value of the given counter limit field
Checks whether the given counter plus a delta would exceed the limit
Gets an array of the values of all fields matching a prefix
Returns the account's full name if set, else its username
Returns all contacts for this account
Sends a message to all of this account's valid contacts
Returns the object that the value of the given field is inherited from
Returns the object that the value of the given field is inherited from
Returns an inherited property value and source pair
Gets the fields that can be inherited from a group, with their default values
Returns the account's username
Sets the account's full name
Loads the groups that the account implicitly belongs to
Returns a list of all groups that the account belongs to
Returns a list of all groups that the account explicitly belongs to
Registers a function to be run when the account is added to or removed from a group
Runs all functions registered to handle the account being added to or removed from a group
Returns the auth source the account authenticates against
Returns an array of clients registered to the account
Deletes all clients registered to the account
Returns an array of sessions registered to the account
Returns an array of recovery keys for the account
True if recovery keys exist for the account
Returns an array of twofactors for the account
True if a two factor exists for the account
True if two factor should be required to create a session even for a pre-existing client
True if account-based server-side crypto is allowed
Returns 0 if account search is disabled, or N if up to N matches are allowed
Returns 0 if group search is disabled, or N if up to N matches are allowed
Returns true if the user is allowed to delete their account
True if this account has administrator privileges
True if this account is enabled
Sets the account's disabled status to the given enum value
Gets the timestamp when this user was last active
Sets the last-active timestamp to now
Gets the timestamp when this user last created a session
Sets the timestamp of last-login to now
No description
No description
Sets the account's last password change date to 0, potentially forcing a password reset
Returns the maximum allowed time since a client was last active for it to be valid
Returns the maximum allowed time since a session was last active for it to be valid
No description
Returns an array of accounts with any part of their full name matching the name given
Attempts to load an account with the given username
Attempts to load an account with the given contact info
Returns all accounts whose username, fullname or contacts match the given info
Returns an array of all accounts based on the given auth source
Deletes all accounts using the given auth source
Returns EmailReceipient objects for all email contacts
Returns the EmailRecipient to use for sending email FROM this account
Sets this account to enabled if it was disabled pending a valid contact
Creates a new user account
Registers a function to be run when an account is deleted
Gets this account as a printable object
Returns true if the account has a validated two factor and recovery keys
Checks a two factor code
Returns true if the given recovery key matches one (and they exist)
Returns true if the given password is correct for this account
Returns true if the account's password is not out of date, or is using external auth
Returns true if server-side crypto is unavailable on the account
Returns true if crypto has been unlocked in this request and is available for operations
Re-keys the account's crypto if it exists, and re-hashes its password (if using local auth)
Gets the account's password hash
Sets the account's password hash to the given value
Encrypts a value using the account's crypto
Decrypts a value using the account's crypto
Gets a copy of the account's master key, encrypted
Attempts to unlock crypto using the given password
Attempts to unlock crypto using the given unlocked key source
Attempts to unlock crypto using a full recovery key
Registers a function to be run when crypto is enabled/disabled on the account
Initializes secret-key crypto on the account
Disables crypto on the account, stripping all keys
No description
Details
at line 45
static array
GetFieldTemplate()
Gets a template array of the object's properties (columns).
This template will be copied into the object when it is constructed. If a field maps to null, a basic Scalar fieldtype will be used.
in
BaseObject at line 52
static string
GetDBClass()
Returns the name of the class that should be used in the database for the table name (cast down at save)
Defaults to the actual class used. Can be overriden e.g. if multiple classes need to use the same table.
in
BaseObject at line 60
static string
GetObjClass(array $row)
No description
in
BaseObject at line 68
static int
CountByQuery(ObjectDatabase $database, QueryBuilder $query)
Counts objects in the DB matching the given query
in
BaseObject at line 79
static array
LoadByQuery(ObjectDatabase $database, QueryBuilder $query)
Loads an array of objects from the DB matching the given query
in
BaseObject at line 92
static int
DeleteByQuery(ObjectDatabase $database, QueryBuilder $query)
Deletes objects from the DB matching the given query
The objects are loaded when they are deleted and their Delete()s are run
in
BaseObject at line 103
static BaseObject|null
TryLoadUniqueByQuery(ObjectDatabase $database, QueryBuilder $query)
Loads a unique object matching the given query
in
BaseObject at line 116
static BaseObject
NotNull(BaseObject|null $obj)
Asserts that the given object is not null
in
BaseObject at line 127
static BaseObject|null
TryLoadByID(ObjectDatabase $database, string $id)
Loads a unique object by its ID
in
BaseObject at line 137
static void
DeleteByID(ObjectDatabase $database, string $id)
Deletes a unique object by its ID
in
BaseObject at line 150
static array
LoadAll(ObjectDatabase $database, int|null $limit = null, int|null $offset = null)
Loads all objects of this type from the database
in
BaseObject at line 160
static int
DeleteAll(ObjectDatabase $database)
Deletes all objects of this type from the database
in
BaseObject at line 176
static array
LoadByObjectID(ObjectDatabase $database, string $field, string $id, string|null $class = null)
Loads objects from the database with the given object ID as the value of the given field
Can be used as an alternative to LoadByObject() to avoid actually loading the object
in
BaseObject at line 193
static int
DeleteByObjectID(ObjectDatabase $database, string $field, string $id, string|null $class = null)
Deletes objects from the database with the given object ID as the value of the given field
Can be used as an alternative to DeleteByObject() to avoid actually loading the object
in
BaseObject at line 206
static protected BaseObject|null
TryLoadUniqueByKey(ObjectDatabase $database, string $field, string $key)
Loads a unique object matching the given field
in
BaseObject at line 218
static protected bool
TryDeleteByUniqueKey(ObjectDatabase $database, string $field, string $key)
Deletes a unique object matching the given field
in
BaseObject at line 233
static array
LoadByObject(ObjectDatabase $database, string $field, BaseObject $object, bool $isPoly = false)
Loads objects from the database with the given object referenced by the given field
in
BaseObject at line 247
static int
DeleteByObject(ObjectDatabase $database, string $field, BaseObject $object, bool $isPoly = false)
Deletes objects from the database with the given object referenced by the given field
in
BaseObject at line 261
static BaseObject|null
TryLoadUniqueByObject(ObjectDatabase $database, string $field, BaseObject $object, bool $isPoly = false)
Loads a unique object from the database with the given object referenced by the given field
in
BaseObject at line 275
static bool
TryDeleteByUniqueObject(ObjectDatabase $database, string $field, BaseObject $object, bool $isPoly = false)
Deletes a unique object from the database with the given object referenced by the given field
in
BaseObject at line 284
string
ID()
Returns the unique ID of the object
in
BaseObject at line 287
string
__toString()
Returns the string "id:class" where id is the object ID and class is its short class name
in
BaseObject at line 290
static string|null
toString(BaseObject|null $obj)
Returns the given object's as a string if not null, else null
in
GroupInherit at line 817
protected
GetScalar(string $field, bool $allowTemp = true)
No description
in
GroupInherit at line 825
protected
TryGetScalar(string $field, bool $allowTemp = true)
No description
in
BaseObject at line 336
protected int
GetScalarDelta(string $field)
Returns the delta of the given scalar (non-zero if modified)
in
GroupInherit at line 832
protected BaseObject
GetObject(string $field)
No description
in
GroupInherit at line 840
protected BaseObject|null
TryGetObject(string $field)
No description
in
BaseObject at line 379
protected bool
HasObject(string $field)
Checks if the object reference is not-null without actually loading it (faster)
in
BaseObject at line 394
protected string
GetObjectID(string $field)
Gets the ID of a referenced object without actually loading it (faster)
in
BaseObject at line 408
protected string|null
TryGetObjectID(string $field)
Same as GetObjectID() but returns null instead of throwing exceptions
in
BaseObject at line 422
protected string
GetObjectType(string $field)
Gets the class name of a referenced object without actually loading it (faster)
in
BaseObject at line 438
protected string|null
TryGetObjectType(string $field)
Gets the class name of a referenced object without actually loading it (faster)
in
BaseObject at line 451
protected BaseObject
DeleteObject(string $field)
Deletes the object referenced in the field
in
BaseObject at line 467
protected array
GetObjectRefs(string $field, int|null $limit = null, int|null $offset = null)
Gets an array of objects that reference this object
in
BaseObject at line 481
protected int
CountObjectRefs(string $field)
Gets the counter of objects referencing this object
in
BaseObject at line 497
protected StandardObject
GetJoinObject(string $field, BaseObject $obj)
Loads the object that joins together two classes using a FieldTypes\ObjectJoin
in
BaseObject at line 514
protected StandardObject|null
TryGetJoinObject(string $field, BaseObject $obj)
Same as GetJoinObject() but returns null instead of throwing exceptions
in
BaseObject at line 530
protected BaseObject
DeleteObjects(string $field)
Deletes all objects that reference this object
in
BaseObject at line 546
protected BaseObject
SetScalar(string $field, mixed $value, bool $temp = false)
Sets a scalar field to the given value
in
StandardObject at line 173
protected BaseObject
DeltaCounter(string $name, int $delta = 1, bool $ignoreLimit = false)
Increment a counter by the given value
in
BaseObject at line 598
protected bool
BoolSetObject(string $field, BaseObject|null $object, bool $notification = false)
Sets a field to reference the given object
Will also call SetObject or AddObjectRef on the given object as appropriate for two-way references
in
BaseObject at line 649
protected BaseObject
SetObject(string $field, BaseObject|null $object, bool $notification = false)
Same as BoolSetObject() but returns $this
at line 155
protected bool
AddObjectRef(string $field, BaseObject $object, bool $notification = false)
Adds an object reference, checking for a limit on the number of references
at line 164
protected bool
RemoveObjectRef(string $field, BaseObject $object, bool $notification = false)
Removes the given object from a collection of referenced objects
in
BaseObject at line 727
__construct(ObjectDatabase $database, array $data)
Constructs the object by initializing its field template with values from the database
in
BaseObject at line 750
private
AddField(string $key, Scalar $field)
Adds the given field object to the correct internal array
in
BaseObject at line 763
protected void
SubConstruct()
Function to allow subclasses to do something after being constructed without overriding the constructor
in
BaseObject at line 771
BaseObject
Save(bool $onlyMandatory = false)
Collects fields that have changed and saves them to the database
in
BaseObject at line 814
bool
isDeleted()
whether or not this object has been, or should be considered, deleted
This function can be overriden with a custom validity-check, and is used as a filter when loading objects
in
BaseObject at line 820
void
NotifyDBDeleted()
Deletes this object without sending to the DB
at line 444
void
Delete()
Deletes this account and all associated objects
in
BaseObject at line 849
protected void
DeleteLater()
Schedules the object to be deleted when Save() is called
in
BaseObject at line 855
bool
isCreated()
True if this object has been created and not yet saved to DB (should not be overriden)
in
StandardObject at line 51
static protected BaseObject
BaseCreate(ObjectDatabase $database)
Create the object by setting its created date
in
StandardObject at line 23
protected float
GetDate(string $name)
Returns the timestamp value stored in the given date field
in
StandardObject at line 29
protected float|null
TryGetDate(string $name)
Returns the timestamp value stored in the given date field
in
StandardObject at line 38
protected StandardObject
SetDate(string $name, float|null $value = null)
Sets the value of the given date field to the given value
in
StandardObject at line 44
float
GetDateCreated()
Returns the timestamp when this object was created
in
StandardObject at line 58
protected int
GetFeatureInt(string $name, bool $allowTemp = true)
Gets the value of the given feature field as an int (used for config)
in
StandardObject at line 65
protected int|null
TryGetFeatureInt(string $name, bool $allowTemp = true)
Gets the value of the given feature field as an int (used for config)
in
StandardObject at line 75
protected bool
GetFeatureBool(string $name, bool $allowTemp = true)
Gets the value of the given feature field as a bool (used for config)
in
StandardObject at line 82
protected bool|null
TryGetFeatureBool(string $name, bool $allowTemp = true)
Gets the value of the given feature field as a bool (used for config)
in
StandardObject at line 93
protected StandardObject
SetFeatureInt(string $name, int|null $value, bool $temp = false)
Sets the value of the given feature field to the given (?int) value
in
StandardObject at line 101
protected StandardObject
SetFeatureBool(string $name, bool|null $value, bool $temp = false)
Sets the value of the given feature field to the given (?bool) value
in
StandardObject at line 105
protected bool
isFeatureModified(string $name)
Returns true if the given feature has been modified
in
StandardObject at line 114
protected int
GetCounter(string $name)
Gets the value of the given counter field
in
StandardObject at line 121
protected int
GetCounterLimit(string $name)
Gets the value of the given counter limit field
in
StandardObject at line 128
protected int|null
TryGetCounterLimit(string $name)
Gets the value of the given counter limit field
in
StandardObject at line 140
protected StandardObject
SetCounterLimit(string $name, int|null $value, bool $temp = false)
Sets the value of the given counter limit field
in
StandardObject at line 151
protected bool
CheckCounter(string $name, int $delta = 0, bool $except = true)
Checks whether the given counter plus a delta would exceed the limit
in
StandardObject at line 202
protected array
GetAllScalars(string|null $prefix)
Gets an array of the values of all fields matching a prefix
at line 99
string
GetDisplayName()
Returns the account's full name if set, else its username
at line 364
array
GetContacts(bool $valid = true)
Returns all contacts for this account
at line 402
void
SendMessage(string $subject, string|null $html, string $plain, Account|null $from = null)
Sends a message to all of this account's valid contacts
in
AuthEntity at line 97
static string
GetPropUsage()
defines command usage for SetProperties()
in
AuthEntity at line 106
AuthEntity
SetProperties(Input $input)
Sets the value of an inherited property for the object
in
GroupInherit at line 848
protected BaseObject|null
TryGetInheritsScalarFrom(string $field)
Returns the object that the value of the given field is inherited from
in
GroupInherit at line 854
protected BaseObject|null
TryGetInheritsObjectFrom(string $field)
Returns the object that the value of the given field is inherited from
in
GroupInherit at line 868
protected InheritedProperty
TryGetInheritable(string $field, bool $useobj = false)
Returns an inherited property value and source pair
Values can be inherited from this account, from any group it is a member of, or if using a default value, null
at line 79
static protected array
GetInheritedFields()
Gets the fields that can be inherited from a group, with their default values
at line 96
string
GetUsername()
Returns the account's username
at line 102
Account
SetFullName(string $data)
Sets the account's full name
at line 108
array
GetDefaultGroups()
Loads the groups that the account implicitly belongs to
at line 129
array
GetGroups()
Returns a list of all groups that the account belongs to
at line 135
array
GetMyGroups()
Returns a list of all groups that the account explicitly belongs to
at line 144
bool
HasGroup(Group $group)
Returns true if the account is a member of the given group
at line 149
static
RegisterGroupChangeHandler(callable $func)
Registers a function to be run when the account is added to or removed from a group
at line 152
static
RunGroupChangeHandlers(ObjectDatabase $database, Account $account, Group $group, bool $added)
Runs all functions registered to handle the account being added to or removed from a group
at line 174
GroupJoin|null
GetGroupJoin(Group $group)
Returns the object joining this account to the given group
at line 180
ISource
GetAuthSource()
Returns the auth source the account authenticates against
at line 191
array
GetClients()
Returns an array of clients registered to the account
at line 194
Account
DeleteClients()
Deletes all clients registered to the account
at line 200
array
GetSessions()
Returns an array of sessions registered to the account
at line 206
private array
GetRecoveryKeys()
Returns an array of recovery keys for the account
at line 209
bool
HasRecoveryKeys()
True if recovery keys exist for the account
at line 215
private array
GetTwoFactors()
Returns an array of twofactors for the account
at line 218
bool
HasTwoFactor()
True if a two factor exists for the account
at line 221
bool
GetForceUseTwoFactor()
True if two factor should be required to create a session even for a pre-existing client
at line 224
bool
GetAllowCrypto()
True if account-based server-side crypto is allowed
at line 227
int
GetAllowAccountSearch()
Returns 0 if account search is disabled, or N if up to N matches are allowed
at line 230
int
GetAllowGroupSearch()
Returns 0 if group search is disabled, or N if up to N matches are allowed
at line 233
bool
GetAllowUserDelete()
Returns true if the user is allowed to delete their account
at line 236
bool
isAdmin()
True if this account has administrator privileges
at line 239
bool
isEnabled()
True if this account is enabled
at line 242
Account
setAdmin(bool|null $val)
Sets this account's admin-status to the given value
at line 245
Account
setDisabled(int|null $val = self::DISABLE_PERMANENT)
Sets the account's disabled status to the given enum value
at line 248
float|null
getActiveDate()
Gets the timestamp when this user was last active
at line 251
Account
setActiveDate()
Sets the last-active timestamp to now
at line 259
float|null
getLoggedonDate()
Gets the timestamp when this user last created a session
at line 262
Account
setLoggedonDate()
Sets the timestamp of last-login to now
at line 264
private float|null
getPasswordDate()
No description
at line 265
private Account
setPasswordDate()
No description
at line 268
Account
resetPasswordDate()
Sets the account's last password change date to 0, potentially forcing a password reset
at line 271
int|null
GetClientTimeout()
Returns the maximum allowed time since a client was last active for it to be valid
at line 274
int|null
GetSessionTimeout()
Returns the maximum allowed time since a session was last active for it to be valid
at line 276
private int|null
GetMaxPasswordAge()
No description
at line 284
static array
SearchByFullName(ObjectDatabase $database, string $fullname)
Returns an array of accounts with any part of their full name matching the name given
at line 295
static Account|null
TryLoadByUsername(ObjectDatabase $database, string $username)
Attempts to load an account with the given username
at line 306
static Account|null
TryLoadByContactInfo(ObjectDatabase $database, ContactInfo $info)
Attempts to load an account with the given contact info
at line 320
static array
LoadAllMatchingInfo(ObjectDatabase $database, string $info, int $limit)
Returns all accounts whose username, fullname or contacts match the given info
at line 344
static array
LoadByAuthSource(ObjectDatabase $database, Manager $authman)
Returns an array of all accounts based on the given auth source
at line 354
static void
DeleteByAuthSource(ObjectDatabase $database, Manager $authman)
Deletes all accounts using the given auth source
at line 378
array
GetContactEmails()
Returns EmailReceipient objects for all email contacts
at line 391
EmailRecipient|null
GetEmailFrom()
Returns the EmailRecipient to use for sending email FROM this account
at line 408
Account
NotifyValidContact()
Sets this account to enabled if it was disabled pending a valid contact
at line 421
static Account
Create(ObjectDatabase $database, ISource $source, string $username, string $password = null)
Creates a new user account
at line 438
static
RegisterDeleteHandler(callable $func)
Registers a function to be run when an account is deleted
at line 471
array
GetClientObject(int $level = 0)
Gets this account as a printable object
at line 547
bool
HasValidTwoFactor()
Returns true if the account has a validated two factor and recovery keys
at line 562
bool
CheckTwoFactor(string $code, bool $force = false)
Checks a two factor code
at line 572
bool
CheckRecoveryKey(string $key)
Returns true if the given recovery key matches one (and they exist)
at line 584
bool
VerifyPassword(string $password)
Returns true if the given password is correct for this account
at line 590
bool
CheckPasswordAge()
Returns true if the account's password is not out of date, or is using external auth
at line 601
bool
hasCrypto()
Returns true if server-side crypto is unavailable on the account
at line 606
bool
CryptoAvailable()
Returns true if crypto has been unlocked in this request and is available for operations
at line 609
Account
ChangePassword(string $new_password)
Re-keys the account's crypto if it exists, and re-hashes its password (if using local auth)
at line 625
string
GetPasswordHash()
Gets the account's password hash
at line 628
Account
SetPasswordHash(string $hash)
Sets the account's password hash to the given value
at line 637
string
EncryptSecret(string $data, string $nonce)
Encrypts a value using the account's crypto
at line 652
string
DecryptSecret(string $data, string $nonce)
Decrypts a value using the account's crypto
at line 667
string
GetEncryptedMasterKey(string $nonce, string $key)
Gets a copy of the account's master key, encrypted
at line 678
Account
UnlockCryptoFromPassword(string $password)
Attempts to unlock crypto using the given password
at line 702
Account
UnlockCryptoFromKeySource(KeySource $source)
Attempts to unlock crypto using the given unlocked key source
at line 722
Account
UnlockCryptoFromRecoveryKey(string $key)
Attempts to unlock crypto using a full recovery key
at line 741
static
RegisterCryptoHandler(callable $func)
Registers a function to be run when crypto is enabled/disabled on the account
at line 756
Account
InitializeCrypto(string $password, bool $rekey = false)
Initializes secret-key crypto on the account
Accounts have a master-key for secret-key crypto. The master-key is generated randomly and then wrapped using a key derived from the user's password and a nonce/salt. Requests that require use of account crypto therefore must have the user's password or some other key source material transmitted in each request. The crypto is of course done server-side, but the raw keys are only ever available in memory, not in the database.
at line 788
Account
DestroyCrypto()
Disables crypto on the account, stripping all keys
at line 804
__destruct()
No description