hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 15:03:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-3694 bin/maintenance clean:users finish (#4139)

Browse Source 
* clean users

* fix help

* add usertype

* relance user connection

* unused option

* test

* send token to connect to phraseanet

* add alpha on help

* bump rc6, add alpha , fix input to integer
Co-authored-by: jygaulier <gaulier@alchemy.fr>
This commit is contained in:
Aina Sitraka
2022-10-06 19:10:15 +03:00
committed by GitHub
parent 9f349e063b
commit e4760b88f2
15 changed files with 362 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Alchemy/Phrasea/Authentication/Authenticator.php
View File

@@ -95,6 +95,10 @@ class Authenticator
{
$user = $session->getUser();
$user->setLastConnection($session->getCreated());
// reset inactivity email when login
$user->setNbInactivityEmail(0);
$user->setLastInactivityEmail(null);
$this->em->persist($user);
$this->em->flush();

333
lib/Alchemy/Phrasea/Command/Maintenance/CleanUsersCommand.php
View File

@@ -11,10 +11,17 @@
namespace Alchemy\Phrasea\Command\Maintenance;
use Alchemy\Phrasea\Application\Helper\NotifierAware;
use Alchemy\Phrasea\Command\Command;
use Alchemy\Phrasea\Core\LazyLocator;
use Alchemy\Phrasea\Model\Entities\User;
use Alchemy\Phrasea\Model\Manipulator\BasketManipulator;
use Alchemy\Phrasea\Model\Manipulator\TokenManipulator;
use Alchemy\Phrasea\Model\Manipulator\UserManipulator;
use Alchemy\Phrasea\Model\Repositories\BasketRepository;
use Alchemy\Phrasea\Model\Repositories\UserRepository;
use Alchemy\Phrasea\Notification\Mail\MailRequestInactifAccount;
use Alchemy\Phrasea\Notification\Receiver;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
@@ -22,49 +29,33 @@ use Symfony\Component\Console\Question\ConfirmationQuestion;
class CleanUsersCommand extends Command
{
const CLEAR_EMAIL = 8;
const REVOKE = 4;
const DELETE_DATA = 2;
const DELETE_ALL = 1;
static private $mapListToColumn = [
'email' => 'email',
'login' => 'login',
'id' => 'usr_id',
];
use NotifierAware;
public function __construct()
{
parent::__construct('clean:users');
$this
->setDescription('Delete "sleepy" users (not connected since a long time)')
// ->addOption('action', null, InputOption::VALUE_REQUIRED|InputOption::VALUE_IS_ARRAY, '"clear_email" ; "revoke" ; "delete_data" ; "delete_all"')
->addOption('older_than', null, InputOption::VALUE_REQUIRED, 'delete older than \<OLDER_THAN>')
->addOption('dry', null, InputOption::VALUE_NONE, 'dry run, count but don\'t delete')
->addOption('list', null, InputOption::VALUE_REQUIRED, 'list only, don\'t delete')
->setDescription('ALPHA - Delete "sleepy" users (not connected since a long time)')
->addOption('inactivity_period', null, InputOption::VALUE_REQUIRED, 'cleanup older than \<inactivity_period> days')
->addOption('usertype', null, InputOption::VALUE_REQUIRED, 'specify type of user to clean')
->addOption('grace_duration', null, InputOption::VALUE_REQUIRED, 'grace period in days after sending email')
->addOption('max_relances', null, InputOption::VALUE_REQUIRED, 'number of email relance')
->addOption('remove_basket', null, InputOption::VALUE_NONE, 'remove basket for user')
->addOption('dry-run', null, InputOption::VALUE_NONE, 'dry run, list result users')
->addOption('show_sql', null, InputOption::VALUE_NONE, 'show sql pre-selecting users')
->addOption('yes', 'y', InputOption::VALUE_NONE, 'don\'t ask for confirmation')
->setHelp(
""
// . "<info>action=clear-email</info> will set the email to (null)\n"
// . "<info>action=revoke</info> will delete all access rights (= make user a \"ghost\")\n"
// . "<info>action=delete_data</info> will delete every appbox elements related to the user (rights, baskets, notifications, ...) but preserves dbox logs\n"
// . "<info>action=delete_all</info> will delete all db elements, including the dbox logs and the user itself\n"
// . "default = clear_email ; revoke ; delete_data"
// . "\n"
. "\<OLDER_THAN> can be absolute or relative from now, e.g.:\n"
. "- <info>2022-01-01</info> (please use strict date format, do not add time)\n"
. "- <info>10 days</info>\n"
. "- <info>2 weeks</info>\n"
. "- <info>6 months</info>\n"
. "- <info>1 year</info>\n"
. "\<LIST> sepcifies the user column to be listed, set one of:\n"
. "- <info>id</info>\n"
. "- <info>login</info>\n"
. "- <info>email</info>"
. "\<INACTIVITY_PERIOD> <info>integer to specify the number of inactivity days, value not 0 (zero)</info>\n"
. "\<USERTYPE>specify type of user to clean : \n"
. "- <info>admin</info> \n"
. "- <info>appowner</info> \n"
. "- <info>ghost</info> \n"
. "- <info>basket_owner</info> \n"
. "- <info>basket_participant</info> \n"
. "- <info>story_owner</info> \n"
);
}
@@ -74,108 +65,89 @@ class CleanUsersCommand extends Command
$dry = false;
$show_sql = false;
$yes = false;
$this->setDelivererLocator(new LazyLocator($this->container, 'notification.deliverer'));
// sanity check options
//
$cnx = $this->container->getApplicationBox()->get_connection();
// --action (multiple values allowed)
$inactivityPeriod = $input->getOption('inactivity_period');
if (!preg_match("/^\d+$/", $inactivityPeriod)) {
$output->writeln("<error>invalid value form '--inactivity_period' option</error>(see possible value with --help)");
/*
$action = 0; // actions requested, as bitfield
$actions = [
'CLEAR_EMAIL' => self::CLEAR_EMAIL,
'REVOKE' => self::REVOKE,
'DELETE_DATA' => self::DELETE_DATA,
'DELETE_ALL' => self::DELETE_ALL
];
if(empty($action_parm = $input->getOption('action'))) {
$action_parm = ['clear_email', 'revoke', 'delete_data'];
}
foreach($action_parm as $a) {
$a = strtoupper($a);
if(!array_key_exists($a, $actions)) {
$output->writeln(sprintf("<error>Invalid value \"%s\" for --action option.</error>", $a));
return 1;
}
$action |= $action[$a];
}
if($action & self::DELETE_ALL && $action !== self::DELETE_ALL) {
$output->writeln(sprintf("<error>Action \"delete_all\" cannot be mixed with other action.</error>"));
return 1;
}
*/
// --older_than
$graceDuration = $input->getOption('grace_duration');
if (!preg_match("/^\d+$/", $graceDuration)) {
$output->writeln("<error>invalid value form '--grace_duration' option</error>(see possible value with --help)");
$older_than = str_replace(['-', '/', ' '], '-', $input->getOption('older_than'));
if($older_than === "") {
$output->writeln("<error>set '--older_than' option.</error>");
return 1;
}
$matches = [];
preg_match("/(\d{4}-\d{2}-\d{2})|(\d+)-(day|week|month|year)s?/i", $older_than, $matches);
$n = count($matches);
if($n === 2) {
// yyyy-mm-dd
$clauses[] = "`last_connection` < " . $matches[1];
}
elseif($n === 4 && empty($matches[1])) {
// 1-day ; 2-weeks ; ...
$expr = (int)$matches[2];
$unit = strtoupper($matches[3]);
$clauses[] = sprintf("`last_connection` < DATE_SUB(NOW(), INTERVAL %d %s)", $expr, $unit);
}
else {
$output->writeln("<error>invalid value form '--older_than' option.</error> (see possible values with --help)");
$maxRelances = $input->getOption('max_relances');
if (!preg_match("/^\d+$/", $maxRelances)) {
$output->writeln("<error>invalid value form '--max_relances' option</error>(see possible value with --help)");
return 1;
}
$clauses[] = "`admin`=0"; // dont delete super admins
$clauses[] = sprintf("`last_connection` < DATE_SUB(NOW(), INTERVAL %d day)", $inactivityPeriod);
$sql_where_u = 1;
$sql_where_ub = 1;
if ($input->getOption('usertype') == 'admin') {
$clauses[] = "`admin`=1";
} else {
$clauses[] = "`admin`=0"; // dont delete super admins
}
if ($input->getOption('usertype') == 'appowner') {
$clauses[] = "`ApiAccounts`.`id` IS NOT NULL";
} else {
$clauses[] = "ISNULL(`ApiAccounts`.`id`)";
}
if ($input->getOption('usertype') == 'ghost') {
$sql_where_u = "`u`.`bids` IS NULL";
$sql_where_ub = "`ub`.`sbids` IS NULL";
}
if ($input->getOption('usertype') == 'basket_owner') {
$clauses[] = "`Baskets`.`id` IS NOT NULL";
}
if ($input->getOption('usertype') == 'basket_participant') {
$clauses[] = "`BasketParticipants`.`id` IS NOT NULL";
$clauses[] = "`B`.`user_id` != `BasketParticipants`.`user_id`";
}
if ($input->getOption('usertype') == 'story_owner') {
$clauses[] = "`StoryWZ`.`id` IS NOT NULL";
}
$clauses[] = "`deleted`=0"; // dont delete twice
$clauses[] = "ISNULL(`model_of`)"; // dont delete models
$clauses[] = "`login`!='autoregister'"; // dont delete "autoregister"
$clauses[] = "`login`!='guest'"; // dont delete "guest"
$clauses[] = "ISNULL(`ApiAccounts`.`id`)"; // dont delete api service accounts
// --dry
if($input->getOption('dry')) {
if ($input->getOption('dry-run')) {
$dry = true;
}
if($input->getOption('show_sql')) {
if ($input->getOption('show_sql')) {
$show_sql = true;
}
if($input->getOption('yes')) {
if ($input->getOption('yes')) {
$yes = true;
}
if(!is_null($list = $input->getOption('list'))) {
if(!array_key_exists($list, self::$mapListToColumn)) {
$output->writeln(sprintf("<error>bad \"list\" value '%s'</error> (see possible values with --help)", $list));
return 1;
}
}
// do the job
//
$sql_where = join(") AND (", $clauses);
$cnx = $this->container->getApplicationBox()->get_connection();
$sql_count = "SELECT COUNT(`Users`.`id`) AS n FROM (`Users` LEFT JOIN `ApiAccounts` ON `ApiAccounts`.`user_id`=`Users`.`id`) WHERE (" . $sql_where . ")";
if($show_sql) {
$output->writeln(sprintf("sql: \"<info>%s</info>\"", $sql_count));
}
$stmt = $cnx->prepare($sql_count);
$stmt->execute();
$n = $stmt->fetchColumn(0);
$stmt->closeCursor();
if(!$list) {
$output->writeln(sprintf("Acting on %s users.", $n));
}
/** @var UserManipulator $userManipulator */
$userManipulator = $this->container['manipulator.user'];
/** @var UserRepository $userRepository */
@@ -183,90 +155,133 @@ class CleanUsersCommand extends Command
/** @var BasketRepository $basketRepository */
$basketRepository = $this->container['repo.baskets'];
$sql_list = "SELECT u.*, GROUP_CONCAT(`basusr`.`base_id` SEPARATOR ',') AS `bids`\n"
$sql_list = "SELECT * FROM \n"
. "(SELECT ub.*, GROUP_CONCAT(`basusr`.`base_id` SEPARATOR ',') AS `bids`\n"
. "FROM\n"
. "( SELECT `Users`.`id` AS `usr_id`, `Users`.`login`, `Users`.`email`, `Users`.`last_connection`, GROUP_CONCAT(`sbasusr`.`sbas_id` SEPARATOR ',') AS `sbids`\n"
. " FROM (`Users` LEFT JOIN `ApiAccounts` ON `ApiAccounts`.`user_id` = `Users`.`id`) \n"
. " LEFT JOIN `sbasusr` ON `sbasusr`.`usr_id` = `Users`.`id`\n"
. " LEFT JOIN Baskets ON Baskets.user_id = `Users`.`id`\n"
. " LEFT JOIN BasketParticipants ON BasketParticipants.user_id = `Users`.`id`\n"
. " LEFT JOIN Baskets as B ON B.id = BasketParticipants.basket_id \n"
. " LEFT JOIN StoryWZ ON StoryWZ.user_id = `Users`.`id`\n"
. " WHERE (" . $sql_where . ")"
. " GROUP BY `sbasusr`.`usr_id`\n"
. ") AS u\n"
. "LEFT JOIN `basusr` ON `basusr`.`usr_id` = `u`.`usr_id` GROUP BY `basusr`.`usr_id`";
. " GROUP BY `Users`.`id`\n"
. ") AS ub\n"
. "LEFT JOIN `basusr` ON `basusr`.`usr_id` = `ub`.`usr_id`"
. " WHERE " . $sql_where_ub ."\n"
. " GROUP BY `ub`.`usr_id`) AS u\n"
. " WHERE ". $sql_where_u ;
if($show_sql) {
if ($show_sql) {
$output->writeln(sprintf("sql: \"<info>%s</info>\"", $sql_list));
}
if(!$yes && !$list) {
$stmt = $cnx->prepare($sql_list);
$stmt->execute();
$rows = $stmt->fetchAll(\PDO::FETCH_ASSOC);
if (!$yes && !$dry) {
$helper = $this->getHelper('question');
$question = new ConfirmationQuestion(sprintf("Confirm deletion of %s user(s) [y/n] : ", $n), false);
$question = new ConfirmationQuestion(sprintf("Confirm cleanup for %s user(s) [y/n] : ", count($rows)), false);
if (!$helper->ask($input, $output, $question)) {
return 0;
}
}
$stmt = $cnx->prepare($sql_list);
$stmt->execute();
while( $row = ($stmt->fetch(\PDO::FETCH_ASSOC)) ) {
$usersList = [];
$nbUserRelanced = 0;
$nbUserDeleted = 0;
foreach ( $rows as $row ) {
if( !is_null($user = $userRepository->find($row['usr_id'])) ) {
$lastInactivityEmail = $user->getLastInactivityEmail();
$nbRelance = $user->getNbInactivityEmail();
$nowDate = new \DateTime();
if ($list) {
$s = $row[self::$mapListToColumn[$list]];
$output->write(sprintf("%s%s", $s, "\n"));
}
else {
$output->write(sprintf("%s : %s / %s (%s)", $row['usr_id'], $row['login'], $row['email'], $row['last_connection']));
$interval = sprintf('P%dD', $graceDuration);
if (!$dry) {
$acl = $this->container->getAclForUser($user);
$nowDate->sub(new \DateInterval($interval));
$action = "in grace period";
// revoke bas rights
if (!is_null($row['bids'])) {
$bids = array_map(function ($bid) {
return (int)$bid;
}, explode(',', $row['bids']));
$acl->revoke_access_from_bases($bids);
if (empty($lastInactivityEmail) || $lastInactivityEmail < $nowDate) {
// first, relance the user by email to have a grace period
if ($nbRelance < $maxRelances) {
if (!$dry) {
$this->relanceUser($user, $graceDuration);
$user->setNbInactivityEmail($nbRelance+1);
$user->setLastInactivityEmail(new \DateTime());
$userManipulator->updateUser($user);
}
$action = sprintf("max_relances=%d , found %d times relanced (will be relance if not --dry-run)", $maxRelances, $nbRelance);
$nbUserRelanced++;
} else {
if (!$dry) {
if ($input->getOption('remove_basket')) {
$baskets = $basketRepository->findBy(['user' => $user]);
$this->getBasketManipulator()->removeBaskets($baskets);
}
// delete user
$userManipulator->delete($user);
$output->write(sprintf("%s : %s / %s (%s)", $row['usr_id'], $row['login'], $row['email'], $row['last_connection']));
// revoke sbas rights
$acl->revoke_unused_sbas_rights();
// delete user
$userManipulator->delete($user);
$output->writeln(" deleted.");
}
else {
$output->writeln(" not deleted (dry mode).");
$output->writeln(" deleted.");
}
$action = sprintf("max_relances=%d , found %d times relanced (will be deleted if not --dry-run)", $maxRelances, $nbRelance);
$nbUserDeleted++;
}
}
// else we are in grace period, nothing to do
$usersList[] = [
$user->getId(),
$user->getLogin(),
$user->getLastConnection()->format('Y-m-d h:m:s'),
$action
];
}
}
$stmt->closeCursor();
/*
// clear email
if($action & self::CLEAR_EMAIL) {
$sql = "UPDATE `Users` SET `email`=NULL WHERE (" . $sql_where . ")";
if($show_sql) {
$output->writeln(sprintf("sql: \"<info>%s</info>\"", $sql));
}
if(!$dry) {
$cnx->exec($sql);
}
if ($dry) {
$output->writeln(sprintf("dry-run , %d users included in the given inactivity_period", count($rows)));
$userTable = $this->getHelperSet()->get('table');
$headers = ['id', 'login', 'last_connection', 'action'];
$userTable
->setHeaders($headers)
->setRows($usersList)
->render($output);
} else {
$output->writeln(sprintf("%d users relanced , %d in grace period, %d users deleted", $nbUserRelanced, (count($rows)-$nbUserDeleted-$nbUserRelanced), $nbUserDeleted));
}
// revoke rights
if($action & self::REVOKE) {
$sql = "DELETE "
}
*/
return 0;
}
private function relanceUser(User $user, $graceDuration)
{
/** @var TokenManipulator $tokenManipulator */
$tokenManipulator = $this->container['manipulator.token'];
$token = $tokenManipulator->create($user, TokenManipulator::TYPE_USER_RELANCE, new \DateTime("+{$graceDuration} day"));
$receiver = Receiver::fromUser($user);
$mail = MailRequestInactifAccount::create($this->container, $receiver);
$servername = $this->container['conf']->get('servername');
$mail->setButtonUrl('http://'.$servername.'/prod/?LOG='.$token->getValue());
$mail->setExpiration($token->getExpiration());
$this->deliver($mail);
}
/**
* @return BasketManipulator
*/
private function getBasketManipulator()
{
return $this->container['manipulator.basket'];
}
}

33
lib/Alchemy/Phrasea/ControllerProvider/Prod/Root.php
View File

@@ -14,10 +14,12 @@ namespace Alchemy\Phrasea\ControllerProvider\Prod;
use Alchemy\Phrasea\Application as PhraseaApplication;
use Alchemy\Phrasea\Controller\Prod\RootController;
use Alchemy\Phrasea\ControllerProvider\ControllerProviderTrait;
use Alchemy\Phrasea\Helper;
use Alchemy\Phrasea\Model\Entities\Token;
use Alchemy\Phrasea\Model\Manipulator\TokenManipulator;
use Silex\Application;
use Silex\ControllerProviderInterface;
use Silex\ServiceProviderInterface;
use Symfony\Component\HttpFoundation\Request;
class Root implements ControllerProviderInterface, ServiceProviderInterface
{
@@ -40,7 +42,7 @@ class Root implements ControllerProviderInterface, ServiceProviderInterface
public function connect(Application $app)
{
$controllers = $this->createCollection($app);
$controllers->before([$this, 'redirectOnLogRequests']);
$controllers->before('controller.prod:assertAuthenticated');
$controllers->get('/', 'controller.prod:indexAction')
@@ -48,4 +50,31 @@ class Root implements ControllerProviderInterface, ServiceProviderInterface
return $controllers;
}
public function redirectOnLogRequests(Request $request, PhraseaApplication $app)
{
if (!$request->query->has('LOG')) {
return null;
}
if ($app->getAuthenticator()->isAuthenticated()) {
$app->getAuthenticator()->closeAccount();
}
/** @var Token $token */
$token = $app['repo.tokens']->findValidToken($request->query->get('LOG'));
// actually just type user-relance can access here with token
// PHRAS-3694
if (null === $token || $token->getType() != TokenManipulator::TYPE_USER_RELANCE) {
$app->addFlash('error', $app->trans('The URL you used is out of date, please login'));
return $app->redirectPath('homepage');
}
/** @var Token $token */
$app->getAuthenticator()->openAccount($token->getUser());
return $app->redirectPath('prod');
}
}

2
lib/Alchemy/Phrasea/Core/Version.php
View File

@@ -17,7 +17,7 @@ class Version
* @var string
*/
private $number = '4.1.6-rc5';
private $number = '4.1.6-rc6';
/**
* @var string

40
lib/Alchemy/Phrasea/Model/Entities/User.php
View File

@@ -266,6 +266,16 @@ class User
*/
private $grantedApi = false;
/**
* @ORM\Column(type="integer", name="nb_inactivity_email", options={"default" = 0})
*/
private $nbInactivityEmail = 0;
/**
* @ORM\Column(type="datetime", name="last_inactivity_email", nullable=true)
*/
private $lastInactivityEmail;
/**
* Constructor
*/
@@ -1078,6 +1088,36 @@ class User
return $this;
}
public function setNbInactivityEmail($nbEnactivityEmail)
{
$this->nbInactivityEmail = $nbEnactivityEmail;
}
public function getNbInactivityEmail()
{
return $this->nbInactivityEmail;
}
/**
* @param \DateTime|null $lastInactivityEmail
*
* @return $this
*/
public function setLastInactivityEmail($lastInactivityEmail)
{
$this->lastInactivityEmail = $lastInactivityEmail;
return $this;
}
/**
* @return \DateTime|null
*/
public function getLastInactivityEmail()
{
return $this->lastInactivityEmail;
}
/**
* @return boolean
*/

1
lib/Alchemy/Phrasea/Model/Manipulator/TokenManipulator.php
View File

@@ -36,6 +36,7 @@ class TokenManipulator implements ManipulatorInterface
const TYPE_VIEW = 'view';
const TYPE_VALIDATE = 'validate';
const TYPE_RSS = 'rss';
const TYPE_USER_RELANCE = 'user-relance';
/** @var Objectmanager */
private $om;

39
lib/Alchemy/Phrasea/Notification/Mail/MailRequestInactifAccount.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
namespace Alchemy\Phrasea\Notification\Mail;
class MailRequestInactifAccount extends AbstractMailWithLink
{
/**
* @inheritDoc
*/
public function getSubject()
{
return $this->app->trans("mail:: inactif account");
}
/**
* @inheritDoc
*/
public function getMessage()
{
return $this->app->trans("mail:: your account is inactif and to be deleted!");
}
/**
* @inheritDoc
*/
public function getButtonText()
{
return $this->app->trans("mail:: connect to phraseanet");
}
/**
* @inheritDoc
*/
public function getButtonURL()
{
return $this->url;
}
}