From 15e96684c2fec4ca471f26a3d30040401c034bb6 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Wed, 6 Sep 2023 20:06:07 +0000
Subject: [PATCH] Moved authentication related macros out of MisuzuContext.

---
 public-legacy/auth/login.php              |  5 +--
 public-legacy/auth/logout.php             |  5 +--
 public-legacy/auth/password.php           |  3 +-
 public-legacy/auth/register.php           |  3 +-
 public-legacy/auth/twofactor.php          |  5 +--
 public-legacy/comments.php                | 12 ++++---
 public-legacy/forum/forum.php             | 15 +++++----
 public-legacy/forum/index.php             | 19 +++++------
 public-legacy/forum/post.php              | 10 +++---
 public-legacy/forum/posting.php           | 15 +++++----
 public-legacy/forum/topic.php             | 14 ++++----
 public-legacy/manage/changelog/change.php |  5 +--
 public-legacy/manage/forum/redirs.php     |  5 +--
 public-legacy/manage/news/post.php        |  5 +--
 public-legacy/manage/users/ban.php        |  5 +--
 public-legacy/manage/users/note.php       |  5 +--
 public-legacy/manage/users/role.php       |  5 +--
 public-legacy/manage/users/user.php       |  9 +++---
 public-legacy/manage/users/warning.php    |  5 +--
 public-legacy/members.php                 |  5 +--
 public-legacy/profile.php                 |  7 ++--
 public-legacy/search.php                  |  7 ++--
 public-legacy/settings/account.php        |  7 ++--
 public-legacy/settings/data.php           |  5 +--
 public-legacy/settings/index.php          |  3 +-
 public-legacy/settings/logs.php           |  3 +-
 public-legacy/settings/sessions.php       |  7 ++--
 public/index.php                          |  5 +--
 src/MisuzuContext.php                     | 39 +++++------------------
 src/MisuzuSasaeExtension.php              |  3 +-
 src/SharpChat/SharpChatRoutes.php         |  4 +--
 src/Users/UsersContext.php                |  7 ++--
 32 files changed, 132 insertions(+), 120 deletions(-)

diff --git a/public-legacy/auth/login.php b/public-legacy/auth/login.php
index b5e3436..48615cd 100644
--- a/public-legacy/auth/login.php
+++ b/public-legacy/auth/login.php
@@ -4,7 +4,8 @@ namespace Misuzu;
 use Exception;
 use Misuzu\Auth\AuthTokenCookie;
 
-if($msz->isLoggedIn()) {
+$authInfo = $msz->getAuthInfo();
+if($authInfo->isLoggedIn()) {
     url_redirect('index');
     return;
 }
@@ -136,7 +137,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
         break;
     }
 
-    $tokenBuilder = $msz->getAuthInfo()->getTokenInfo()->toBuilder();
+    $tokenBuilder = $authInfo->getTokenInfo()->toBuilder();
     $tokenBuilder->setUserId($userInfo);
     $tokenBuilder->setSessionToken($sessionInfo);
     $tokenBuilder->removeImpersonatedUserId();
diff --git a/public-legacy/auth/logout.php b/public-legacy/auth/logout.php
index dede271..9cda664 100644
--- a/public-legacy/auth/logout.php
+++ b/public-legacy/auth/logout.php
@@ -3,13 +3,14 @@ namespace Misuzu;
 
 use Misuzu\Auth\AuthTokenCookie;
 
-if($msz->isLoggedIn()) {
+$authInfo = $msz->getAuthInfo();
+if($authInfo->isLoggedIn()) {
     if(!CSRF::validateRequest()) {
         Template::render('auth.logout');
         return;
     }
 
-    $tokenInfo = $msz->getAuthInfo()->getTokenInfo();
+    $tokenInfo = $authInfo->getTokenInfo();
 
     $msz->getSessions()->deleteSessions(sessionTokens: $tokenInfo->getSessionToken());
 
diff --git a/public-legacy/auth/password.php b/public-legacy/auth/password.php
index e0791b2..2ab0138 100644
--- a/public-legacy/auth/password.php
+++ b/public-legacy/auth/password.php
@@ -4,7 +4,8 @@ namespace Misuzu;
 use RuntimeException;
 use Misuzu\Users\User;
 
-if($msz->isLoggedIn()) {
+$authInfo = $msz->getAuthInfo();
+if($authInfo->isLoggedIn()) {
     url_redirect('settings-account');
     return;
 }
diff --git a/public-legacy/auth/register.php b/public-legacy/auth/register.php
index aa518a3..6bfa0ce 100644
--- a/public-legacy/auth/register.php
+++ b/public-legacy/auth/register.php
@@ -4,7 +4,8 @@ namespace Misuzu;
 use RuntimeException;
 use Misuzu\Users\User;
 
-if($msz->isLoggedIn()) {
+$authInfo = $msz->getAuthInfo();
+if($authInfo->isLoggedIn()) {
     url_redirect('index');
     return;
 }
diff --git a/public-legacy/auth/twofactor.php b/public-legacy/auth/twofactor.php
index d438086..65d010e 100644
--- a/public-legacy/auth/twofactor.php
+++ b/public-legacy/auth/twofactor.php
@@ -5,7 +5,8 @@ use RuntimeException;
 use Misuzu\TOTPGenerator;
 use Misuzu\Auth\AuthTokenCookie;
 
-if($msz->isLoggedIn()) {
+$authInfo = $msz->getAuthInfo();
+if($authInfo->isLoggedIn()) {
     url_redirect('index');
     return;
 }
@@ -84,7 +85,7 @@ while(!empty($twofactor)) {
         break;
     }
 
-    $tokenBuilder = $msz->getAuthInfo()->getTokenInfo()->toBuilder();
+    $tokenBuilder = $authInfo->getTokenInfo()->toBuilder();
     $tokenBuilder->setUserId($userInfo);
     $tokenBuilder->setSessionToken($sessionInfo);
     $tokenBuilder->removeImpersonatedUserId();
diff --git a/public-legacy/comments.php b/public-legacy/comments.php
index 076e9d3..00782b9 100644
--- a/public-legacy/comments.php
+++ b/public-legacy/comments.php
@@ -3,6 +3,7 @@ namespace Misuzu;
 
 use RuntimeException;
 
+$usersCtx = $msz->getUsersContext();
 $redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? url('index');
 
 if(!is_local_url($redirect))
@@ -11,16 +12,17 @@ if(!is_local_url($redirect))
 if(!CSRF::validateRequest())
     Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::displayInfo('You must be logged in to manage comments.', 403);
 
-if($msz->hasActiveBan())
+$currentUserInfo = $authInfo->getUserInfo();
+
+if($usersCtx->hasActiveBan($currentUserInfo))
     Template::displayInfo('You have been banned, check your profile for more information.', 403);
 
-$currentUserInfo = $msz->getActiveUser();
-
 $comments = $msz->getComments();
-$perms = $msz->getAuthInfo()->getPerms('global');
+$perms = $authInfo->getPerms('global');
 
 $commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
 $commentMode = (string)filter_input(INPUT_GET, 'm');
diff --git a/public-legacy/forum/forum.php b/public-legacy/forum/forum.php
index ab2f7c8..834cf7d 100644
--- a/public-legacy/forum/forum.php
+++ b/public-legacy/forum/forum.php
@@ -15,15 +15,16 @@ try {
     Template::throwError(404);
 }
 
-$perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
+$authInfo = $msz->getAuthInfo();
+$perms = $authInfo->getPerms('forum', $categoryInfo);
 
-$currentUser = $msz->getActiveUser();
+$currentUser = $authInfo->getUserInfo();
 $currentUserId = $currentUser === null ? '0' : $currentUser->getId();
 
 if(!$perms->check(Perm::F_CATEGORY_VIEW))
     Template::throwError(403);
 
-if($msz->hasActiveBan())
+if($usersCtx->hasActiveBan($currentUser))
     $perms = $perms->apply(fn($calc) => $calc & (Perm::F_CATEGORY_LIST | Perm::F_CATEGORY_VIEW));
 
 if($categoryInfo->isLink()) {
@@ -52,7 +53,7 @@ if($categoryInfo->mayHaveChildren()) {
     $children = $forum->getCategoryChildren($categoryInfo, hidden: false, asTree: true);
 
     foreach($children as $childId => $child) {
-        $childPerms = $msz->getAuthInfo()->getPerms('forum', $child->info);
+        $childPerms = $authInfo->getPerms('forum', $child->info);
         if(!$childPerms->check(Perm::F_CATEGORY_LIST)) {
             unset($category->children[$childId]);
             continue;
@@ -62,7 +63,7 @@ if($categoryInfo->mayHaveChildren()) {
 
         if($child->info->mayHaveChildren()) {
             foreach($child->children as $grandChildId => $grandChild) {
-                $grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChild->info);
+                $grandChildPerms = $authInfo->getPerms('forum', $grandChild->info);
                 if(!$grandChildPerms->check(Perm::F_CATEGORY_LIST)) {
                     unset($child->children[$grandChildId]);
                     continue;
@@ -73,7 +74,7 @@ if($categoryInfo->mayHaveChildren()) {
                 if($grandChild->info->mayHaveTopics()) {
                     $catIds = [$grandChild->info->getId()];
                     foreach($grandChild->childIds as $greatGrandChildId) {
-                        $greatGrandChildPerms = $msz->getAuthInfo()->getPerms('forum', $greatGrandChildId);
+                        $greatGrandChildPerms = $authInfo->getPerms('forum', $greatGrandChildId);
                         if(!$greatGrandChildPerms->check(Perm::F_CATEGORY_LIST))
                             $catIds[] = $greatGrandChildId;
                     }
@@ -91,7 +92,7 @@ if($categoryInfo->mayHaveChildren()) {
         if($child->info->mayHaveChildren() || $child->info->mayHaveTopics()) {
             $catIds = [$child->info->getId()];
             foreach($child->childIds as $grandChildId) {
-                $grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChildId);
+                $grandChildPerms = $authInfo->getPerms('forum', $grandChildId);
                 if($grandChildPerms->check(Perm::F_CATEGORY_LIST))
                     $catIds[] = $grandChildId;
             }
diff --git a/public-legacy/forum/index.php b/public-legacy/forum/index.php
index 89740af..ab5531a 100644
--- a/public-legacy/forum/index.php
+++ b/public-legacy/forum/index.php
@@ -8,11 +8,12 @@ $forum = $msz->getForum();
 $usersCtx = $msz->getUsersContext();
 $mode = (string)filter_input(INPUT_GET, 'm');
 
-$currentUser = $msz->getActiveUser();
+$authInfo = $msz->getAuthInfo();
+$currentUser = $authInfo->getUserInfo();
 $currentUserId = $currentUser === null ? '0' : $currentUser->getId();
 
 if($mode === 'mark') {
-    if(!$msz->isLoggedIn())
+    if(!$authInfo->isLoggedIn())
         Template::throwError(403);
 
     $categoryId = filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
@@ -23,7 +24,7 @@ if($mode === 'mark') {
             : $forum->getCategoryChildren(parentInfo: $categoryId, includeSelf: true);
 
         foreach($categoryInfos as $categoryInfo) {
-            $perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
+            $perms = $authInfo->getPerms('forum', $categoryInfo);
             if($perms->check(Perm::F_CATEGORY_LIST))
                 $forum->updateUserReadCategory($userInfo, $categoryInfo);
         }
@@ -49,7 +50,7 @@ if($mode !== '')
 $categories = $forum->getCategories(hidden: false, asTree: true);
 
 foreach($categories as $categoryId => $category) {
-    $perms = $msz->getAuthInfo()->getPerms('forum', $category->info);
+    $perms = $authInfo->getPerms('forum', $category->info);
     if(!$perms->check(Perm::F_CATEGORY_LIST)) {
         unset($categories[$categoryId]);
         continue;
@@ -59,7 +60,7 @@ foreach($categories as $categoryId => $category) {
 
     if($category->info->mayHaveChildren())
         foreach($category->children as $childId => $child) {
-            $childPerms = $msz->getAuthInfo()->getPerms('forum', $child->info);
+            $childPerms = $authInfo->getPerms('forum', $child->info);
             if(!$childPerms->check(Perm::F_CATEGORY_LIST)) {
                 unset($category->children[$childId]);
                 continue;
@@ -70,7 +71,7 @@ foreach($categories as $categoryId => $category) {
             if($category->info->isListing()) {
                 if($child->info->mayHaveChildren()) {
                     foreach($child->children as $grandChildId => $grandChild) {
-                        $grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChild->info);
+                        $grandChildPerms = $authInfo->getPerms('forum', $grandChild->info);
                         if(!$grandChildPerms->check(Perm::F_CATEGORY_LIST)) {
                             unset($child->children[$grandChildId]);
                             continue;
@@ -81,7 +82,7 @@ foreach($categories as $categoryId => $category) {
                         if($grandChild->info->mayHaveTopics()) {
                             $catIds = [$grandChild->info->getId()];
                             foreach($grandChild->childIds as $greatGrandChildId) {
-                                $greatGrandChildPerms = $msz->getAuthInfo()->getPerms('forum', $greatGrandChildId);
+                                $greatGrandChildPerms = $authInfo->getPerms('forum', $greatGrandChildId);
                                 if($greatGrandChildPerms->check(Perm::F_CATEGORY_LIST))
                                     $catIds[] = $greatGrandChildId;
                             }
@@ -99,7 +100,7 @@ foreach($categories as $categoryId => $category) {
                 if($child->info->mayHaveChildren() || $child->info->mayHaveTopics()) {
                     $catIds = [$child->info->getId()];
                     foreach($child->childIds as $grandChildId) {
-                        $grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChildId);
+                        $grandChildPerms = $authInfo->getPerms('forum', $grandChildId);
                         if($grandChildPerms->check(Perm::F_CATEGORY_LIST))
                             $catIds[] = $grandChildId;
                     }
@@ -152,7 +153,7 @@ foreach($categories as $categoryId => $category) {
         if($category->info->mayHaveChildren() || $category->info->mayHaveTopics()) {
             $catIds = [$category->info->getId()];
             foreach($category->childIds as $childId) {
-                $childPerms = $msz->getAuthInfo()->getPerms('forum', $childId);
+                $childPerms = $authInfo->getPerms('forum', $childId);
                 if($childPerms->check(Perm::F_CATEGORY_LIST))
                     $catIds[] = $childId;
             }
diff --git a/public-legacy/forum/post.php b/public-legacy/forum/post.php
index ddc9ac0..55fe74f 100644
--- a/public-legacy/forum/post.php
+++ b/public-legacy/forum/post.php
@@ -4,6 +4,7 @@ namespace Misuzu;
 use RuntimeException;
 
 $forum = $msz->getForum();
+$usersCtx = $msz->getUsersContext();
 
 $postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
 $postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
@@ -11,13 +12,14 @@ $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) &
 
 $postRequestVerified = CSRF::validateRequest();
 
-if(!empty($postMode) && !$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!empty($postMode) && !$authInfo->isLoggedIn())
     Template::displayInfo('You must be logged in to manage posts.', 401);
 
-$currentUser = $msz->getActiveUser();
+$currentUser = $authInfo->getUserInfo();
 $currentUserId = $currentUser === null ? '0' : $currentUser->getId();
 
-if($postMode !== '' && $msz->hasActiveBan())
+if($postMode !== '' && $usersCtx->hasActiveBan($currentUser))
     Template::displayInfo('You have been banned, check your profile for more information.', 403);
 
 try {
@@ -26,7 +28,7 @@ try {
     Template::throwError(404);
 }
 
-$perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId());
+$perms = $authInfo->getPerms('forum', $postInfo->getCategoryId());
 
 if(!$perms->check(Perm::F_CATEGORY_VIEW))
     Template::throwError(403);
diff --git a/public-legacy/forum/posting.php b/public-legacy/forum/posting.php
index 0104293..71c546a 100644
--- a/public-legacy/forum/posting.php
+++ b/public-legacy/forum/posting.php
@@ -7,17 +7,18 @@ use Index\DateTime;
 use Misuzu\Forum\ForumTopicInfo;
 use Misuzu\Parsers\Parser;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(401);
 
-$currentUser = $msz->getActiveUser();
-$currentUserId = $currentUser->getId();
-if($msz->hasActiveBan())
-    Template::throwError(403);
-
 $forum = $msz->getForum();
 $usersCtx = $msz->getUsersContext();
 
+$currentUser = $authInfo->getUserInfo();
+$currentUserId = $currentUser->getId();
+if($usersCtx->hasActiveBan($currentUser))
+    Template::throwError(403);
+
 $userPostsCounts = [];
 
 $forumPostingModes = [
@@ -104,7 +105,7 @@ if(empty($forumId)) {
     $hasCategoryInfo = true;
 }
 
-$perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
+$perms = $authInfo->getPerms('forum', $categoryInfo);
 
 if($categoryInfo->isArchived()
     || (isset($topicInfo) && $topicInfo->isLocked() && !$perms->check(Perm::F_TOPIC_LOCK))
diff --git a/public-legacy/forum/topic.php b/public-legacy/forum/topic.php
index 8d1fb9d..1deedce 100644
--- a/public-legacy/forum/topic.php
+++ b/public-legacy/forum/topic.php
@@ -13,7 +13,8 @@ $categoryId = null;
 $moderationMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
 $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
 
-$currentUser = $msz->getActiveUser();
+$authInfo = $msz->getAuthInfo();
+$currentUser = $authInfo->getUserInfo();
 $currentUserId = $currentUser === null ? '0' : $currentUser->getId();
 
 if($topicId < 1 && $postId > 0) {
@@ -24,7 +25,7 @@ if($topicId < 1 && $postId > 0) {
     }
 
     $categoryId = $postInfo->getCategoryId();
-    $perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId());
+    $perms = $authInfo->getPerms('forum', $postInfo->getCategoryId());
     $canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
 
     if($postInfo->isDeleted() && !$canDeleteAny)
@@ -50,10 +51,10 @@ if(!$topicIsNuked) {
 
     if($categoryId !== (int)$topicInfo->getCategoryId()) {
         $categoryId = (int)$topicInfo->getCategoryId();
-        $perms = $msz->getAuthInfo()->getPerms('forum', $topicInfo->getCategoryId());
+        $perms = $authInfo->getPerms('forum', $topicInfo->getCategoryId());
     }
 
-    if($msz->hasActiveBan())
+    if($usersCtx->hasActiveBan($currentUser))
         $perms = $perms->apply(fn($calc) => $calc & (Perm::F_CATEGORY_LIST | Perm::F_CATEGORY_VIEW));
 
     $canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
@@ -106,10 +107,11 @@ if(in_array($moderationMode, $validModerationModes, true)) {
     if(!CSRF::validateRequest())
         Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
 
-    if(!$msz->isLoggedIn())
+    $authInfo = $authInfo;
+    if(!$authInfo->isLoggedIn())
         Template::displayInfo('You must be logged in to manage posts.', 401);
 
-    if($msz->hasActiveBan())
+    if($usersCtx->hasActiveBan($currentUser))
         Template::displayInfo('You have been banned, check your profile for more information.', 403);
 
     switch($moderationMode) {
diff --git a/public-legacy/manage/changelog/change.php b/public-legacy/manage/changelog/change.php
index a8a51c6..f1c8368 100644
--- a/public-legacy/manage/changelog/change.php
+++ b/public-legacy/manage/changelog/change.php
@@ -7,7 +7,8 @@ use Index\DateTime;
 use Index\XArray;
 use Misuzu\Changelog\Changelog;
 
-if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
     Template::throwError(403);
 
 $changeActions = [];
@@ -113,5 +114,5 @@ Template::render('manage.changelog.change', [
     'change_info_tags' => $changeTagIds,
     'change_tags' => $tagInfos,
     'change_actions' => $changeActions,
-    'change_author_id' => $msz->getActiveUser()->getId(),
+    'change_author_id' => $authInfo->getUserInfo(),
 ]);
diff --git a/public-legacy/manage/forum/redirs.php b/public-legacy/manage/forum/redirs.php
index dd55c81..8db1f28 100644
--- a/public-legacy/manage/forum/redirs.php
+++ b/public-legacy/manage/forum/redirs.php
@@ -1,7 +1,8 @@
 <?php
 namespace Misuzu;
 
-if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
     Template::throwError(403);
 
 $forum = $msz->getForum();
@@ -14,7 +15,7 @@ if($_SERVER['REQUEST_METHOD'] === 'POST') {
     $rTopicURL = trim((string)filter_input(INPUT_POST, 'topic_redir_url'));
 
     $msz->createAuditLog('FORUM_TOPIC_REDIR_CREATE', [$rTopicId]);
-    $forum->createTopicRedirect($rTopicId, $msz->getActiveUser(), $rTopicURL);
+    $forum->createTopicRedirect($rTopicId, $authInfo->getUserInfo(), $rTopicURL);
     url_redirect('manage-forum-topic-redirs');
     return;
 }
diff --git a/public-legacy/manage/news/post.php b/public-legacy/manage/news/post.php
index 11004b8..f94b118 100644
--- a/public-legacy/manage/news/post.php
+++ b/public-legacy/manage/news/post.php
@@ -3,7 +3,8 @@ namespace Misuzu;
 
 use RuntimeException;
 
-if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
     Template::throwError(403);
 
 $news = $msz->getNews();
@@ -37,7 +38,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
     $body = trim((string)filter_input(INPUT_POST, 'np_body'));
 
     if($isNew) {
-        $postInfo = $news->createPost($category, $title, $body, $featured, $msz->getActiveUser());
+        $postInfo = $news->createPost($category, $title, $body, $featured, $authInfo->getUserInfo());
     } else {
         if($category === $postInfo->getCategoryId())
             $category = null;
diff --git a/public-legacy/manage/users/ban.php b/public-legacy/manage/users/ban.php
index b1a58cf..23ca5f2 100644
--- a/public-legacy/manage/users/ban.php
+++ b/public-legacy/manage/users/ban.php
@@ -5,7 +5,8 @@ use DateTimeInterface;
 use RuntimeException;
 use Index\DateTime;
 
-if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE))
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
     Template::throwError(403);
 
 $usersCtx = $msz->getUsersContext();
@@ -33,7 +34,7 @@ try {
     Template::throwError(404);
 }
 
-$modInfo = $msz->getActiveUser();
+$modInfo = $authInfo->getUserInfo();
 
 while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
     $expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT);
diff --git a/public-legacy/manage/users/note.php b/public-legacy/manage/users/note.php
index 5d43500..9aabe71 100644
--- a/public-legacy/manage/users/note.php
+++ b/public-legacy/manage/users/note.php
@@ -3,7 +3,8 @@ namespace Misuzu;
 
 use RuntimeException;
 
-if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE))
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
     Template::throwError(403);
 
 $hasNoteId = filter_has_var(INPUT_GET, 'n');
@@ -24,7 +25,7 @@ if($hasUserId) {
         Template::throwError(404);
     }
 
-    $authorInfo = $msz->getActiveUser();
+    $authorInfo = $authInfo->getUserInfo();
 } elseif($hasNoteId) {
     $isNew = false;
 
diff --git a/public-legacy/manage/users/role.php b/public-legacy/manage/users/role.php
index 5a2632e..31c8783 100644
--- a/public-legacy/manage/users/role.php
+++ b/public-legacy/manage/users/role.php
@@ -6,7 +6,8 @@ use Index\Colour\Colour;
 use Index\Colour\ColourRGB;
 use Misuzu\Perm;
 
-$viewerPerms = $msz->getAuthInfo()->getPerms('user');
+$authInfo = $msz->getAuthInfo();
+$viewerPerms = $authInfo->getPerms('user');
 if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
     Template::throwError(403);
 
@@ -26,7 +27,7 @@ if(filter_has_var(INPUT_GET, 'r')) {
     }
 } else $isNew = true;
 
-$currentUser = $msz->getActiveUser();
+$currentUser = $authInfo->getUserInfo();
 $canEditPerms = $viewerPerms->check(Perm::U_PERMS_MANAGE);
 
 $permsInfos = $perms->getPermissionInfo(roleInfo: $roleInfo, categoryNames: Perm::INFO_FOR_ROLE);
diff --git a/public-legacy/manage/users/user.php b/public-legacy/manage/users/user.php
index b858c69..7f52bba 100644
--- a/public-legacy/manage/users/user.php
+++ b/public-legacy/manage/users/user.php
@@ -7,8 +7,9 @@ use Misuzu\Perm;
 use Misuzu\Auth\AuthTokenCookie;
 use Misuzu\Users\User;
 
-$viewerPerms = $msz->getAuthInfo()->getPerms('user');
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+$viewerPerms = $authInfo->getPerms('user');
+if(!$authInfo->isLoggedIn())
     Template::throwError(403);
 
 $usersCtx = $msz->getUsersContext();
@@ -16,7 +17,7 @@ $users = $usersCtx->getUsers();
 $roles = $usersCtx->getRoles();
 $perms = $msz->getPerms();
 
-$currentUser = $msz->getActiveUser();
+$currentUser = $authInfo->getUserInfo();
 
 $canManageUsers = $viewerPerms->check(Perm::U_USERS_MANAGE);
 $canManagePerms = $viewerPerms->check(Perm::U_PERMS_MANAGE);
@@ -66,7 +67,7 @@ if(CSRF::validateRequest() && $canEdit) {
             if($allowToImpersonate) {
                 $msz->createAuditLog('USER_IMPERSONATE', [$userInfo->getId(), $userInfo->getName()]);
 
-                $tokenBuilder = $msz->getAuthInfo()->getTokenInfo()->toBuilder();
+                $tokenBuilder = $authInfo->getTokenInfo()->toBuilder();
                 $tokenBuilder->setImpersonatedUserId($userInfo->getId());
                 $tokenInfo = $tokenBuilder->toInfo();
 
diff --git a/public-legacy/manage/users/warning.php b/public-legacy/manage/users/warning.php
index 22965fd..8c2c990 100644
--- a/public-legacy/manage/users/warning.php
+++ b/public-legacy/manage/users/warning.php
@@ -3,7 +3,8 @@ namespace Misuzu;
 
 use RuntimeException;
 
-if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
     Template::throwError(403);
 
 $usersCtx = $msz->getUsersContext();
@@ -32,7 +33,7 @@ try {
     Template::throwError(404);
 }
 
-$modInfo = $msz->getActiveUser();
+$modInfo = $authInfo->getUserInfo();
 
 while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
     $body = trim((string)filter_input(INPUT_POST, 'uw_body'));
diff --git a/public-legacy/members.php b/public-legacy/members.php
index 737bb21..9dc17ec 100644
--- a/public-legacy/members.php
+++ b/public-legacy/members.php
@@ -3,7 +3,8 @@ namespace Misuzu;
 
 use RuntimeException;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(403);
 
 // TODO: restore forum-topics and forum-posts orderings
@@ -74,7 +75,7 @@ if($roleId === null) {
     }
 }
 
-$canManageUsers = $msz->getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE);
+$canManageUsers = $authInfo->getPerms('user')->check(Perm::U_USERS_MANAGE);
 $deleted = $canManageUsers ? null : false;
 
 $rolesAll = $roles->getRoles(hidden: false);
diff --git a/public-legacy/profile.php b/public-legacy/profile.php
index efa9aa5..4969765 100644
--- a/public-legacy/profile.php
+++ b/public-legacy/profile.php
@@ -19,7 +19,8 @@ $usersCtx = $msz->getUsersContext();
 $users = $usersCtx->getUsers();
 $forum = $msz->getForum();
 
-$viewerInfo = $msz->getActiveUser();
+$authInfo = $msz->getAuthInfo();
+$viewerInfo = $authInfo->getUserInfo();
 $viewingAsGuest = $viewerInfo === null;
 $viewerId = $viewingAsGuest ? '0' : $viewerInfo->getId();
 
@@ -66,9 +67,9 @@ $notices = [];
 $userRank = $usersCtx->getUserRank($userInfo);
 $viewerRank = $usersCtx->getUserRank($viewerInfo);
 
-$viewerPerms = $msz->getAuthInfo()->getPerms('user');
+$viewerPerms = $authInfo->getPerms('user');
 
-$activeBanInfo = $msz->tryGetActiveBan($userInfo);
+$activeBanInfo = $usersCtx->tryGetActiveBan($userInfo);
 $isBanned = $activeBanInfo !== null;
 $profileFields = $msz->getProfileFields();
 $viewingOwnProfile = (string)$viewerId === $userInfo->getId();
diff --git a/public-legacy/search.php b/public-legacy/search.php
index 6d5278d..9d73164 100644
--- a/public-legacy/search.php
+++ b/public-legacy/search.php
@@ -6,7 +6,8 @@ use RuntimeException;
 use Index\XArray;
 use Misuzu\Comments\CommentsCategory;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(403);
 
 $searchQuery = !empty($_GET['q']) && is_string($_GET['q']) ? $_GET['q'] : '';
@@ -74,12 +75,12 @@ if(!empty($searchQuery)) {
         }
 
     if(empty($searchQueryEvaluated['type']) || str_starts_with($searchQueryEvaluated['type'], 'forum')) {
-        $currentUser = $msz->getActiveUser();
+        $currentUser = $authInfo->getUserInfo();
         $currentUserId = $currentUser === null ? 0 : (int)$currentUser->getId();
 
         $forumCategoryIds = XArray::where(
             $forum->getCategories(hidden: false),
-            fn($categoryInfo) => $categoryInfo->mayHaveTopics() && $msz->getAuthInfo()->getPerms('forum', $categoryInfo)->check(Perm::F_CATEGORY_VIEW)
+            fn($categoryInfo) => $categoryInfo->mayHaveTopics() && $authInfo->getPerms('forum', $categoryInfo)->check(Perm::F_CATEGORY_VIEW)
         );
 
         $forumTopicInfos = $forum->getTopics(categoryInfo: $forumCategoryIds, deleted: false, searchQuery: $searchQueryEvaluated);
diff --git a/public-legacy/settings/account.php b/public-legacy/settings/account.php
index 0b52aa8..ae79b4e 100644
--- a/public-legacy/settings/account.php
+++ b/public-legacy/settings/account.php
@@ -6,15 +6,16 @@ use Misuzu\Users\User;
 use chillerlan\QRCode\QRCode;
 use chillerlan\QRCode\QROptions;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(401);
 
 $errors = [];
 $usersCtx = $msz->getUsersContext();
 $users = $usersCtx->getUsers();
 $roles = $usersCtx->getRoles();
-$userInfo = $msz->getActiveUser();
-$isRestricted = $msz->hasActiveBan();
+$userInfo = $authInfo->getUserInfo();
+$isRestricted = $usersCtx->hasActiveBan($userInfo);
 $isVerifiedRequest = CSRF::validateRequest();
 
 if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {
diff --git a/public-legacy/settings/data.php b/public-legacy/settings/data.php
index 9c76f7e..cf31b7a 100644
--- a/public-legacy/settings/data.php
+++ b/public-legacy/settings/data.php
@@ -6,7 +6,8 @@ use Index\XString;
 use Index\IO\FileStream;
 use Misuzu\Users\UserInfo;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(401);
 
 $dbConn = $msz->getDbConn();
@@ -98,7 +99,7 @@ function db_to_zip(ZipArchive $archive, UserInfo $userInfo, string $baseName, ar
 }
 
 $errors = [];
-$userInfo = $msz->getActiveUser();
+$userInfo = $authInfo->getUserInfo();
 
 if(isset($_POST['action']) && is_string($_POST['action'])) {
     if(isset($_POST['password']) && is_string($_POST['password'])
diff --git a/public-legacy/settings/index.php b/public-legacy/settings/index.php
index a5ef449..bcf8f4c 100644
--- a/public-legacy/settings/index.php
+++ b/public-legacy/settings/index.php
@@ -1,7 +1,8 @@
 <?php
 namespace Misuzu;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(401);
 
 url_redirect('settings-account');
diff --git a/public-legacy/settings/logs.php b/public-legacy/settings/logs.php
index ac19d04..eb34253 100644
--- a/public-legacy/settings/logs.php
+++ b/public-legacy/settings/logs.php
@@ -3,7 +3,8 @@ namespace Misuzu;
 
 use Misuzu\Pagination;
 
-$currentUser = $msz->getActiveUser();
+$authInfo = $msz->getAuthInfo();
+$currentUser = $authInfo->getUserInfo();
 if($currentUser === null)
     Template::throwError(401);
 
diff --git a/public-legacy/settings/sessions.php b/public-legacy/settings/sessions.php
index 6852b1a..79ef98c 100644
--- a/public-legacy/settings/sessions.php
+++ b/public-legacy/settings/sessions.php
@@ -3,13 +3,14 @@ namespace Misuzu;
 
 use RuntimeException;
 
-if(!$msz->isLoggedIn())
+$authInfo = $msz->getAuthInfo();
+if(!$authInfo->isLoggedIn())
     Template::throwError(401);
 
 $errors = [];
 $sessions = $msz->getSessions();
-$currentUser = $msz->getActiveUser();
-$activeSessionId = $msz->getAuthInfo()->getSessionId();
+$currentUser = $authInfo->getUserInfo();
+$activeSessionId = $authInfo->getSessionId();
 
 while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
     $sessionId = (string)filter_input(INPUT_POST, 'session');
diff --git a/public/index.php b/public/index.php
index deaac90..6eb9039 100644
--- a/public/index.php
+++ b/public/index.php
@@ -117,11 +117,12 @@ if($tokenInfo->hasUserId() && $tokenInfo->hasSessionToken()) {
     }
 }
 
-$msz->getAuthInfo()->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
+$authInfo = $msz->getAuthInfo();
+$authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
 
 CSRF::init(
     $cfg->getString('csrf.secret', 'soup'),
-    ($msz->isLoggedIn() ? $sessionInfo->getToken() : $_SERVER['REMOTE_ADDR'])
+    ($authInfo->isLoggedIn() ? $sessionInfo->getToken() : $_SERVER['REMOTE_ADDR'])
 );
 
 $msz->startTemplating();
diff --git a/src/MisuzuContext.php b/src/MisuzuContext.php
index 75d4c5d..65529ea 100644
--- a/src/MisuzuContext.php
+++ b/src/MisuzuContext.php
@@ -183,32 +183,9 @@ class MisuzuContext {
         return $this->authInfo;
     }
 
-    // isLoggedIn and getActiveUser are proxied for convenience, supply authInfo to things in the future
-    public function isLoggedIn(): bool {
-        return $this->authInfo->isLoggedIn();
-    }
-
-    public function getActiveUser(): ?UserInfo {
-        return $this->authInfo->getUserInfo();
-    }
-
-    public function tryGetActiveBan(UserInfo|string|null $userInfo = null): ?BanInfo {
-        if($userInfo === null) {
-            if($this->isLoggedIn())
-                $userInfo = $this->getActiveUser();
-            else return null;
-        }
-
-        return $this->usersCtx->tryGetActiveBan($userInfo);
-    }
-
-    public function hasActiveBan(UserInfo|string|null $userInfo = null): bool {
-        return $this->tryGetActiveBan($userInfo) !== null;
-    }
-
     public function createAuditLog(string $action, array $params = [], UserInfo|string|null $userInfo = null): void {
-        if($userInfo === null && $this->isLoggedIn())
-            $userInfo = $this->getActiveUser();
+        if($userInfo === null && $this->authInfo->isLoggedIn())
+            $userInfo = $this->authInfo->getUserInfo();
 
         $this->auditLog->createLog(
             $userInfo,
@@ -221,8 +198,9 @@ class MisuzuContext {
 
     private ?bool $hasManageAccess = null;
     public function hasManageAccess(): bool {
-        $this->hasManageAccess ??= $this->authInfo->isLoggedIn() && !$this->hasActiveBan()
-            && $this->getAuthInfo()->getPerms('global')->check(Perm::G_IS_JANITOR);
+        $this->hasManageAccess ??= $this->authInfo->isLoggedIn()
+            && !$this->usersCtx->hasActiveBan($this->authInfo->getUserInfo())
+            && $this->authInfo->getPerms('global')->check(Perm::G_IS_JANITOR);
         return $this->hasManageAccess;
     }
 
@@ -245,12 +223,11 @@ class MisuzuContext {
             ['eeprom.app:s', '', 'eeprom_app'],
         ]);
 
-        $authInfo = $this->getAuthInfo();
         $globals['assets'] = $this->getWebAssetInfo();
-        $globals['auth_info'] = $authInfo;
-        $globals['active_ban_info'] = $this->tryGetActiveBan();
+        $globals['auth_info'] = $this->authInfo;
+        $globals['active_ban_info'] = $this->usersCtx->tryGetActiveBan($this->authInfo->getUserInfo());
         $globals['display_timings_info'] = MSZ_DEBUG
-            || $authInfo->getPerms('global')->check(Perm::G_TIMINGS_VIEW);
+            || $this->authInfo->getPerms('global')->check(Perm::G_TIMINGS_VIEW);
 
         $templating = new SasaeEnvironment(
             MSZ_TEMPLATES,
diff --git a/src/MisuzuSasaeExtension.php b/src/MisuzuSasaeExtension.php
index d8ec486..8c53b99 100644
--- a/src/MisuzuSasaeExtension.php
+++ b/src/MisuzuSasaeExtension.php
@@ -129,6 +129,7 @@ final class MisuzuSasaeExtension extends AbstractExtension {
     public function getUserMenu(bool $inBroomCloset, string $manageUrl = ''): array {
         $menu = [];
         $authInfo = $this->ctx->getAuthInfo();
+        $usersCtx = $this->ctx->getUsersContext();
 
         if($authInfo->isLoggedIn()) {
             $userInfo = $authInfo->getUserInfo();
@@ -149,7 +150,7 @@ final class MisuzuSasaeExtension extends AbstractExtension {
                 'icon' => 'fas fa-search fa-fw',
             ];
 
-            if(!$this->ctx->hasActiveBan($userInfo) && $authInfo->getPerms('global')->check(Perm::G_IS_JANITOR)) {
+            if(!$usersCtx->hasActiveBan($userInfo) && $authInfo->getPerms('global')->check(Perm::G_IS_JANITOR)) {
                 // restore behaviour where clicking this button switches between
                 // site version and broom version
                 if($inBroomCloset)
diff --git a/src/SharpChat/SharpChatRoutes.php b/src/SharpChat/SharpChatRoutes.php
index 88bdeaf..7c4a475 100644
--- a/src/SharpChat/SharpChatRoutes.php
+++ b/src/SharpChat/SharpChatRoutes.php
@@ -317,7 +317,7 @@ final class SharpChatRoutes implements IRouteHandler {
                 $userId = '';
             }
 
-        $banInfo = $this->usersCtx->getBans()->tryGetActiveBan($userId);
+        $banInfo = $this->usersCtx->tryGetActiveBan($userId);
         if($banInfo === null)
             return ['is_ban' => false];
 
@@ -421,7 +421,7 @@ final class SharpChatRoutes implements IRouteHandler {
         if($type !== 'user')
             return 404;
 
-        $banInfo = $this->usersCtx->getBans()->tryGetActiveBan($subject);
+        $banInfo = $this->usersCtx->tryGetActiveBan($subject);
         if($banInfo === null)
             return 404;
 
diff --git a/src/Users/UsersContext.php b/src/Users/UsersContext.php
index 68f5545..55a8454 100644
--- a/src/Users/UsersContext.php
+++ b/src/Users/UsersContext.php
@@ -94,7 +94,10 @@ class UsersContext {
         return $this->activeBans[$userInfo];
     }
 
-    public function hasActiveBan(UserInfo|string|null $userInfo = null): bool {
-        return $this->tryGetActiveBan($userInfo) !== null;
+    public function hasActiveBan(
+        UserInfo|string|null $userInfo = null,
+        int $minimumSeverity = Bans::SEVERITY_MIN
+    ): bool {
+        return $this->tryGetActiveBan($userInfo, $minimumSeverity) !== null;
     }
 }