1<?php
2
3use dokuwiki\Extension\AuthPlugin;
4use dokuwiki\plugin\pureldap\classes\ADClient;
5use dokuwiki\plugin\pureldap\classes\Client;
6
7/**
8 * DokuWiki Plugin pureldap (Auth Component)
9 *
10 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
11 * @author  Andreas Gohr <andi@splitbrain.org>
12 */
13class auth_plugin_pureldap extends AuthPlugin
14{
15    /** @var Client */
16    public $client;
17
18    /**
19     * Constructor.
20     */
21    public function __construct()
22    {
23        global $conf;
24        parent::__construct(); // for compatibility
25
26        // prepare the base client
27        $this->loadConfig();
28        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
29        $this->conf['defaultgroup'] = $conf['defaultgroup'];
30
31        $this->client = new ADClient($this->conf); // FIXME decide class on config
32
33        // set capabilities
34        $this->cando['getUsers'] = true;
35        $this->cando['getGroups'] = true;
36        $this->cando['logout'] = !$this->client->getConf('sso');
37        if ($this->client->getConf('encryption') !== 'none') {
38            // with encryption passwords can be changed
39            // for resetting passwords a privileged user is needed
40            $this->cando['modPass'] = true;
41        }
42
43
44        $this->success = true;
45    }
46
47    /** @inheritDoc */
48    public function checkPass($user, $pass)
49    {
50        global $INPUT;
51
52        // when SSO is enabled, the login is autotriggered and we simply trust the environment
53        if (
54            $this->client->getConf('sso') &&
55            $INPUT->server->str('REMOTE_USER') !== '' &&
56            $INPUT->server->str('REMOTE_USER') == $user
57        ) {
58            return true;
59        }
60
61        // try to bind with the user credentials, client will stay authenticated as user
62        $this->client = new ADClient($this->conf); // FIXME decide class on config
63        return $this->client->authenticate($user, $pass);
64    }
65
66    /** @inheritDoc */
67    public function getUserData($user, $requireGroups = true)
68    {
69        $info = $this->client->getCachedUser($user, $requireGroups);
70        return $info ?: false;
71    }
72
73    /**
74     * @inheritDoc
75     */
76    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
77    {
78        return array_slice(
79            $this->client->getFilteredUsers(
80                $filter,
81                Client::FILTER_CONTAINS
82            ),
83            $start,
84            $limit
85        );
86    }
87
88    /** @inheritDoc */
89    public function retrieveGroups($start = 0, $limit = 0)
90    {
91        return array_slice($this->client->getCachedGroups(), $start, $limit);
92    }
93
94    /** @inheritDoc */
95    public function isCaseSensitive()
96    {
97        return false;
98    }
99
100    /** @inheritDoc */
101    public function cleanUser($user)
102    {
103        return $this->client->cleanUser($user);
104    }
105
106    /** @inheritDoc */
107    public function cleanGroup($group)
108    {
109        return $group;
110    }
111
112    /** @inheritDoc */
113    public function useSessionCache($user)
114    {
115        return true;
116    }
117
118    /**
119     * Support password changing
120     * @inheritDoc
121     */
122    public function modifyUser($user, $changes)
123    {
124        if (empty($changes['pass'])) {
125            $this->client->error('Only password changes are supported', __FILE__, __LINE__);
126            return false;
127        }
128
129        global $INPUT;
130        return $this->client->setPassword($user, $changes['pass'], $INPUT->str('oldpass', null, true));
131    }
132}
133