xref: /dokuwiki/lib/plugins/authplain/auth.php (revision 74981a4e680e4586b25ac0a679add084112cd604) 
1<?php
2
3use dokuwiki\Logger;
4use dokuwiki\Utf8\Sort;
5
6/**
7 * Plaintext authentication backend
8 *
9 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
10 * @author     Andreas Gohr <andi@splitbrain.org>
11 * @author     Chris Smith <chris@jalakai.co.uk>
12 * @author     Jan Schumann <js@schumann-it.com>
13 */
14class auth_plugin_authplain extends DokuWiki_Auth_Plugin
15{
16    /** @var array user cache */
17    protected $users;
18
19    /** @var array filter pattern */
20    protected $pattern = [];
21
22    /** @var bool safe version of preg_split */
23    protected $pregsplit_safe = false;
24
25    /**
26     * Constructor
27     *
28     * Carry out sanity checks to ensure the object is
29     * able to operate. Set capabilities.
30     *
31     * @author  Christopher Smith <chris@jalakai.co.uk>
32     */
33    public function __construct()
34    {
35        parent::__construct();
36        global $config_cascade;
37
38        if (!@is_readable($config_cascade['plainauth.users']['default'])) {
39            $this->success = false;
40        } else {
41            if (@is_writable($config_cascade['plainauth.users']['default'])) {
42                $this->cando['addUser']   = true;
43                $this->cando['delUser']   = true;
44                $this->cando['modLogin']  = true;
45                $this->cando['modPass']   = true;
46                $this->cando['modName']   = true;
47                $this->cando['modMail']   = true;
48                $this->cando['modGroups'] = true;
49            }
50            $this->cando['getUsers']     = true;
51            $this->cando['getUserCount'] = true;
52            $this->cando['getGroups']    = true;
53        }
54    }
55
56    /**
57     * Check user+password
58     *
59     * Checks if the given user exists and the given
60     * plaintext password is correct
61     *
62     * @author  Andreas Gohr <andi@splitbrain.org>
63     * @param string $user
64     * @param string $pass
65     * @return  bool
66     */
67    public function checkPass($user, $pass)
68    {
69        $userinfo = $this->getUserData($user);
70        if ($userinfo === false) return false;
71
72        return auth_verifyPassword($pass, $this->users[$user]['pass']);
73    }
74
75    /**
76     * Return user info
77     *
78     * Returns info about the given user needs to contain
79     * at least these fields:
80     *
81     * name string  full name of the user
82     * mail string  email addres of the user
83     * grps array   list of groups the user is in
84     *
85     * @author  Andreas Gohr <andi@splitbrain.org>
86     * @param string $user
87     * @param bool $requireGroups  (optional) ignored by this plugin, grps info always supplied
88     * @return array|false
89     */
90    public function getUserData($user, $requireGroups = true)
91    {
92        if ($this->users === null) $this->loadUserData();
93        return $this->users[$user] ?? false;
94    }
95
96    /**
97     * Creates a string suitable for saving as a line
98     * in the file database
99     * (delimiters escaped, etc.)
100     *
101     * @param string $user
102     * @param string $pass
103     * @param string $name
104     * @param string $mail
105     * @param array  $grps list of groups the user is in
106     * @return string
107     */
108    protected function createUserLine($user, $pass, $name, $mail, $grps)
109    {
110        $groups   = implode(',', $grps);
111        $userline = [$user, $pass, $name, $mail, $groups];
112        $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
113        $userline = str_replace(':', '\\:', $userline); // escape : as \:
114        $userline = implode(':', $userline)."\n";
115        return $userline;
116    }
117
118    /**
119     * Create a new User
120     *
121     * Returns false if the user already exists, null when an error
122     * occurred and true if everything went well.
123     *
124     * The new user will be added to the default group by this
125     * function if grps are not specified (default behaviour).
126     *
127     * @author  Andreas Gohr <andi@splitbrain.org>
128     * @author  Chris Smith <chris@jalakai.co.uk>
129     *
130     * @param string $user
131     * @param string $pwd
132     * @param string $name
133     * @param string $mail
134     * @param array  $grps
135     * @return bool|null|string
136     */
137    public function createUser($user, $pwd, $name, $mail, $grps = null)
138    {
139        global $conf;
140        global $config_cascade;
141
142        // user mustn't already exist
143        if ($this->getUserData($user) !== false) {
144            msg($this->getLang('userexists'), -1);
145            return false;
146        }
147
148        $pass = auth_cryptPassword($pwd);
149
150        // set default group if no groups specified
151        if (!is_array($grps)) $grps = [$conf['defaultgroup']];
152
153        // prepare user line
154        $userline = $this->createUserLine($user, $pass, $name, $mail, $grps);
155
156        if (!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
157            msg($this->getLang('writefail'), -1);
158            return null;
159        }
160
161        $this->users[$user] = [
162            'pass' => $pass,
163            'name' => $name,
164            'mail' => $mail,
165            'grps' => $grps
166        ];
167        return $pwd;
168    }
169
170    /**
171     * Modify user data
172     *
173     * @author  Chris Smith <chris@jalakai.co.uk>
174     * @param   string $user      nick of the user to be changed
175     * @param   array  $changes   array of field/value pairs to be changed (password will be clear text)
176     * @return  bool
177     */
178    public function modifyUser($user, $changes)
179    {
180        global $ACT;
181        global $config_cascade;
182
183        // sanity checks, user must already exist and there must be something to change
184        if (($userinfo = $this->getUserData($user)) === false) {
185            msg($this->getLang('usernotexists'), -1);
186            return false;
187        }
188
189        // don't modify protected users
190        if (!empty($userinfo['protected'])) {
191            msg(sprintf($this->getLang('protected'), hsc($user)), -1);
192            return false;
193        }
194
195        if (!is_array($changes) || $changes === []) return true;
196
197        // update userinfo with new data, remembering to encrypt any password
198        $newuser = $user;
199        foreach ($changes as $field => $value) {
200            if ($field == 'user') {
201                $newuser = $value;
202                continue;
203            }
204            if ($field == 'pass') $value = auth_cryptPassword($value);
205            $userinfo[$field] = $value;
206        }
207
208        $userline = $this->createUserLine(
209            $newuser,
210            $userinfo['pass'],
211            $userinfo['name'],
212            $userinfo['mail'],
213            $userinfo['grps']
214        );
215
216        if (!io_replaceInFile($config_cascade['plainauth.users']['default'], '/^'.$user.':/', $userline, true)) {
217            msg('There was an error modifying your user data. You may need to register again.', -1);
218            // FIXME, io functions should be fail-safe so existing data isn't lost
219            $ACT = 'register';
220            return false;
221        }
222
223        if(isset($this->users[$user])) unset($this->users[$user]);
224        $this->users[$newuser] = $userinfo;
225        return true;
226    }
227
228    /**
229     * Remove one or more users from the list of registered users
230     *
231     * @author  Christopher Smith <chris@jalakai.co.uk>
232     * @param   array  $users   array of users to be deleted
233     * @return  int             the number of users deleted
234     */
235    public function deleteUsers($users)
236    {
237        global $config_cascade;
238
239        if (!is_array($users) || $users === []) return 0;
240
241        if ($this->users === null) $this->loadUserData();
242
243        $deleted = [];
244        foreach ($users as $user) {
245            // don't delete protected users
246            if (!empty($this->users[$user]['protected'])) {
247                msg(sprintf($this->getLang('protected'), hsc($user)), -1);
248                continue;
249            }
250            if (isset($this->users[$user])) $deleted[] = preg_quote($user, '/');
251        }
252
253        if ($deleted === []) return 0;
254
255        $pattern = '/^('.implode('|', $deleted).'):/';
256        if (!io_deleteFromFile($config_cascade['plainauth.users']['default'], $pattern, true)) {
257            msg($this->getLang('writefail'), -1);
258            return 0;
259        }
260
261        // reload the user list and count the difference
262        $count = count($this->users);
263        $this->loadUserData();
264        $count -= count($this->users);
265        return $count;
266    }
267
268    /**
269     * Return a count of the number of user which meet $filter criteria
270     *
271     * @author  Chris Smith <chris@jalakai.co.uk>
272     *
273     * @param array $filter
274     * @return int
275     */
276    public function getUserCount($filter = [])
277    {
278
279        if ($this->users === null) $this->loadUserData();
280
281        if ($filter === []) return count($this->users);
282
283        $count = 0;
284        $this->constructPattern($filter);
285
286        foreach ($this->users as $user => $info) {
287            $count += $this->filter($user, $info);
288        }
289
290        return $count;
291    }
292
293    /**
294     * Bulk retrieval of user data
295     *
296     * @author  Chris Smith <chris@jalakai.co.uk>
297     *
298     * @param   int   $start index of first user to be returned
299     * @param   int   $limit max number of users to be returned
300     * @param   array $filter array of field/pattern pairs
301     * @return  array userinfo (refer getUserData for internal userinfo details)
302     */
303    public function retrieveUsers($start = 0, $limit = 0, $filter = [])
304    {
305
306        if ($this->users === null) $this->loadUserData();
307
308        Sort::ksort($this->users);
309
310        $i     = 0;
311        $count = 0;
312        $out   = [];
313        $this->constructPattern($filter);
314
315        foreach ($this->users as $user => $info) {
316            if ($this->filter($user, $info)) {
317                if ($i >= $start) {
318                    $out[$user] = $info;
319                    $count++;
320                    if (($limit > 0) && ($count >= $limit)) break;
321                }
322                $i++;
323            }
324        }
325
326        return $out;
327    }
328
329    /**
330     * Retrieves groups.
331     * Loads complete user data into memory before searching for groups.
332     *
333     * @param   int   $start index of first group to be returned
334     * @param   int   $limit max number of groups to be returned
335     * @return  array
336     */
337    public function retrieveGroups($start = 0, $limit = 0)
338    {
339        $groups = [];
340
341        if ($this->users === null) $this->loadUserData();
342        foreach($this->users as $info) {
343            $groups = array_merge($groups, array_diff($info['grps'], $groups));
344        }
345        Sort::ksort($groups);
346
347        if($limit > 0) {
348            return array_splice($groups, $start, $limit);
349        }
350        return array_splice($groups, $start);
351    }
352
353    /**
354     * Only valid pageid's (no namespaces) for usernames
355     *
356     * @param string $user
357     * @return string
358     */
359    public function cleanUser($user)
360    {
361        global $conf;
362
363        return cleanID(str_replace([':', '/', ';'], $conf['sepchar'], $user));
364    }
365
366    /**
367     * Only valid pageid's (no namespaces) for groupnames
368     *
369     * @param string $group
370     * @return string
371     */
372    public function cleanGroup($group)
373    {
374        global $conf;
375
376        return cleanID(str_replace([':', '/', ';'], $conf['sepchar'], $group));
377    }
378
379    /**
380     * Load all user data
381     *
382     * loads the user file into a datastructure
383     *
384     * @author  Andreas Gohr <andi@splitbrain.org>
385     */
386    protected function loadUserData()
387    {
388        global $config_cascade;
389
390        $this->users = $this->readUserFile($config_cascade['plainauth.users']['default']);
391
392        // support protected users
393        if (!empty($config_cascade['plainauth.users']['protected'])) {
394            $protected = $this->readUserFile($config_cascade['plainauth.users']['protected']);
395            foreach (array_keys($protected) as $key) {
396                $protected[$key]['protected'] = true;
397            }
398            $this->users = array_merge($this->users, $protected);
399        }
400    }
401
402    /**
403     * Read user data from given file
404     *
405     * ignores non existing files
406     *
407     * @param string $file the file to load data from
408     * @return array
409     */
410    protected function readUserFile($file)
411    {
412        $users = [];
413        if (!file_exists($file)) return $users;
414
415        $lines = file($file);
416        foreach ($lines as $line) {
417            $line = preg_replace('/#.*$/', '', $line); //ignore comments
418            $line = trim($line);
419            if (empty($line)) continue;
420
421            $row = $this->splitUserData($line);
422            $row = str_replace('\\:', ':', $row);
423            $row = str_replace('\\\\', '\\', $row);
424
425            $groups = array_values(array_filter(explode(",", $row[4])));
426
427            $users[$row[0]]['pass'] = $row[1];
428            $users[$row[0]]['name'] = urldecode($row[2]);
429            $users[$row[0]]['mail'] = $row[3];
430            $users[$row[0]]['grps'] = $groups;
431        }
432        return $users;
433    }
434
435    /**
436     * Get the user line split into it's parts
437     *
438     * @param string $line
439     * @return string[]
440     */
441    protected function splitUserData($line)
442    {
443        $data = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5);       // allow for : escaped as \:
444        if(count($data) < 5) {
445            $data = array_pad($data, 5, '');
446            Logger::error('User line with less than 5 fields. Possibly corruption in your user file', $data);
447        }
448        return $data;
449    }
450
451    /**
452     * return true if $user + $info match $filter criteria, false otherwise
453     *
454     * @author   Chris Smith <chris@jalakai.co.uk>
455     *
456     * @param string $user User login
457     * @param array  $info User's userinfo array
458     * @return bool
459     */
460    protected function filter($user, $info)
461    {
462        foreach ($this->pattern as $item => $pattern) {
463            if ($item == 'user') {
464                if (!preg_match($pattern, $user)) return false;
465            } elseif ($item == 'grps') {
466                if (!count(preg_grep($pattern, $info['grps']))) return false;
467            } elseif (!preg_match($pattern, $info[$item])) {
468                return false;
469            }
470        }
471        return true;
472    }
473
474    /**
475     * construct a filter pattern
476     *
477     * @param array $filter
478     */
479    protected function constructPattern($filter)
480    {
481        $this->pattern = [];
482        foreach ($filter as $item => $pattern) {
483            $this->pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters
484        }
485    }
486}
487