1<?php
2
3use dokuwiki\Extension\AuthPlugin;
4use dokuwiki\Extension\RemotePlugin;
5use dokuwiki\Remote\AccessDeniedException;
6use dokuwiki\Remote\RemoteException;
7
8/**
9 * DokuWiki Plugin usermanager (Action Component)
10 *
11 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
12 * @author Chris Smith <chris@jalakai.co.uk>
13 */
14class remote_plugin_usermanager extends RemotePlugin
15{
16    /**
17     * Create a new user
18     *
19     * If no password is provided, a password is auto generated. If the user can't be created
20     * by the auth backend a return value of `false` is returned. You need to check this return
21     * value rather than relying on the error code only.
22     *
23     * Superuser permission are required to create users.
24     *
25     * @param string $user The user's login name
26     * @param string $name The user's full name
27     * @param string $mail The user's email address
28     * @param string[] $groups The groups the user should be in
29     * @param string $password The user's password, empty for autogeneration
30     * @param bool $notify Whether to send a notification email to the user
31     * @return bool Wether the user was successfully created
32     * @throws AccessDeniedException
33     * @throws RemoteException
34     * @todo handle error messages from auth backend
35     */
36    public function createUser($user, $name, $mail, $groups, $password = '', $notify = false)
37    {
38        if (!auth_isadmin()) {
39            throw new AccessDeniedException('Only admins are allowed to create users', 114);
40        }
41
42        /** @var AuthPlugin $auth */
43        global $auth;
44
45        if (!$auth->canDo('addUser')) {
46            throw new AccessDeniedException(
47                sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()),
48                404
49            );
50        }
51
52        $user = trim($auth->cleanUser($user));
53        $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name));
54        $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail));
55
56        if ($user === '') throw new RemoteException('empty or invalid user', 401);
57        if ($name === '') throw new RemoteException('empty or invalid user name', 402);
58        if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403);
59
60        if ((string)$password === '') {
61            try {
62                $password = auth_pwgen($user);
63            } catch (\Exception $e) {
64                throw new RemoteException('Could not generate password', 405);
65            }
66        }
67
68        if (!is_array($groups) || $groups === []) {
69            $groups = null;
70        }
71
72        $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]);
73
74        if ($ok && $notify) {
75            auth_sendPassword($user, $password);
76        }
77
78        return $ok;
79    }
80
81
82    /**
83     * Remove a user
84     *
85     * You need to be a superuser to delete users.
86     *
87     * @param string[] $user The login name of the user to delete
88     * @return bool wether the user was successfully deleted
89     * @throws AccessDeniedException
90     * @todo handle error messages from auth backend
91     */
92    public function deleteUser($user)
93    {
94        if (!auth_isadmin()) {
95            throw new AccessDeniedException('Only admins are allowed to delete users', 114);
96        }
97
98        global $auth;
99        if (!$auth->canDo('delUser')) {
100            throw new AccessDeniedException(
101                sprintf('Authentication backend %s can\'t do delUser', $auth->getPluginName()),
102                404
103            );
104        }
105
106        /** @var AuthPlugin $auth */
107        global $auth;
108        return (bool)$auth->triggerUserMod('delete', [[$user]]);
109    }
110}
111