1*0caa81c7SAndreas Gohr<?php 2*0caa81c7SAndreas Gohr 3*0caa81c7SAndreas Gohruse dokuwiki\Extension\AuthPlugin; 4*0caa81c7SAndreas Gohruse dokuwiki\Extension\RemotePlugin; 5*0caa81c7SAndreas Gohruse dokuwiki\Remote\AccessDeniedException; 6*0caa81c7SAndreas Gohruse dokuwiki\Remote\RemoteException; 7*0caa81c7SAndreas Gohr 8*0caa81c7SAndreas Gohr/** 9*0caa81c7SAndreas Gohr * DokuWiki Plugin usermanager (Action Component) 10*0caa81c7SAndreas Gohr * 11*0caa81c7SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 12*0caa81c7SAndreas Gohr * @author Chris Smith <chris@jalakai.co.uk> 13*0caa81c7SAndreas Gohr */ 14*0caa81c7SAndreas Gohrclass remote_plugin_usermanager extends RemotePlugin 15*0caa81c7SAndreas Gohr{ 16*0caa81c7SAndreas Gohr 17*0caa81c7SAndreas Gohr /** 18*0caa81c7SAndreas Gohr * Create a new user 19*0caa81c7SAndreas Gohr * 20*0caa81c7SAndreas Gohr * If no password is provided, a password is auto generated. If the user can't be created 21*0caa81c7SAndreas Gohr * by the auth backend a return value of `false` is returned. You need to check this return 22*0caa81c7SAndreas Gohr * value rather than relying on the error code only. 23*0caa81c7SAndreas Gohr * 24*0caa81c7SAndreas Gohr * Superuser permission are required to create users. 25*0caa81c7SAndreas Gohr * 26*0caa81c7SAndreas Gohr * @param string $user The user's login name 27*0caa81c7SAndreas Gohr * @param string $name The user's full name 28*0caa81c7SAndreas Gohr * @param string $mail The user's email address 29*0caa81c7SAndreas Gohr * @param string[] $groups The groups the user should be in 30*0caa81c7SAndreas Gohr * @param string $password The user's password, empty for autogeneration 31*0caa81c7SAndreas Gohr * @param bool $notify Whether to send a notification email to the user 32*0caa81c7SAndreas Gohr * @return bool Wether the user was successfully created 33*0caa81c7SAndreas Gohr * @throws AccessDeniedException 34*0caa81c7SAndreas Gohr * @throws RemoteException 35*0caa81c7SAndreas Gohr * @todo handle error messages from auth backend 36*0caa81c7SAndreas Gohr */ 37*0caa81c7SAndreas Gohr public function createUser($user, $name, $mail, $groups, $password = '', $notify = false) 38*0caa81c7SAndreas Gohr { 39*0caa81c7SAndreas Gohr if (!auth_isadmin()) { 40*0caa81c7SAndreas Gohr throw new AccessDeniedException('Only admins are allowed to create users', 114); 41*0caa81c7SAndreas Gohr } 42*0caa81c7SAndreas Gohr 43*0caa81c7SAndreas Gohr /** @var AuthPlugin $auth */ 44*0caa81c7SAndreas Gohr global $auth; 45*0caa81c7SAndreas Gohr 46*0caa81c7SAndreas Gohr if (!$auth->canDo('addUser')) { 47*0caa81c7SAndreas Gohr throw new AccessDeniedException( 48*0caa81c7SAndreas Gohr sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()), 49*0caa81c7SAndreas Gohr 114 50*0caa81c7SAndreas Gohr ); 51*0caa81c7SAndreas Gohr } 52*0caa81c7SAndreas Gohr 53*0caa81c7SAndreas Gohr $user = trim($auth->cleanUser($user)); 54*0caa81c7SAndreas Gohr $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name)); 55*0caa81c7SAndreas Gohr $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail)); 56*0caa81c7SAndreas Gohr 57*0caa81c7SAndreas Gohr if ($user === '') throw new RemoteException('empty or invalid user', 401); 58*0caa81c7SAndreas Gohr if ($name === '') throw new RemoteException('empty or invalid user name', 402); 59*0caa81c7SAndreas Gohr if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403); 60*0caa81c7SAndreas Gohr 61*0caa81c7SAndreas Gohr if ((string)$password === '') { 62*0caa81c7SAndreas Gohr try { 63*0caa81c7SAndreas Gohr $password = auth_pwgen($user); 64*0caa81c7SAndreas Gohr } catch (\Exception $e) { 65*0caa81c7SAndreas Gohr throw new RemoteException('Could not generate password', 404); // FIXME adjust code 66*0caa81c7SAndreas Gohr } 67*0caa81c7SAndreas Gohr } 68*0caa81c7SAndreas Gohr 69*0caa81c7SAndreas Gohr if (!is_array($groups) || $groups === []) { 70*0caa81c7SAndreas Gohr $groups = null; 71*0caa81c7SAndreas Gohr } 72*0caa81c7SAndreas Gohr 73*0caa81c7SAndreas Gohr $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]); 74*0caa81c7SAndreas Gohr 75*0caa81c7SAndreas Gohr if ($ok && $notify) { 76*0caa81c7SAndreas Gohr auth_sendPassword($user, $password); 77*0caa81c7SAndreas Gohr } 78*0caa81c7SAndreas Gohr 79*0caa81c7SAndreas Gohr return $ok; 80*0caa81c7SAndreas Gohr } 81*0caa81c7SAndreas Gohr 82*0caa81c7SAndreas Gohr 83*0caa81c7SAndreas Gohr /** 84*0caa81c7SAndreas Gohr * Remove a user 85*0caa81c7SAndreas Gohr * 86*0caa81c7SAndreas Gohr * You need to be a superuser to delete users. 87*0caa81c7SAndreas Gohr * 88*0caa81c7SAndreas Gohr * @param string[] $user The login name of the user to delete 89*0caa81c7SAndreas Gohr * @return bool wether the user was successfully deleted 90*0caa81c7SAndreas Gohr * @throws AccessDeniedException 91*0caa81c7SAndreas Gohr * @todo handle error messages from auth backend 92*0caa81c7SAndreas Gohr */ 93*0caa81c7SAndreas Gohr public function deleteUser($user) 94*0caa81c7SAndreas Gohr { 95*0caa81c7SAndreas Gohr if (!auth_isadmin()) { 96*0caa81c7SAndreas Gohr throw new AccessDeniedException('Only admins are allowed to delete users', 114); 97*0caa81c7SAndreas Gohr } 98*0caa81c7SAndreas Gohr /** @var AuthPlugin $auth */ 99*0caa81c7SAndreas Gohr global $auth; 100*0caa81c7SAndreas Gohr return (bool)$auth->triggerUserMod('delete', [[$user]]); 101*0caa81c7SAndreas Gohr } 102*0caa81c7SAndreas Gohr} 103