10caa81c7SAndreas Gohr<?php 20caa81c7SAndreas Gohr 30caa81c7SAndreas Gohruse dokuwiki\Extension\AuthPlugin; 40caa81c7SAndreas Gohruse dokuwiki\Extension\RemotePlugin; 50caa81c7SAndreas Gohruse dokuwiki\Remote\AccessDeniedException; 60caa81c7SAndreas Gohruse dokuwiki\Remote\RemoteException; 70caa81c7SAndreas Gohr 80caa81c7SAndreas Gohr/** 90caa81c7SAndreas Gohr * DokuWiki Plugin usermanager (Action Component) 100caa81c7SAndreas Gohr * 110caa81c7SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 120caa81c7SAndreas Gohr * @author Chris Smith <chris@jalakai.co.uk> 130caa81c7SAndreas Gohr */ 140caa81c7SAndreas Gohrclass remote_plugin_usermanager extends RemotePlugin 150caa81c7SAndreas Gohr{ 160caa81c7SAndreas Gohr 170caa81c7SAndreas Gohr /** 180caa81c7SAndreas Gohr * Create a new user 190caa81c7SAndreas Gohr * 200caa81c7SAndreas Gohr * If no password is provided, a password is auto generated. If the user can't be created 210caa81c7SAndreas Gohr * by the auth backend a return value of `false` is returned. You need to check this return 220caa81c7SAndreas Gohr * value rather than relying on the error code only. 230caa81c7SAndreas Gohr * 240caa81c7SAndreas Gohr * Superuser permission are required to create users. 250caa81c7SAndreas Gohr * 260caa81c7SAndreas Gohr * @param string $user The user's login name 270caa81c7SAndreas Gohr * @param string $name The user's full name 280caa81c7SAndreas Gohr * @param string $mail The user's email address 290caa81c7SAndreas Gohr * @param string[] $groups The groups the user should be in 300caa81c7SAndreas Gohr * @param string $password The user's password, empty for autogeneration 310caa81c7SAndreas Gohr * @param bool $notify Whether to send a notification email to the user 320caa81c7SAndreas Gohr * @return bool Wether the user was successfully created 330caa81c7SAndreas Gohr * @throws AccessDeniedException 340caa81c7SAndreas Gohr * @throws RemoteException 350caa81c7SAndreas Gohr * @todo handle error messages from auth backend 360caa81c7SAndreas Gohr */ 370caa81c7SAndreas Gohr public function createUser($user, $name, $mail, $groups, $password = '', $notify = false) 380caa81c7SAndreas Gohr { 390caa81c7SAndreas Gohr if (!auth_isadmin()) { 400caa81c7SAndreas Gohr throw new AccessDeniedException('Only admins are allowed to create users', 114); 410caa81c7SAndreas Gohr } 420caa81c7SAndreas Gohr 430caa81c7SAndreas Gohr /** @var AuthPlugin $auth */ 440caa81c7SAndreas Gohr global $auth; 450caa81c7SAndreas Gohr 460caa81c7SAndreas Gohr if (!$auth->canDo('addUser')) { 470caa81c7SAndreas Gohr throw new AccessDeniedException( 480caa81c7SAndreas Gohr sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()), 49*cad27e80SAndreas Gohr 404 500caa81c7SAndreas Gohr ); 510caa81c7SAndreas Gohr } 520caa81c7SAndreas Gohr 530caa81c7SAndreas Gohr $user = trim($auth->cleanUser($user)); 540caa81c7SAndreas Gohr $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name)); 550caa81c7SAndreas Gohr $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail)); 560caa81c7SAndreas Gohr 570caa81c7SAndreas Gohr if ($user === '') throw new RemoteException('empty or invalid user', 401); 580caa81c7SAndreas Gohr if ($name === '') throw new RemoteException('empty or invalid user name', 402); 590caa81c7SAndreas Gohr if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403); 600caa81c7SAndreas Gohr 610caa81c7SAndreas Gohr if ((string)$password === '') { 620caa81c7SAndreas Gohr try { 630caa81c7SAndreas Gohr $password = auth_pwgen($user); 640caa81c7SAndreas Gohr } catch (\Exception $e) { 65*cad27e80SAndreas Gohr throw new RemoteException('Could not generate password', 405); 660caa81c7SAndreas Gohr } 670caa81c7SAndreas Gohr } 680caa81c7SAndreas Gohr 690caa81c7SAndreas Gohr if (!is_array($groups) || $groups === []) { 700caa81c7SAndreas Gohr $groups = null; 710caa81c7SAndreas Gohr } 720caa81c7SAndreas Gohr 730caa81c7SAndreas Gohr $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]); 740caa81c7SAndreas Gohr 750caa81c7SAndreas Gohr if ($ok && $notify) { 760caa81c7SAndreas Gohr auth_sendPassword($user, $password); 770caa81c7SAndreas Gohr } 780caa81c7SAndreas Gohr 790caa81c7SAndreas Gohr return $ok; 800caa81c7SAndreas Gohr } 810caa81c7SAndreas Gohr 820caa81c7SAndreas Gohr 830caa81c7SAndreas Gohr /** 840caa81c7SAndreas Gohr * Remove a user 850caa81c7SAndreas Gohr * 860caa81c7SAndreas Gohr * You need to be a superuser to delete users. 870caa81c7SAndreas Gohr * 880caa81c7SAndreas Gohr * @param string[] $user The login name of the user to delete 890caa81c7SAndreas Gohr * @return bool wether the user was successfully deleted 900caa81c7SAndreas Gohr * @throws AccessDeniedException 910caa81c7SAndreas Gohr * @todo handle error messages from auth backend 920caa81c7SAndreas Gohr */ 930caa81c7SAndreas Gohr public function deleteUser($user) 940caa81c7SAndreas Gohr { 950caa81c7SAndreas Gohr if (!auth_isadmin()) { 960caa81c7SAndreas Gohr throw new AccessDeniedException('Only admins are allowed to delete users', 114); 970caa81c7SAndreas Gohr } 98*cad27e80SAndreas Gohr 99*cad27e80SAndreas Gohr global $auth; 100*cad27e80SAndreas Gohr if (!$auth->canDo('delUser')) { 101*cad27e80SAndreas Gohr throw new AccessDeniedException( 102*cad27e80SAndreas Gohr sprintf('Authentication backend %s can\'t do delUser', $auth->getPluginName()), 103*cad27e80SAndreas Gohr 404 104*cad27e80SAndreas Gohr ); 105*cad27e80SAndreas Gohr } 106*cad27e80SAndreas Gohr 1070caa81c7SAndreas Gohr /** @var AuthPlugin $auth */ 1080caa81c7SAndreas Gohr global $auth; 1090caa81c7SAndreas Gohr return (bool)$auth->triggerUserMod('delete', [[$user]]); 1100caa81c7SAndreas Gohr } 1110caa81c7SAndreas Gohr} 112