10caa81c7SAndreas Gohr<?php 20caa81c7SAndreas Gohr 30caa81c7SAndreas Gohruse dokuwiki\Extension\AuthPlugin; 40caa81c7SAndreas Gohruse dokuwiki\Extension\RemotePlugin; 50caa81c7SAndreas Gohruse dokuwiki\Remote\AccessDeniedException; 60caa81c7SAndreas Gohruse dokuwiki\Remote\RemoteException; 70caa81c7SAndreas Gohr 80caa81c7SAndreas Gohr/** 90caa81c7SAndreas Gohr * DokuWiki Plugin usermanager (Action Component) 100caa81c7SAndreas Gohr * 110caa81c7SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 120caa81c7SAndreas Gohr * @author Chris Smith <chris@jalakai.co.uk> 130caa81c7SAndreas Gohr */ 140caa81c7SAndreas Gohrclass remote_plugin_usermanager extends RemotePlugin 150caa81c7SAndreas Gohr{ 160caa81c7SAndreas Gohr /** 170caa81c7SAndreas Gohr * Create a new user 180caa81c7SAndreas Gohr * 190caa81c7SAndreas Gohr * If no password is provided, a password is auto generated. If the user can't be created 200caa81c7SAndreas Gohr * by the auth backend a return value of `false` is returned. You need to check this return 210caa81c7SAndreas Gohr * value rather than relying on the error code only. 220caa81c7SAndreas Gohr * 230caa81c7SAndreas Gohr * Superuser permission are required to create users. 240caa81c7SAndreas Gohr * 250caa81c7SAndreas Gohr * @param string $user The user's login name 260caa81c7SAndreas Gohr * @param string $name The user's full name 270caa81c7SAndreas Gohr * @param string $mail The user's email address 280caa81c7SAndreas Gohr * @param string[] $groups The groups the user should be in 290caa81c7SAndreas Gohr * @param string $password The user's password, empty for autogeneration 300caa81c7SAndreas Gohr * @param bool $notify Whether to send a notification email to the user 310caa81c7SAndreas Gohr * @return bool Wether the user was successfully created 320caa81c7SAndreas Gohr * @throws AccessDeniedException 330caa81c7SAndreas Gohr * @throws RemoteException 340caa81c7SAndreas Gohr * @todo handle error messages from auth backend 350caa81c7SAndreas Gohr */ 360caa81c7SAndreas Gohr public function createUser($user, $name, $mail, $groups, $password = '', $notify = false) 370caa81c7SAndreas Gohr { 380caa81c7SAndreas Gohr if (!auth_isadmin()) { 390caa81c7SAndreas Gohr throw new AccessDeniedException('Only admins are allowed to create users', 114); 400caa81c7SAndreas Gohr } 410caa81c7SAndreas Gohr 420caa81c7SAndreas Gohr /** @var AuthPlugin $auth */ 430caa81c7SAndreas Gohr global $auth; 440caa81c7SAndreas Gohr 450caa81c7SAndreas Gohr if (!$auth->canDo('addUser')) { 460caa81c7SAndreas Gohr throw new AccessDeniedException( 470caa81c7SAndreas Gohr sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()), 48*cad27e80SAndreas Gohr 404 490caa81c7SAndreas Gohr ); 500caa81c7SAndreas Gohr } 510caa81c7SAndreas Gohr 520caa81c7SAndreas Gohr $user = trim($auth->cleanUser($user)); 530caa81c7SAndreas Gohr $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name)); 540caa81c7SAndreas Gohr $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail)); 550caa81c7SAndreas Gohr 560caa81c7SAndreas Gohr if ($user === '') throw new RemoteException('empty or invalid user', 401); 570caa81c7SAndreas Gohr if ($name === '') throw new RemoteException('empty or invalid user name', 402); 580caa81c7SAndreas Gohr if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403); 590caa81c7SAndreas Gohr 600caa81c7SAndreas Gohr if ((string)$password === '') { 610caa81c7SAndreas Gohr try { 620caa81c7SAndreas Gohr $password = auth_pwgen($user); 630caa81c7SAndreas Gohr } catch (\Exception $e) { 64*cad27e80SAndreas Gohr throw new RemoteException('Could not generate password', 405); 650caa81c7SAndreas Gohr } 660caa81c7SAndreas Gohr } 670caa81c7SAndreas Gohr 680caa81c7SAndreas Gohr if (!is_array($groups) || $groups === []) { 690caa81c7SAndreas Gohr $groups = null; 700caa81c7SAndreas Gohr } 710caa81c7SAndreas Gohr 720caa81c7SAndreas Gohr $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]); 730caa81c7SAndreas Gohr 740caa81c7SAndreas Gohr if ($ok && $notify) { 750caa81c7SAndreas Gohr auth_sendPassword($user, $password); 760caa81c7SAndreas Gohr } 770caa81c7SAndreas Gohr 780caa81c7SAndreas Gohr return $ok; 790caa81c7SAndreas Gohr } 800caa81c7SAndreas Gohr 810caa81c7SAndreas Gohr 820caa81c7SAndreas Gohr /** 830caa81c7SAndreas Gohr * Remove a user 840caa81c7SAndreas Gohr * 850caa81c7SAndreas Gohr * You need to be a superuser to delete users. 860caa81c7SAndreas Gohr * 870caa81c7SAndreas Gohr * @param string[] $user The login name of the user to delete 880caa81c7SAndreas Gohr * @return bool wether the user was successfully deleted 890caa81c7SAndreas Gohr * @throws AccessDeniedException 900caa81c7SAndreas Gohr * @todo handle error messages from auth backend 910caa81c7SAndreas Gohr */ 920caa81c7SAndreas Gohr public function deleteUser($user) 930caa81c7SAndreas Gohr { 940caa81c7SAndreas Gohr if (!auth_isadmin()) { 950caa81c7SAndreas Gohr throw new AccessDeniedException('Only admins are allowed to delete users', 114); 960caa81c7SAndreas Gohr } 97*cad27e80SAndreas Gohr 98*cad27e80SAndreas Gohr global $auth; 99*cad27e80SAndreas Gohr if (!$auth->canDo('delUser')) { 100*cad27e80SAndreas Gohr throw new AccessDeniedException( 101*cad27e80SAndreas Gohr sprintf('Authentication backend %s can\'t do delUser', $auth->getPluginName()), 102*cad27e80SAndreas Gohr 404 103*cad27e80SAndreas Gohr ); 104*cad27e80SAndreas Gohr } 105*cad27e80SAndreas Gohr 1060caa81c7SAndreas Gohr /** @var AuthPlugin $auth */ 1070caa81c7SAndreas Gohr global $auth; 1080caa81c7SAndreas Gohr return (bool)$auth->triggerUserMod('delete', [[$user]]); 1090caa81c7SAndreas Gohr } 1100caa81c7SAndreas Gohr} 111