1<?php
2/**
3 * django auth backend
4 *
5 * Uses external trust mechanism to check against a django session id
6 * Needs to run python3 to extract user from session data
7 *
8 * @author    Andreas Gohr <andi@splitbrain.org>
9 * @author    Michael Luggen <michael.luggen at unifr.ch>
10 * @author    Robert Czechowski <zgtm at zgtm.de>
11 */
12
13define('DOKU_AUTH', dirname(__FILE__));
14define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
15
16class auth_plugin_authdjango extends DokuWiki_Auth_Plugin  {
17
18    var $dbh = null; // db handle
19
20    /**
21     * Constructor.
22     *
23     * Sets additional capabilities and config strings
24     * @author    Michael Luggen <michael.luggen at rhone.ch>
25     * @author    Robert Czechowski <zgtm at zgtm.de>
26     */
27    function auth_plugin_authdjango(){
28        global $config_cascade;
29        global $dbh;
30
31        $this->cando['external'] = true;
32        $this->cando['getGroups'] = true;
33        $this->cando['logout'] = false;
34
35        try {
36            // Connecting, selecting database
37            if ($this->getConf('protocol') == 'sqlite') {
38                $this->dbh = new PDO('sqlite:' . $this->getConf('server'));
39            }
40            else {
41                $this->dbh = new PDO($this->getConf('protocol') . ':host=' . $this->getConf('server') . ';dbname=' . $this->getConf('db'), $this->getConf('user'), $this->getConf('password'));
42            }
43
44        } catch (PDOException $e) {
45            msg("Can not connect to database!", -1);
46            $this->success = false;
47        }
48        $this->success = true;
49    }
50
51
52    function trustExternal($user,$pass,$sticky=false){
53        global $USERINFO;
54        global $conf;
55        global $dbh;
56
57        $sticky ? $sticky = true : $sticky = false; //sanity check
58
59        /**
60         * Just checks against the django sessionid variable,
61         * gets user info from django-database
62         */
63        if (isset($_COOKIE['sessionid']) && $this->dbh) {
64
65            $s_id =  $_COOKIE['sessionid'];
66
67            // Look the cookie up in the db
68            $query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;';
69            $result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo());
70            $ar = $result->fetch(PDO::FETCH_ASSOC);
71            $session_data = $ar['session_data'];
72            // TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying
73
74            //decrypting the session_data
75            $session_json = preg_split('/:/', base64_decode($session_data), 2)[1];
76            $userid = json_decode($session_json, true)['_auth_user_id'];
77            $query2 = 'SELECT username, first_name, last_name, email FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;';
78
79            $result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo()));
80            $user = $result2->fetch(PDO::FETCH_ASSOC);
81
82            $username =  $user['username'];
83            $userfullname = $user['first_name'] . " " . $user['last_name'];
84            $useremail = $user['email'];
85
86            // okay we're logged in - set the globals
87            $groups = $this->_getUserGroups($username);
88
89            $USERINFO['name'] = $username;
90            $USERINFO['pass'] = '';
91            $USERINFO['mail'] = $useremail;
92            $groups[] = 'user';
93            $USERINFO['grps'] = $groups;
94
95            $_SERVER['REMOTE_USER'] = $username;
96
97            $_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
98            $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
99
100            return true;
101        }
102        return false;
103    }
104
105    function _getUserGroups($user){
106        $query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;';
107
108        $result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo());
109        $a = 0;
110        foreach ($result as $row) {
111            $groups[$a] = $row[0];
112            $a++;
113        };
114
115        return $groups;
116    }
117
118    function retrieveGroups($start=0,$limit=0){
119        $query = 'SELECT auth_group.name FROM auth_group';
120
121        $result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo());
122        $a = 0;
123        foreach ($result as $row) {
124            $groups[$a] = $row[0];
125            $a++;
126        };
127
128        return $groups;
129    }
130
131    function __destruct() {
132        $this->dbh = null;
133    }
134}
135