1*2918a769SRobert Czechowski<?php 2*2918a769SRobert Czechowski/** 3*2918a769SRobert Czechowski * django auth backend 4*2918a769SRobert Czechowski * 5*2918a769SRobert Czechowski * Uses external trust mechanism to check against a django session id 6*2918a769SRobert Czechowski * Needs to run python3 to extract user from session data 7*2918a769SRobert Czechowski * 8*2918a769SRobert Czechowski * @author Andreas Gohr <andi@splitbrain.org> 9*2918a769SRobert Czechowski * @author Michael Luggen <michael.luggen at unifr.ch> 10*2918a769SRobert Czechowski * @author Robert Czechowski <zgtm at zgtm.de> 11*2918a769SRobert Czechowski */ 12*2918a769SRobert Czechowski 13*2918a769SRobert Czechowskidefine('DOKU_AUTH', dirname(__FILE__)); 14*2918a769SRobert Czechowskidefine('AUTH_USERFILE',DOKU_CONF.'users.auth.php'); 15*2918a769SRobert Czechowski 16*2918a769SRobert Czechowskiclass auth_plugin_authdjango extends DokuWiki_Auth_Plugin { 17*2918a769SRobert Czechowski 18*2918a769SRobert Czechowski var $dbh = null; // db handle 19*2918a769SRobert Czechowski 20*2918a769SRobert Czechowski /** 21*2918a769SRobert Czechowski * Constructor. 22*2918a769SRobert Czechowski * 23*2918a769SRobert Czechowski * Sets additional capabilities and config strings 24*2918a769SRobert Czechowski * @author Michael Luggen <michael.luggen at rhone.ch> 25*2918a769SRobert Czechowski * @author Robert Czechowski <zgtm at zgtm.de> 26*2918a769SRobert Czechowski */ 27*2918a769SRobert Czechowski function auth_plugin_authdjango(){ 28*2918a769SRobert Czechowski global $conf; 29*2918a769SRobert Czechowski global $config_cascade; 30*2918a769SRobert Czechowski global $dbh; 31*2918a769SRobert Czechowski 32*2918a769SRobert Czechowski $this->cando['external'] = true; 33*2918a769SRobert Czechowski $this->cando['getGroups'] = true; 34*2918a769SRobert Czechowski $this->cando['logout'] = false; 35*2918a769SRobert Czechowski 36*2918a769SRobert Czechowski try { 37*2918a769SRobert Czechowski // Connecting, selecting database 38*2918a769SRobert Czechowski $this->dbh = new PDO($conf['auth']['django']['protocol'] . ':host=' . $conf['auth']['django']['server'] . ';dbname=' . $conf['auth']['django']['db'], $conf['auth']['django']['user'], $conf['auth']['django']['password']); 39*2918a769SRobert Czechowski } catch (PDOException $e) { 40*2918a769SRobert Czechowski msg("Can not connect to database!", -1); 41*2918a769SRobert Czechowski $this->success = false; 42*2918a769SRobert Czechowski } 43*2918a769SRobert Czechowski $this->success = true; 44*2918a769SRobert Czechowski } 45*2918a769SRobert Czechowski 46*2918a769SRobert Czechowski 47*2918a769SRobert Czechowski function trustExternal($user,$pass,$sticky=false){ 48*2918a769SRobert Czechowski global $USERINFO; 49*2918a769SRobert Czechowski global $conf; 50*2918a769SRobert Czechowski global $dbh; 51*2918a769SRobert Czechowski 52*2918a769SRobert Czechowski $sticky ? $sticky = true : $sticky = false; //sanity check 53*2918a769SRobert Czechowski 54*2918a769SRobert Czechowski /** 55*2918a769SRobert Czechowski * Just checks against the django sessionid variable, 56*2918a769SRobert Czechowski * gets user info from django-database 57*2918a769SRobert Czechowski */ 58*2918a769SRobert Czechowski if (isset($_COOKIE['sessionid']) && $this->dbh) { 59*2918a769SRobert Czechowski 60*2918a769SRobert Czechowski $s_id = $_COOKIE['sessionid']; 61*2918a769SRobert Czechowski 62*2918a769SRobert Czechowski // Look the cookie up in the db 63*2918a769SRobert Czechowski $query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;'; 64*2918a769SRobert Czechowski $result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo()); 65*2918a769SRobert Czechowski $ar = $result->fetch(PDO::FETCH_ASSOC); 66*2918a769SRobert Czechowski $session_data = $ar['session_data']; 67*2918a769SRobert Czechowski // TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying 68*2918a769SRobert Czechowski 69*2918a769SRobert Czechowski //decrypting the session_data 70*2918a769SRobert Czechowski $session_json = preg_split('/:/', base64_decode($session_data), 2)[1]; 71*2918a769SRobert Czechowski $userid = json_decode($session_json, true)['_auth_user_id']; 72*2918a769SRobert Czechowski $query2 = 'SELECT username, first_name, last_name, email FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;'; 73*2918a769SRobert Czechowski 74*2918a769SRobert Czechowski $result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo())); 75*2918a769SRobert Czechowski $user = $result2->fetch(PDO::FETCH_ASSOC); 76*2918a769SRobert Czechowski 77*2918a769SRobert Czechowski $username = $user['username']; 78*2918a769SRobert Czechowski $userfullname = $user['first_name'] . " " . $user['last_name']; 79*2918a769SRobert Czechowski $useremail = $user['email']; 80*2918a769SRobert Czechowski 81*2918a769SRobert Czechowski // okay we're logged in - set the globals 82*2918a769SRobert Czechowski $groups = $this->_getUserGroups($username); 83*2918a769SRobert Czechowski 84*2918a769SRobert Czechowski $USERINFO['name'] = $username; 85*2918a769SRobert Czechowski $USERINFO['pass'] = ''; 86*2918a769SRobert Czechowski $USERINFO['mail'] = $useremail; 87*2918a769SRobert Czechowski $groups[] = 'user'; 88*2918a769SRobert Czechowski $USERINFO['grps'] = $groups; 89*2918a769SRobert Czechowski 90*2918a769SRobert Czechowski $_SERVER['REMOTE_USER'] = $username; 91*2918a769SRobert Czechowski 92*2918a769SRobert Czechowski $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; 93*2918a769SRobert Czechowski $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 94*2918a769SRobert Czechowski 95*2918a769SRobert Czechowski return true; 96*2918a769SRobert Czechowski } 97*2918a769SRobert Czechowski return false; 98*2918a769SRobert Czechowski } 99*2918a769SRobert Czechowski 100*2918a769SRobert Czechowski function _getUserGroups($user){ 101*2918a769SRobert Czechowski $query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;'; 102*2918a769SRobert Czechowski 103*2918a769SRobert Czechowski $result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo()); 104*2918a769SRobert Czechowski $a = 0; 105*2918a769SRobert Czechowski foreach ($result as $row) { 106*2918a769SRobert Czechowski $groups[$a] = $row[0]; 107*2918a769SRobert Czechowski $a++; 108*2918a769SRobert Czechowski }; 109*2918a769SRobert Czechowski 110*2918a769SRobert Czechowski return $groups; 111*2918a769SRobert Czechowski } 112*2918a769SRobert Czechowski 113*2918a769SRobert Czechowski function retrieveGroups($start=0,$limit=0){ 114*2918a769SRobert Czechowski $query = 'SELECT auth_group.name FROM auth_group'; 115*2918a769SRobert Czechowski 116*2918a769SRobert Czechowski $result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo()); 117*2918a769SRobert Czechowski $a = 0; 118*2918a769SRobert Czechowski foreach ($result as $row) { 119*2918a769SRobert Czechowski $groups[$a] = $row[0]; 120*2918a769SRobert Czechowski $a++; 121*2918a769SRobert Czechowski }; 122*2918a769SRobert Czechowski 123*2918a769SRobert Czechowski return $groups; 124*2918a769SRobert Czechowski } 125*2918a769SRobert Czechowski 126*2918a769SRobert Czechowski function __destruct() { 127*2918a769SRobert Czechowski $this->dbh = null; 128*2918a769SRobert Czechowski } 129*2918a769SRobert Czechowski} 130