12918a769SRobert Czechowski<?php 22918a769SRobert Czechowski/** 32918a769SRobert Czechowski * django auth backend 42918a769SRobert Czechowski * 52918a769SRobert Czechowski * Uses external trust mechanism to check against a django session id 62918a769SRobert Czechowski * Needs to run python3 to extract user from session data 72918a769SRobert Czechowski * 82918a769SRobert Czechowski * @author Andreas Gohr <andi@splitbrain.org> 92918a769SRobert Czechowski * @author Michael Luggen <michael.luggen at unifr.ch> 102918a769SRobert Czechowski * @author Robert Czechowski <zgtm at zgtm.de> 112918a769SRobert Czechowski */ 122918a769SRobert Czechowski 132918a769SRobert Czechowskidefine('DOKU_AUTH', dirname(__FILE__)); 142918a769SRobert Czechowskidefine('AUTH_USERFILE',DOKU_CONF.'users.auth.php'); 152918a769SRobert Czechowski 162918a769SRobert Czechowskiclass auth_plugin_authdjango extends DokuWiki_Auth_Plugin { 172918a769SRobert Czechowski 182918a769SRobert Czechowski var $dbh = null; // db handle 192918a769SRobert Czechowski 202918a769SRobert Czechowski /** 212918a769SRobert Czechowski * Constructor. 222918a769SRobert Czechowski * 232918a769SRobert Czechowski * Sets additional capabilities and config strings 242918a769SRobert Czechowski * @author Michael Luggen <michael.luggen at rhone.ch> 252918a769SRobert Czechowski * @author Robert Czechowski <zgtm at zgtm.de> 262918a769SRobert Czechowski */ 272918a769SRobert Czechowski function auth_plugin_authdjango(){ 282918a769SRobert Czechowski global $conf; 292918a769SRobert Czechowski global $config_cascade; 302918a769SRobert Czechowski global $dbh; 312918a769SRobert Czechowski 322918a769SRobert Czechowski $this->cando['external'] = true; 332918a769SRobert Czechowski $this->cando['getGroups'] = true; 342918a769SRobert Czechowski $this->cando['logout'] = false; 352918a769SRobert Czechowski 362918a769SRobert Czechowski try { 372918a769SRobert Czechowski // Connecting, selecting database 38*53a02df5SRobert Czechowski if ($conf['auth']['django']['protocol'] == 'sqlite') { 39*53a02df5SRobert Czechowski $this->dbh = new PDO('sqlite:' . $conf['auth']['django']['server']); 40*53a02df5SRobert Czechowski } 41*53a02df5SRobert Czechowski else { 422918a769SRobert Czechowski $this->dbh = new PDO($conf['auth']['django']['protocol'] . ':host=' . $conf['auth']['django']['server'] . ';dbname=' . $conf['auth']['django']['db'], $conf['auth']['django']['user'], $conf['auth']['django']['password']); 43*53a02df5SRobert Czechowski } 44*53a02df5SRobert Czechowski 452918a769SRobert Czechowski } catch (PDOException $e) { 462918a769SRobert Czechowski msg("Can not connect to database!", -1); 472918a769SRobert Czechowski $this->success = false; 482918a769SRobert Czechowski } 492918a769SRobert Czechowski $this->success = true; 502918a769SRobert Czechowski } 512918a769SRobert Czechowski 522918a769SRobert Czechowski 532918a769SRobert Czechowski function trustExternal($user,$pass,$sticky=false){ 542918a769SRobert Czechowski global $USERINFO; 552918a769SRobert Czechowski global $conf; 562918a769SRobert Czechowski global $dbh; 572918a769SRobert Czechowski 582918a769SRobert Czechowski $sticky ? $sticky = true : $sticky = false; //sanity check 592918a769SRobert Czechowski 602918a769SRobert Czechowski /** 612918a769SRobert Czechowski * Just checks against the django sessionid variable, 622918a769SRobert Czechowski * gets user info from django-database 632918a769SRobert Czechowski */ 642918a769SRobert Czechowski if (isset($_COOKIE['sessionid']) && $this->dbh) { 652918a769SRobert Czechowski 662918a769SRobert Czechowski $s_id = $_COOKIE['sessionid']; 672918a769SRobert Czechowski 682918a769SRobert Czechowski // Look the cookie up in the db 692918a769SRobert Czechowski $query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;'; 702918a769SRobert Czechowski $result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo()); 712918a769SRobert Czechowski $ar = $result->fetch(PDO::FETCH_ASSOC); 722918a769SRobert Czechowski $session_data = $ar['session_data']; 732918a769SRobert Czechowski // TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying 742918a769SRobert Czechowski 752918a769SRobert Czechowski //decrypting the session_data 762918a769SRobert Czechowski $session_json = preg_split('/:/', base64_decode($session_data), 2)[1]; 772918a769SRobert Czechowski $userid = json_decode($session_json, true)['_auth_user_id']; 782918a769SRobert Czechowski $query2 = 'SELECT username, first_name, last_name, email FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;'; 792918a769SRobert Czechowski 802918a769SRobert Czechowski $result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo())); 812918a769SRobert Czechowski $user = $result2->fetch(PDO::FETCH_ASSOC); 822918a769SRobert Czechowski 832918a769SRobert Czechowski $username = $user['username']; 842918a769SRobert Czechowski $userfullname = $user['first_name'] . " " . $user['last_name']; 852918a769SRobert Czechowski $useremail = $user['email']; 862918a769SRobert Czechowski 872918a769SRobert Czechowski // okay we're logged in - set the globals 882918a769SRobert Czechowski $groups = $this->_getUserGroups($username); 892918a769SRobert Czechowski 902918a769SRobert Czechowski $USERINFO['name'] = $username; 912918a769SRobert Czechowski $USERINFO['pass'] = ''; 922918a769SRobert Czechowski $USERINFO['mail'] = $useremail; 932918a769SRobert Czechowski $groups[] = 'user'; 942918a769SRobert Czechowski $USERINFO['grps'] = $groups; 952918a769SRobert Czechowski 962918a769SRobert Czechowski $_SERVER['REMOTE_USER'] = $username; 972918a769SRobert Czechowski 982918a769SRobert Czechowski $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; 992918a769SRobert Czechowski $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 1002918a769SRobert Czechowski 1012918a769SRobert Czechowski return true; 1022918a769SRobert Czechowski } 1032918a769SRobert Czechowski return false; 1042918a769SRobert Czechowski } 1052918a769SRobert Czechowski 1062918a769SRobert Czechowski function _getUserGroups($user){ 1072918a769SRobert Czechowski $query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;'; 1082918a769SRobert Czechowski 1092918a769SRobert Czechowski $result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo()); 1102918a769SRobert Czechowski $a = 0; 1112918a769SRobert Czechowski foreach ($result as $row) { 1122918a769SRobert Czechowski $groups[$a] = $row[0]; 1132918a769SRobert Czechowski $a++; 1142918a769SRobert Czechowski }; 1152918a769SRobert Czechowski 1162918a769SRobert Czechowski return $groups; 1172918a769SRobert Czechowski } 1182918a769SRobert Czechowski 1192918a769SRobert Czechowski function retrieveGroups($start=0,$limit=0){ 1202918a769SRobert Czechowski $query = 'SELECT auth_group.name FROM auth_group'; 1212918a769SRobert Czechowski 1222918a769SRobert Czechowski $result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo()); 1232918a769SRobert Czechowski $a = 0; 1242918a769SRobert Czechowski foreach ($result as $row) { 1252918a769SRobert Czechowski $groups[$a] = $row[0]; 1262918a769SRobert Czechowski $a++; 1272918a769SRobert Czechowski }; 1282918a769SRobert Czechowski 1292918a769SRobert Czechowski return $groups; 1302918a769SRobert Czechowski } 1312918a769SRobert Czechowski 1322918a769SRobert Czechowski function __destruct() { 1332918a769SRobert Czechowski $this->dbh = null; 1342918a769SRobert Czechowski } 1352918a769SRobert Czechowski} 136