1<?php 2/** 3 * django auth backend 4 * 5 * Uses external trust mechanism to check against a django session id 6 * Needs to run python3 to extract user from session data 7 * 8 * @author Andreas Gohr <andi@splitbrain.org> 9 * @author Michael Luggen <michael.luggen at unifr.ch> 10 * @author Robert Czechowski <zgtm at zgtm.de> 11 */ 12 13define('DOKU_AUTH', dirname(__FILE__)); 14define('AUTH_USERFILE',DOKU_CONF.'users.auth.php'); 15 16class auth_plugin_authdjango extends DokuWiki_Auth_Plugin { 17 18 var $dbh = null; // db handle 19 20 /** 21 * Constructor. 22 * 23 * Sets additional capabilities and config strings 24 * @author Michael Luggen <michael.luggen at rhone.ch> 25 * @author Robert Czechowski <zgtm at zgtm.de> 26 */ 27 function auth_plugin_authdjango(){ 28 global $conf; 29 global $config_cascade; 30 global $dbh; 31 32 $this->cando['external'] = true; 33 $this->cando['getGroups'] = true; 34 $this->cando['logout'] = false; 35 36 try { 37 // Connecting, selecting database 38 $this->dbh = new PDO($conf['auth']['django']['protocol'] . ':host=' . $conf['auth']['django']['server'] . ';dbname=' . $conf['auth']['django']['db'], $conf['auth']['django']['user'], $conf['auth']['django']['password']); 39 } catch (PDOException $e) { 40 msg("Can not connect to database!", -1); 41 $this->success = false; 42 } 43 $this->success = true; 44 } 45 46 47 function trustExternal($user,$pass,$sticky=false){ 48 global $USERINFO; 49 global $conf; 50 global $dbh; 51 52 $sticky ? $sticky = true : $sticky = false; //sanity check 53 54 /** 55 * Just checks against the django sessionid variable, 56 * gets user info from django-database 57 */ 58 if (isset($_COOKIE['sessionid']) && $this->dbh) { 59 60 $s_id = $_COOKIE['sessionid']; 61 62 // Look the cookie up in the db 63 $query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;'; 64 $result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo()); 65 $ar = $result->fetch(PDO::FETCH_ASSOC); 66 $session_data = $ar['session_data']; 67 // TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying 68 69 //decrypting the session_data 70 $session_json = preg_split('/:/', base64_decode($session_data), 2)[1]; 71 $userid = json_decode($session_json, true)['_auth_user_id']; 72 $query2 = 'SELECT username, first_name, last_name, email FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;'; 73 74 $result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo())); 75 $user = $result2->fetch(PDO::FETCH_ASSOC); 76 77 $username = $user['username']; 78 $userfullname = $user['first_name'] . " " . $user['last_name']; 79 $useremail = $user['email']; 80 81 // okay we're logged in - set the globals 82 $groups = $this->_getUserGroups($username); 83 84 $USERINFO['name'] = $username; 85 $USERINFO['pass'] = ''; 86 $USERINFO['mail'] = $useremail; 87 $groups[] = 'user'; 88 $USERINFO['grps'] = $groups; 89 90 $_SERVER['REMOTE_USER'] = $username; 91 92 $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; 93 $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 94 95 return true; 96 } 97 return false; 98 } 99 100 function _getUserGroups($user){ 101 $query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;'; 102 103 $result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo()); 104 $a = 0; 105 foreach ($result as $row) { 106 $groups[$a] = $row[0]; 107 $a++; 108 }; 109 110 return $groups; 111 } 112 113 function retrieveGroups($start=0,$limit=0){ 114 $query = 'SELECT auth_group.name FROM auth_group'; 115 116 $result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo()); 117 $a = 0; 118 foreach ($result as $row) { 119 $groups[$a] = $row[0]; 120 $a++; 121 }; 122 123 return $groups; 124 } 125 126 function __destruct() { 127 $this->dbh = null; 128 } 129} 130