xref: /plugin/authdjango/auth.php (revision 53a02df581403988400eb6881366afb32ac4a5cc) 
1<?php
2/**
3 * django auth backend
4 *
5 * Uses external trust mechanism to check against a django session id
6 * Needs to run python3 to extract user from session data
7 *
8 * @author    Andreas Gohr <andi@splitbrain.org>
9 * @author    Michael Luggen <michael.luggen at unifr.ch>
10 * @author    Robert Czechowski <zgtm at zgtm.de>
11 */
12
13define('DOKU_AUTH', dirname(__FILE__));
14define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
15
16class auth_plugin_authdjango extends DokuWiki_Auth_Plugin  {
17
18    var $dbh = null; // db handle
19
20    /**
21     * Constructor.
22     *
23     * Sets additional capabilities and config strings
24     * @author    Michael Luggen <michael.luggen at rhone.ch>
25     * @author    Robert Czechowski <zgtm at zgtm.de>
26     */
27    function auth_plugin_authdjango(){
28        global $conf;
29        global $config_cascade;
30        global $dbh;
31
32        $this->cando['external'] = true;
33        $this->cando['getGroups'] = true;
34        $this->cando['logout'] = false;
35
36        try {
37            // Connecting, selecting database
38            if ($conf['auth']['django']['protocol'] == 'sqlite') {
39                $this->dbh = new PDO('sqlite:' . $conf['auth']['django']['server']);
40            }
41            else {
42                $this->dbh = new PDO($conf['auth']['django']['protocol'] . ':host=' . $conf['auth']['django']['server'] . ';dbname=' . $conf['auth']['django']['db'], $conf['auth']['django']['user'], $conf['auth']['django']['password']);
43            }
44
45        } catch (PDOException $e) {
46            msg("Can not connect to database!", -1);
47            $this->success = false;
48        }
49        $this->success = true;
50    }
51
52
53    function trustExternal($user,$pass,$sticky=false){
54        global $USERINFO;
55        global $conf;
56        global $dbh;
57
58        $sticky ? $sticky = true : $sticky = false; //sanity check
59
60        /**
61         * Just checks against the django sessionid variable,
62         * gets user info from django-database
63         */
64        if (isset($_COOKIE['sessionid']) && $this->dbh) {
65
66            $s_id =  $_COOKIE['sessionid'];
67
68            // Look the cookie up in the db
69            $query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;';
70            $result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo());
71            $ar = $result->fetch(PDO::FETCH_ASSOC);
72            $session_data = $ar['session_data'];
73            // TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying
74
75            //decrypting the session_data
76            $session_json = preg_split('/:/', base64_decode($session_data), 2)[1];
77            $userid = json_decode($session_json, true)['_auth_user_id'];
78            $query2 = 'SELECT username, first_name, last_name, email FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;';
79
80            $result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo()));
81            $user = $result2->fetch(PDO::FETCH_ASSOC);
82
83            $username =  $user['username'];
84            $userfullname = $user['first_name'] . " " . $user['last_name'];
85            $useremail = $user['email'];
86
87            // okay we're logged in - set the globals
88            $groups = $this->_getUserGroups($username);
89
90            $USERINFO['name'] = $username;
91            $USERINFO['pass'] = '';
92            $USERINFO['mail'] = $useremail;
93            $groups[] = 'user';
94            $USERINFO['grps'] = $groups;
95
96            $_SERVER['REMOTE_USER'] = $username;
97
98            $_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
99            $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
100
101            return true;
102        }
103        return false;
104    }
105
106    function _getUserGroups($user){
107        $query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;';
108
109        $result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo());
110        $a = 0;
111        foreach ($result as $row) {
112            $groups[$a] = $row[0];
113            $a++;
114        };
115
116        return $groups;
117    }
118
119    function retrieveGroups($start=0,$limit=0){
120        $query = 'SELECT auth_group.name FROM auth_group';
121
122        $result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo());
123        $a = 0;
124        foreach ($result as $row) {
125            $groups[$a] = $row[0];
126            $a++;
127        };
128
129        return $groups;
130    }
131
132    function __destruct() {
133        $this->dbh = null;
134    }
135}
136