xref: /plugin/authdjango/auth.php (revision 8375d074cf2d45c0aca59c0ff55a766527f0103c) 
1<?php
2/**
3 * django auth backend
4 *
5 * @author    Andreas Gohr <andi@splitbrain.org>
6 * @author    Michael Luggen <michael.luggen at unifr.ch>
7 * @author    Robert Czechowski <zgtm at zgtm.de>
8 */
9
10define('DOKU_AUTH', dirname(__FILE__));
11define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
12
13class auth_plugin_authdjango extends DokuWiki_Auth_Plugin  {
14
15    var $dbh = null; // db handle
16
17    /**
18     * Constructor.
19     *
20     * Sets additional capabilities and config strings
21     * @author    Michael Luggen <michael.luggen at rhone.ch>
22     * @author    Robert Czechowski <zgtm at zgtm.de>
23     */
24    function auth_plugin_authdjango(){
25        global $config_cascade;
26        global $dbh;
27
28        $this->cando['external'] = true;
29        $this->cando['getGroups'] = true;
30
31        if (!empty($this->getConf('logoff_uri'))) {
32            $this->cando['logout'] = true;
33        }
34
35        try {
36            // Connecting, selecting database
37            if ($this->getConf('protocol') == 'sqlite') {
38                $this->dbh = new PDO('sqlite:' . $this->getConf('server'));
39            }
40            else {
41                $this->dbh = new PDO($this->getConf('protocol') . ':host=' . $this->getConf('server') . ';dbname=' . $this->getConf('db'), $this->getConf('user'), $this->getConf('password'));
42            }
43
44        } catch (PDOException $e) {
45            msg("Can not connect to database!", -1);
46            $this->success = false;
47        }
48        $this->success = true;
49    }
50
51
52    function trustExternal($user,$pass,$sticky=false){
53        global $USERINFO;
54        global $conf;
55        global $dbh;
56
57        $sticky ? $sticky = true : $sticky = false; //sanity check
58
59        /**
60         * Just checks against the django sessionid variable,
61         * gets user info from django-database
62         */
63        if (isset($_COOKIE['sessionid']) && $this->dbh) {
64
65            $s_id =  $_COOKIE['sessionid'];
66
67            // Look the cookie up in the db
68            $query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;';
69            $result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo());
70            $ar = $result->fetch(PDO::FETCH_ASSOC);
71            $session_data = $ar['session_data'];
72
73            // TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying
74            if (strlen($session_data) == 0) {
75                return false;
76            }
77
78            $compressed = false;
79
80            if (str_contains($session_data, ":")) {
81                // New django session encoding since django 4
82                if ($session_data[0] == '.') {
83                    $compressed = true;
84                    $session_data = substr($session_data, 1);
85                }
86
87                $session_json = base64_decode(strtr(preg_split('/:/', $session_data, 2)[0], "-_", "+/"), true);
88
89                if ($compressed) {
90                       $session_json = zlib_decode($session_json);
91                }
92
93            } else {
94                // Old django session enconding until django 3
95                // Decoding the session data:
96
97                $session_json = preg_split('/:/', base64_decode($session_data), 2)[1];
98            }
99            $userid = json_decode($session_json, true)['_auth_user_id'];
100            $query2 = 'SELECT username, first_name, last_name, email FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;';
101
102            $result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo()));
103            $user = $result2->fetch(PDO::FETCH_ASSOC);
104
105            $username =  $user['username'];
106            $userfullname = $user['first_name'] . " " . $user['last_name'];
107            $useremail = $user['email'];
108
109            // okay we're logged in - set the globals
110            $groups = $this->_getUserGroups($username);
111
112            $USERINFO['name'] = $username;
113            $USERINFO['pass'] = '';
114            $USERINFO['mail'] = $useremail;
115            $groups[] = 'user';
116            $USERINFO['grps'] = $groups;
117
118            $_SERVER['REMOTE_USER'] = $username;
119
120            $_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
121            $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
122
123            return true;
124        }
125        return false;
126    }
127
128    function _getUserGroups($user){
129        $query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;';
130
131        $result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo());
132        $a = 0;
133        foreach ($result as $row) {
134            $groups[$a] = $row[0];
135            $a++;
136        };
137
138        return $groups;
139    }
140
141    function retrieveGroups($start=0,$limit=0){
142        $query = 'SELECT auth_group.name FROM auth_group';
143
144        $result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo());
145        $a = 0;
146        foreach ($result as $row) {
147            $groups[$a] = $row[0];
148            $a++;
149        };
150
151        return $groups;
152    }
153
154    function logOff() {
155        header("Location: " . $this->getConf('logoff_uri'));
156        die();
157    }
158
159
160    function __destruct() {
161        $this->dbh = null;
162    }
163}
164