xref: /plugin/authskautis/auth.php (revision 5c420ec990d527f4f13c49dc0c86a2d8d4669f55)
1a4ff4e44SJiri Dorazil<?php
2a4ff4e44SJiri Dorazil
3a4ff4e44SJiri Dorazil/**
4a4ff4e44SJiri Dorazil * DokuWiki Plugin skautis (Auth Component)
5a4ff4e44SJiri Dorazil *
6a4ff4e44SJiri Dorazil * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
7a4ff4e44SJiri Dorazil * @author  Jiri Dorazil <alex@skaut.cz>
8a4ff4e44SJiri Dorazil */
9a4ff4e44SJiri Dorazil
10a4ff4e44SJiri Dorazil// must be run within Dokuwiki
11a4ff4e44SJiri Dorazilif(!defined('DOKU_INC')) die();
12*5c420ec9SJan Staněk
13*5c420ec9SJan Staněkrequire_once 'vendor/autoload.php';
14a4ff4e44SJiri Dorazil
15a4ff4e44SJiri Dorazilglobal $conf;
168a605c6dSJiri Dorazil// define cookie and session id, append server port when securecookie is configured
178a605c6dSJiri Dorazilif (!defined('AUTHSKAUTIS_COOKIE')){
188a605c6dSJiri Dorazil    define('AUTHSKAUTIS_COOKIE', 'SPGG'.md5(DOKU_REL.(($conf['securecookie'])?$_SERVER['SERVER_PORT']:'')));
198a605c6dSJiri Dorazil}
20a4ff4e44SJiri Dorazil
21*5c420ec9SJan Staněk
22a4ff4e44SJiri Dorazilclass auth_plugin_authskautis extends auth_plugin_authplain {
23a4ff4e44SJiri Dorazil
24a4ff4e44SJiri Dorazil    /**
25a4ff4e44SJiri Dorazil     * Constructor.
26a4ff4e44SJiri Dorazil     */
278a605c6dSJiri Dorazil    public function __construct() {
28a4ff4e44SJiri Dorazil        global $config_cascade;
29a4ff4e44SJiri Dorazil        parent::__construct(); // for compatibility
308a605c6dSJiri Dorazil        $this->url = Skautis\Config::URL_PRODUCTION . '/Login/?appid=';
318a605c6dSJiri Dorazil        $this->testUrl = Skautis\Config::URL_TEST . '/Login/?appid=';
32a4ff4e44SJiri Dorazil
33a4ff4e44SJiri Dorazil        $this->success = true;
34a4ff4e44SJiri Dorazil
358a605c6dSJiri Dorazil        $this->cando['addUser']     = true; // can Users be created?
368a605c6dSJiri Dorazil        $this->cando['external']    = true; // does the module do external auth checking?
378a605c6dSJiri Dorazil        $this->cando['logout']      = true; // can the user logout again? (eg. not possible with HTTP auth)
388a605c6dSJiri Dorazil    }
39a4ff4e44SJiri Dorazil
40a4ff4e44SJiri Dorazil    /**
41a4ff4e44SJiri Dorazil     * Do all authentication [ OPTIONAL ]
42a4ff4e44SJiri Dorazil     *
43a4ff4e44SJiri Dorazil     * @param   string  $user    Username
44a4ff4e44SJiri Dorazil     * @param   string  $pass    Cleartext Password
45a4ff4e44SJiri Dorazil     * @param   bool    $sticky  Cookie should not expire
46a4ff4e44SJiri Dorazil     * @return  bool             true on successful auth
47a4ff4e44SJiri Dorazil     */
488a605c6dSJiri Dorazil    public function trustExternal($user, $pass, $sticky = false) {
49a4ff4e44SJiri Dorazil        global $USERINFO;
50a4ff4e44SJiri Dorazil
518a605c6dSJiri Dorazil        //get user info in session
528a605c6dSJiri Dorazil        if (!empty($_SESSION[DOKU_COOKIE]['authskautis']['info'])) {
538a605c6dSJiri Dorazil            $USERINFO['name'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['name'];
548a605c6dSJiri Dorazil            $USERINFO['mail'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['mail'];
558a605c6dSJiri Dorazil            $USERINFO['grps'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['grps'];
568a605c6dSJiri Dorazil            $USERINFO['is_skautis'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['is_skautis'];
578a605c6dSJiri Dorazil            $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['authskautis']['user'];
58a4ff4e44SJiri Dorazil            return true;
598a605c6dSJiri Dorazil        }
60a4ff4e44SJiri Dorazil
618a605c6dSJiri Dorazil        //get form login info
628a605c6dSJiri Dorazil        if(!empty($user)){
638a605c6dSJiri Dorazil            //var_dump($user,$pass);die;
648a605c6dSJiri Dorazil            if($this->checkPass($user,$pass)){
658a605c6dSJiri Dorazil                $uinfo  = $this->getUserData($user);
66a4ff4e44SJiri Dorazil
678a605c6dSJiri Dorazil                //set user info
688a605c6dSJiri Dorazil                $USERINFO['name'] = $uinfo['name'];
698a605c6dSJiri Dorazil                $USERINFO['mail'] = $uinfo['email'];
708a605c6dSJiri Dorazil                $USERINFO['grps'] = $uinfo['grps'];
718a605c6dSJiri Dorazil                $USERINFO['pass'] = $pass;
728a605c6dSJiri Dorazil
738a605c6dSJiri Dorazil                //save data in session
748a605c6dSJiri Dorazil                $_SERVER['REMOTE_USER'] = $uinfo['name'];
758a605c6dSJiri Dorazil                $_SESSION[DOKU_COOKIE]['authskautis']['user'] = $uinfo['name'];
768a605c6dSJiri Dorazil                $_SESSION[DOKU_COOKIE]['authskautis']['info'] = $USERINFO;
778a605c6dSJiri Dorazil
788a605c6dSJiri Dorazil                return true;
798a605c6dSJiri Dorazil            }else{
808a605c6dSJiri Dorazil                //invalid credentials - log off
818a605c6dSJiri Dorazil                msg($this->getLang('badlogin'),-1);
828a605c6dSJiri Dorazil                return false;
838a605c6dSJiri Dorazil            }
848a605c6dSJiri Dorazil        }
858a605c6dSJiri Dorazil
868a605c6dSJiri Dorazil        //$sticky ? $sticky = true : $sticky = false; //sanity check
878a605c6dSJiri Dorazil        if (!empty($_POST)){
888a605c6dSJiri Dorazil
89*5c420ec9SJan Staněk            $skautIsAppId = $this->getConf('skautis_app_id');
908a605c6dSJiri Dorazil            $skautIsTestmode = $this->getConf('skautis_test_mode');
914ffb13b3SJiri Dorazil            $skautIsAllowedAddUser = $this->getConf('skautis_allowed_add_user');
92*5c420ec9SJan Staněk            $skautIs = Skautis\Skautis::getInstance($skautIsAppId,$skautIsTestmode);
938a605c6dSJiri Dorazil            $skautIs->setLoginData($_POST);
948a605c6dSJiri Dorazil
95*5c420ec9SJan Staněk            $skautIsUser = $skautIs->getUser();
968a605c6dSJiri Dorazil
97*5c420ec9SJan Staněk            if ($skautIsUser->isLoggedIn(true)) {
988a605c6dSJiri Dorazil                $userData = $skautIs->user->userDetail();
998a605c6dSJiri Dorazil                $token = $skautIs->getUser()->getLoginId();
100*5c420ec9SJan Staněk                $person = $skautIs->org->PersonDetail(['ID_Login' => $token, 'ID' => $userData->ID_Person]);
101*5c420ec9SJan Staněk                $skautIsEmail = $person->Email;
102*5c420ec9SJan Staněk                $skautIsUsername = $person->FirstName . ' ' . $person->LastName;
1038a605c6dSJiri Dorazil
1048a605c6dSJiri Dorazil                $login = 'skautis'.$userData->ID;
1058a605c6dSJiri Dorazil                $udata = $this->getUserData($login);
1064ffb13b3SJiri Dorazil
1074ffb13b3SJiri Dorazil                //create and update user in base
1084ffb13b3SJiri Dorazil                if($skautIsAllowedAddUser){
1098a605c6dSJiri Dorazil                    if (!$udata) {
1108a605c6dSJiri Dorazil                        //default groups
1118a605c6dSJiri Dorazil                        $grps = null;
1128a605c6dSJiri Dorazil                        if ($this->getConf('default_groups')){
1138a605c6dSJiri Dorazil                            $grps = explode(' ', $this->getConf('default_groups'));
1148a605c6dSJiri Dorazil                        }
1158a605c6dSJiri Dorazil                        //create user
116*5c420ec9SJan Staněk                        $this->createUser($login, md5(rand().$login), $skautIsUsername, $skautIsEmail, $grps);
1178a605c6dSJiri Dorazil                        $udata = $this->getUserData($login);
118*5c420ec9SJan Staněk                    } elseif ($udata['name'] != $skautIsUsername || $udata['email'] != $skautIsEmail) {
1198a605c6dSJiri Dorazil                        //update user
120*5c420ec9SJan Staněk                        $this->modifyUser($login, ['name'=>$skautIsUsername, 'email'=>$skautIsEmail]);
1218a605c6dSJiri Dorazil                    }
1228a605c6dSJiri Dorazil                }
1238a605c6dSJiri Dorazil
124472c46daSJiri Dorazil                if ($this->isUserValid($login)){
1258a605c6dSJiri Dorazil                    //set user info
1268a605c6dSJiri Dorazil                    $USERINFO['pass'] = "";
127*5c420ec9SJan Staněk                    $USERINFO['name'] = $skautIsUsername;
128*5c420ec9SJan Staněk                    $USERINFO['mail'] = $skautIsEmail;
1298a605c6dSJiri Dorazil                    $USERINFO['grps'] = $udata['grps'];
1308a605c6dSJiri Dorazil                    $USERINFO['is_skautis'] = true;
131*5c420ec9SJan Staněk                    $_SERVER['REMOTE_USER'] = $skautIsUsername;
1328a605c6dSJiri Dorazil
1338a605c6dSJiri Dorazil                    //save user info in session
1348a605c6dSJiri Dorazil                    $_SESSION[DOKU_COOKIE]['authskautis']['user'] = $_SERVER['REMOTE_USER'];
1358a605c6dSJiri Dorazil                    $_SESSION[DOKU_COOKIE]['authskautis']['info'] = $USERINFO;
1368a605c6dSJiri Dorazil
1378a605c6dSJiri Dorazil                    //if login page - redirect to main page
1388a605c6dSJiri Dorazil                    if (isset($_GET['do']) && $_GET['do']=='login'){
1398a605c6dSJiri Dorazil                        header("Location: ".wl('start', '', true));
1408a605c6dSJiri Dorazil                    }
1418a605c6dSJiri Dorazil
1428a605c6dSJiri Dorazil                    return true;
1438a605c6dSJiri Dorazil                } else {
1444ffb13b3SJiri Dorazil                    msg($this->getLang('nouser'),-1);
1454ffb13b3SJiri Dorazil                    $this->logOff();
1464ffb13b3SJiri Dorazil                    return false;
1474ffb13b3SJiri Dorazil                }
1484ffb13b3SJiri Dorazil            } else {
1494ffb13b3SJiri Dorazil                msg($this->getLang('badskautis'),-1);
1508a605c6dSJiri Dorazil                $this->logOff();
1518a605c6dSJiri Dorazil                return false;
1528a605c6dSJiri Dorazil            }
1538a605c6dSJiri Dorazil        } else {
1548a605c6dSJiri Dorazil            //return false;
1558a605c6dSJiri Dorazil        }
1568a605c6dSJiri Dorazil        return false;
1578a605c6dSJiri Dorazil    }
1588a605c6dSJiri Dorazil
1598a605c6dSJiri Dorazil    function logOff(){
1608a605c6dSJiri Dorazil        unset($_SESSION[DOKU_COOKIE]['authskautis']['user']);
1618a605c6dSJiri Dorazil        unset($_SESSION[DOKU_COOKIE]['authskautis']['info']);
1628a605c6dSJiri Dorazil    }
163472c46daSJiri Dorazil
164472c46daSJiri Dorazil    function isUserValid($login){
165472c46daSJiri Dorazil        return isset($this->users[$login]) ? true : false;
166472c46daSJiri Dorazil    }
167a4ff4e44SJiri Dorazil}
168