xref: /plugin/authskautis/auth.php (revision 8a605c6d7eef47f0e62542ce425f7c58881cff80)
1a4ff4e44SJiri Dorazil<?php
2a4ff4e44SJiri Dorazil
3a4ff4e44SJiri Dorazil/**
4a4ff4e44SJiri Dorazil * DokuWiki Plugin skautis (Auth Component)
5a4ff4e44SJiri Dorazil *
6a4ff4e44SJiri Dorazil * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
7a4ff4e44SJiri Dorazil * @author  Jiri Dorazil <alex@skaut.cz>
8a4ff4e44SJiri Dorazil */
9a4ff4e44SJiri Dorazil
10a4ff4e44SJiri Dorazil// must be run within Dokuwiki
11a4ff4e44SJiri Dorazilif(!defined('DOKU_INC')) die();
12a4ff4e44SJiri Dorazildefine('SKAUTIS_LIBS_DIR', dirname(__FILE__).'/libs/');
13a4ff4e44SJiri Dorazilrequire_once SKAUTIS_LIBS_DIR. 'skautis-minify.php';
14a4ff4e44SJiri Dorazil
15a4ff4e44SJiri Dorazilglobal $conf;
16*8a605c6dSJiri Dorazil// define cookie and session id, append server port when securecookie is configured
17*8a605c6dSJiri Dorazilif (!defined('AUTHSKAUTIS_COOKIE')){
18*8a605c6dSJiri Dorazil    define('AUTHSKAUTIS_COOKIE', 'SPGG'.md5(DOKU_REL.(($conf['securecookie'])?$_SERVER['SERVER_PORT']:'')));
19*8a605c6dSJiri Dorazil}
20a4ff4e44SJiri Dorazil
21a4ff4e44SJiri Dorazilclass auth_plugin_authskautis extends auth_plugin_authplain {
22a4ff4e44SJiri Dorazil
23a4ff4e44SJiri Dorazil    /**
24a4ff4e44SJiri Dorazil     * Constructor.
25a4ff4e44SJiri Dorazil     */
26*8a605c6dSJiri Dorazil    public function __construct() {
27a4ff4e44SJiri Dorazil        global $config_cascade;
28a4ff4e44SJiri Dorazil        parent::__construct(); // for compatibility
29*8a605c6dSJiri Dorazil        $this->url = Skautis\Config::URL_PRODUCTION . '/Login/?appid=';
30*8a605c6dSJiri Dorazil        $this->testUrl = Skautis\Config::URL_TEST . '/Login/?appid=';
31a4ff4e44SJiri Dorazil
32a4ff4e44SJiri Dorazil        $this->success = true;
33a4ff4e44SJiri Dorazil
34*8a605c6dSJiri Dorazil        $this->cando['addUser']     = true; // can Users be created?
35*8a605c6dSJiri Dorazil        $this->cando['external']    = true; // does the module do external auth checking?
36*8a605c6dSJiri Dorazil        $this->cando['logout']      = true; // can the user logout again? (eg. not possible with HTTP auth)
37a4ff4e44SJiri Dorazil
38*8a605c6dSJiri Dorazil    }
39a4ff4e44SJiri Dorazil
40a4ff4e44SJiri Dorazil    /**
41a4ff4e44SJiri Dorazil     * Do all authentication [ OPTIONAL ]
42a4ff4e44SJiri Dorazil     *
43a4ff4e44SJiri Dorazil     * @param   string  $user    Username
44a4ff4e44SJiri Dorazil     * @param   string  $pass    Cleartext Password
45a4ff4e44SJiri Dorazil     * @param   bool    $sticky  Cookie should not expire
46a4ff4e44SJiri Dorazil     * @return  bool             true on successful auth
47a4ff4e44SJiri Dorazil     */
48*8a605c6dSJiri Dorazil    public function trustExternal($user, $pass, $sticky = false) {
49a4ff4e44SJiri Dorazil        global $USERINFO;
50a4ff4e44SJiri Dorazil
51*8a605c6dSJiri Dorazil        //get user info in session
52*8a605c6dSJiri Dorazil        if (!empty($_SESSION[DOKU_COOKIE]['authskautis']['info'])) {
53*8a605c6dSJiri Dorazil            $USERINFO['name'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['name'];
54*8a605c6dSJiri Dorazil            $USERINFO['mail'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['mail'];
55*8a605c6dSJiri Dorazil            $USERINFO['grps'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['grps'];
56*8a605c6dSJiri Dorazil            $USERINFO['is_skautis'] = $_SESSION[DOKU_COOKIE]['authskautis']['info']['is_skautis'];
57*8a605c6dSJiri Dorazil            $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['authskautis']['user'];
58a4ff4e44SJiri Dorazil            return true;
59*8a605c6dSJiri Dorazil        }
60a4ff4e44SJiri Dorazil
61*8a605c6dSJiri Dorazil        //get form login info
62*8a605c6dSJiri Dorazil        if(!empty($user)){
63*8a605c6dSJiri Dorazil            //var_dump($user,$pass);die;
64*8a605c6dSJiri Dorazil            if($this->checkPass($user,$pass)){
65*8a605c6dSJiri Dorazil                $uinfo  = $this->getUserData($user);
66a4ff4e44SJiri Dorazil
67*8a605c6dSJiri Dorazil                //set user info
68*8a605c6dSJiri Dorazil                $USERINFO['name'] = $uinfo['name'];
69*8a605c6dSJiri Dorazil                $USERINFO['mail'] = $uinfo['email'];
70*8a605c6dSJiri Dorazil                $USERINFO['grps'] = $uinfo['grps'];
71*8a605c6dSJiri Dorazil                $USERINFO['pass'] = $pass;
72*8a605c6dSJiri Dorazil
73*8a605c6dSJiri Dorazil                //save data in session
74*8a605c6dSJiri Dorazil                $_SERVER['REMOTE_USER'] = $uinfo['name'];
75*8a605c6dSJiri Dorazil                $_SESSION[DOKU_COOKIE]['authskautis']['user'] = $uinfo['name'];
76*8a605c6dSJiri Dorazil                $_SESSION[DOKU_COOKIE]['authskautis']['info'] = $USERINFO;
77*8a605c6dSJiri Dorazil
78*8a605c6dSJiri Dorazil                return true;
79*8a605c6dSJiri Dorazil            }else{
80*8a605c6dSJiri Dorazil                //invalid credentials - log off
81*8a605c6dSJiri Dorazil                msg($this->getLang('badlogin'),-1);
82*8a605c6dSJiri Dorazil                return false;
83*8a605c6dSJiri Dorazil            }
84*8a605c6dSJiri Dorazil        }
85*8a605c6dSJiri Dorazil
86*8a605c6dSJiri Dorazil
87*8a605c6dSJiri Dorazil        //$sticky ? $sticky = true : $sticky = false; //sanity check
88*8a605c6dSJiri Dorazil        if (!empty($_POST)){
89*8a605c6dSJiri Dorazil
90*8a605c6dSJiri Dorazil            $skautisAppId = $this->getConf('skautis_app_id');
91*8a605c6dSJiri Dorazil            $skautIsTestmode = $this->getConf('skautis_test_mode');
92*8a605c6dSJiri Dorazil            //$skautIsAllowedAddUser = $this->getConf('skautis_allowed_add_user');
93*8a605c6dSJiri Dorazil            $skautIsAllowedAddUser = true;
94*8a605c6dSJiri Dorazil            $skautIs = SkautIs\skautIs::getInstance($skautisAppId,$skautIsTestmode);
95*8a605c6dSJiri Dorazil            $skautIs->setLoginData($_POST);
96*8a605c6dSJiri Dorazil
97*8a605c6dSJiri Dorazil            $skautisUser = $skautIs->getUser();
98*8a605c6dSJiri Dorazil
99*8a605c6dSJiri Dorazil            if ($skautisUser->isLoggedIn(true)) {
100*8a605c6dSJiri Dorazil                $userData = $skautIs->user->userDetail();
101*8a605c6dSJiri Dorazil                $token = $skautIs->getUser()->getLoginId();
102*8a605c6dSJiri Dorazil                $person = $skautIs->org->PersonDetail(array('ID_Login' => $token, 'ID' => $userData->ID_Person));
103*8a605c6dSJiri Dorazil                //$roles = $skautIs->user->userRoleAll(array('ID_Login' => $token, 'ID_User' => $userData->ID));
104*8a605c6dSJiri Dorazil                $skautisEmail = $person->Email;
105*8a605c6dSJiri Dorazil                $skautisUsername = $person->FirstName . ' ' . $person->LastName;
106*8a605c6dSJiri Dorazil
107*8a605c6dSJiri Dorazil                //create and update user in base
108*8a605c6dSJiri Dorazil                if($skautIsAllowedAddUser){
109*8a605c6dSJiri Dorazil                    $login = 'skautis'.$userData->ID;
110*8a605c6dSJiri Dorazil                    $udata = $this->getUserData($login);
111*8a605c6dSJiri Dorazil                    if (!$udata) {
112*8a605c6dSJiri Dorazil                        //default groups
113*8a605c6dSJiri Dorazil                        $grps = null;
114*8a605c6dSJiri Dorazil                        if ($this->getConf('default_groups')){
115*8a605c6dSJiri Dorazil                            $grps = explode(' ', $this->getConf('default_groups'));
116*8a605c6dSJiri Dorazil                        }
117*8a605c6dSJiri Dorazil                        //create user
118*8a605c6dSJiri Dorazil                        $this->createUser($login, md5(rand().$login), $skautisUsername, $skautisEmail, $grps);
119*8a605c6dSJiri Dorazil                        $udata = $this->getUserData($login);
120*8a605c6dSJiri Dorazil                    } elseif ($udata['name'] != $skautisUsername || $udata['email'] != $skautisEmail) {
121*8a605c6dSJiri Dorazil                        //update user
122*8a605c6dSJiri Dorazil                        $this->modifyUser($login, array('name'=>$skautisUsername, 'email'=>$skautisEmail));
123*8a605c6dSJiri Dorazil                    }
124*8a605c6dSJiri Dorazil                }
125*8a605c6dSJiri Dorazil
126*8a605c6dSJiri Dorazil
127*8a605c6dSJiri Dorazil                //set user info
128*8a605c6dSJiri Dorazil                $USERINFO['pass'] = "";
129*8a605c6dSJiri Dorazil                $USERINFO['name'] = $skautisUsername;
130*8a605c6dSJiri Dorazil                $USERINFO['mail'] = $skautisEmail;
131*8a605c6dSJiri Dorazil                $USERINFO['grps'] = $udata['grps'];
132*8a605c6dSJiri Dorazil                $USERINFO['is_skautis'] = true;
133*8a605c6dSJiri Dorazil                $_SERVER['REMOTE_USER'] = $skautisUsername;
134*8a605c6dSJiri Dorazil
135*8a605c6dSJiri Dorazil                //save user info in session
136*8a605c6dSJiri Dorazil                $_SESSION[DOKU_COOKIE]['authskautis']['user'] = $_SERVER['REMOTE_USER'];
137*8a605c6dSJiri Dorazil                $_SESSION[DOKU_COOKIE]['authskautis']['info'] = $USERINFO;
138*8a605c6dSJiri Dorazil
139*8a605c6dSJiri Dorazil                //if login page - redirect to main page
140*8a605c6dSJiri Dorazil                if (isset($_GET['do']) && $_GET['do']=='login'){
141*8a605c6dSJiri Dorazil                    header("Location: ".wl('start', '', true));
142*8a605c6dSJiri Dorazil                }
143*8a605c6dSJiri Dorazil
144*8a605c6dSJiri Dorazil                return true;
145*8a605c6dSJiri Dorazil            } else {
146*8a605c6dSJiri Dorazil                $this->logOff();
147*8a605c6dSJiri Dorazil                return false;
148*8a605c6dSJiri Dorazil            }
149*8a605c6dSJiri Dorazil        } else {
150*8a605c6dSJiri Dorazil            //return false;
151*8a605c6dSJiri Dorazil        }
152*8a605c6dSJiri Dorazil        return false;
153*8a605c6dSJiri Dorazil    }
154*8a605c6dSJiri Dorazil
155*8a605c6dSJiri Dorazil    function logOff(){
156*8a605c6dSJiri Dorazil        unset($_SESSION[DOKU_COOKIE]['authskautis']['user']);
157*8a605c6dSJiri Dorazil        unset($_SESSION[DOKU_COOKIE]['authskautis']['info']);
158*8a605c6dSJiri Dorazil    }
159a4ff4e44SJiri Dorazil}