1*24cd6f55SDamien Regad<?php 2*24cd6f55SDamien Regad/** 3*24cd6f55SDamien Regad * DokuWiki Plugin authwordpress (Auth Component) 4*24cd6f55SDamien Regad * 5*24cd6f55SDamien Regad * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 6*24cd6f55SDamien Regad * @author Damien Regad <dregad@mantisbt.org> 7*24cd6f55SDamien Regad */ 8*24cd6f55SDamien Regad 9*24cd6f55SDamien Regad// must be run within Dokuwiki 10*24cd6f55SDamien Regadif(!defined('DOKU_INC')) die(); 11*24cd6f55SDamien Regad 12*24cd6f55SDamien Regadclass auth_plugin_authwordpress extends DokuWiki_Auth_Plugin { 13*24cd6f55SDamien Regad 14*24cd6f55SDamien Regad 15*24cd6f55SDamien Regad /** 16*24cd6f55SDamien Regad * Constructor. 17*24cd6f55SDamien Regad */ 18*24cd6f55SDamien Regad public function __construct() { 19*24cd6f55SDamien Regad parent::__construct(); // for compatibility 20*24cd6f55SDamien Regad 21*24cd6f55SDamien Regad // FIXME set capabilities accordingly 22*24cd6f55SDamien Regad //$this->cando['addUser'] = false; // can Users be created? 23*24cd6f55SDamien Regad //$this->cando['delUser'] = false; // can Users be deleted? 24*24cd6f55SDamien Regad //$this->cando['modLogin'] = false; // can login names be changed? 25*24cd6f55SDamien Regad //$this->cando['modPass'] = false; // can passwords be changed? 26*24cd6f55SDamien Regad //$this->cando['modName'] = false; // can real names be changed? 27*24cd6f55SDamien Regad //$this->cando['modMail'] = false; // can emails be changed? 28*24cd6f55SDamien Regad //$this->cando['modGroups'] = false; // can groups be changed? 29*24cd6f55SDamien Regad //$this->cando['getUsers'] = false; // can a (filtered) list of users be retrieved? 30*24cd6f55SDamien Regad //$this->cando['getUserCount']= false; // can the number of users be retrieved? 31*24cd6f55SDamien Regad //$this->cando['getGroups'] = false; // can a list of available groups be retrieved? 32*24cd6f55SDamien Regad //$this->cando['external'] = false; // does the module do external auth checking? 33*24cd6f55SDamien Regad //$this->cando['logout'] = true; // can the user logout again? (eg. not possible with HTTP auth) 34*24cd6f55SDamien Regad 35*24cd6f55SDamien Regad // FIXME intialize your auth system and set success to true, if successful 36*24cd6f55SDamien Regad $this->success = true; 37*24cd6f55SDamien Regad } 38*24cd6f55SDamien Regad 39*24cd6f55SDamien Regad 40*24cd6f55SDamien Regad /** 41*24cd6f55SDamien Regad * Log off the current user [ OPTIONAL ] 42*24cd6f55SDamien Regad */ 43*24cd6f55SDamien Regad //public function logOff() { 44*24cd6f55SDamien Regad //} 45*24cd6f55SDamien Regad 46*24cd6f55SDamien Regad /** 47*24cd6f55SDamien Regad * Do all authentication [ OPTIONAL ] 48*24cd6f55SDamien Regad * 49*24cd6f55SDamien Regad * @param string $user Username 50*24cd6f55SDamien Regad * @param string $pass Cleartext Password 51*24cd6f55SDamien Regad * @param bool $sticky Cookie should not expire 52*24cd6f55SDamien Regad * @return bool true on successful auth 53*24cd6f55SDamien Regad */ 54*24cd6f55SDamien Regad //public function trustExternal($user, $pass, $sticky = false) { 55*24cd6f55SDamien Regad /* some example: 56*24cd6f55SDamien Regad 57*24cd6f55SDamien Regad global $USERINFO; 58*24cd6f55SDamien Regad global $conf; 59*24cd6f55SDamien Regad $sticky ? $sticky = true : $sticky = false; //sanity check 60*24cd6f55SDamien Regad 61*24cd6f55SDamien Regad // do the checking here 62*24cd6f55SDamien Regad 63*24cd6f55SDamien Regad // set the globals if authed 64*24cd6f55SDamien Regad $USERINFO['name'] = 'FIXME'; 65*24cd6f55SDamien Regad $USERINFO['mail'] = 'FIXME'; 66*24cd6f55SDamien Regad $USERINFO['grps'] = array('FIXME'); 67*24cd6f55SDamien Regad $_SERVER['REMOTE_USER'] = $user; 68*24cd6f55SDamien Regad $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; 69*24cd6f55SDamien Regad $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; 70*24cd6f55SDamien Regad $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 71*24cd6f55SDamien Regad return true; 72*24cd6f55SDamien Regad 73*24cd6f55SDamien Regad */ 74*24cd6f55SDamien Regad //} 75*24cd6f55SDamien Regad 76*24cd6f55SDamien Regad /** 77*24cd6f55SDamien Regad * Check user+password 78*24cd6f55SDamien Regad * 79*24cd6f55SDamien Regad * May be ommited if trustExternal is used. 80*24cd6f55SDamien Regad * 81*24cd6f55SDamien Regad * @param string $user the user name 82*24cd6f55SDamien Regad * @param string $pass the clear text password 83*24cd6f55SDamien Regad * @return bool 84*24cd6f55SDamien Regad */ 85*24cd6f55SDamien Regad public function checkPass($user, $pass) { 86*24cd6f55SDamien Regad // FIXME implement password check 87*24cd6f55SDamien Regad return false; // return true if okay 88*24cd6f55SDamien Regad } 89*24cd6f55SDamien Regad 90*24cd6f55SDamien Regad /** 91*24cd6f55SDamien Regad * Return user info 92*24cd6f55SDamien Regad * 93*24cd6f55SDamien Regad * Returns info about the given user needs to contain 94*24cd6f55SDamien Regad * at least these fields: 95*24cd6f55SDamien Regad * 96*24cd6f55SDamien Regad * name string full name of the user 97*24cd6f55SDamien Regad * mail string email addres of the user 98*24cd6f55SDamien Regad * grps array list of groups the user is in 99*24cd6f55SDamien Regad * 100*24cd6f55SDamien Regad * @param string $user the user name 101*24cd6f55SDamien Regad * @return array containing user data or false 102*24cd6f55SDamien Regad */ 103*24cd6f55SDamien Regad public function getUserData($user) { 104*24cd6f55SDamien Regad // FIXME implement 105*24cd6f55SDamien Regad return false; 106*24cd6f55SDamien Regad } 107*24cd6f55SDamien Regad 108*24cd6f55SDamien Regad /** 109*24cd6f55SDamien Regad * Create a new User [implement only where required/possible] 110*24cd6f55SDamien Regad * 111*24cd6f55SDamien Regad * Returns false if the user already exists, null when an error 112*24cd6f55SDamien Regad * occurred and true if everything went well. 113*24cd6f55SDamien Regad * 114*24cd6f55SDamien Regad * The new user HAS TO be added to the default group by this 115*24cd6f55SDamien Regad * function! 116*24cd6f55SDamien Regad * 117*24cd6f55SDamien Regad * Set addUser capability when implemented 118*24cd6f55SDamien Regad * 119*24cd6f55SDamien Regad * @param string $user 120*24cd6f55SDamien Regad * @param string $pass 121*24cd6f55SDamien Regad * @param string $name 122*24cd6f55SDamien Regad * @param string $mail 123*24cd6f55SDamien Regad * @param null|array $grps 124*24cd6f55SDamien Regad * @return bool|null 125*24cd6f55SDamien Regad */ 126*24cd6f55SDamien Regad //public function createUser($user, $pass, $name, $mail, $grps = null) { 127*24cd6f55SDamien Regad // FIXME implement 128*24cd6f55SDamien Regad // return null; 129*24cd6f55SDamien Regad //} 130*24cd6f55SDamien Regad 131*24cd6f55SDamien Regad /** 132*24cd6f55SDamien Regad * Modify user data [implement only where required/possible] 133*24cd6f55SDamien Regad * 134*24cd6f55SDamien Regad * Set the mod* capabilities according to the implemented features 135*24cd6f55SDamien Regad * 136*24cd6f55SDamien Regad * @param string $user nick of the user to be changed 137*24cd6f55SDamien Regad * @param array $changes array of field/value pairs to be changed (password will be clear text) 138*24cd6f55SDamien Regad * @return bool 139*24cd6f55SDamien Regad */ 140*24cd6f55SDamien Regad //public function modifyUser($user, $changes) { 141*24cd6f55SDamien Regad // FIXME implement 142*24cd6f55SDamien Regad // return false; 143*24cd6f55SDamien Regad //} 144*24cd6f55SDamien Regad 145*24cd6f55SDamien Regad /** 146*24cd6f55SDamien Regad * Delete one or more users [implement only where required/possible] 147*24cd6f55SDamien Regad * 148*24cd6f55SDamien Regad * Set delUser capability when implemented 149*24cd6f55SDamien Regad * 150*24cd6f55SDamien Regad * @param array $users 151*24cd6f55SDamien Regad * @return int number of users deleted 152*24cd6f55SDamien Regad */ 153*24cd6f55SDamien Regad //public function deleteUsers($users) { 154*24cd6f55SDamien Regad // FIXME implement 155*24cd6f55SDamien Regad // return false; 156*24cd6f55SDamien Regad //} 157*24cd6f55SDamien Regad 158*24cd6f55SDamien Regad /** 159*24cd6f55SDamien Regad * Bulk retrieval of user data [implement only where required/possible] 160*24cd6f55SDamien Regad * 161*24cd6f55SDamien Regad * Set getUsers capability when implemented 162*24cd6f55SDamien Regad * 163*24cd6f55SDamien Regad * @param int $start index of first user to be returned 164*24cd6f55SDamien Regad * @param int $limit max number of users to be returned 165*24cd6f55SDamien Regad * @param array $filter array of field/pattern pairs, null for no filter 166*24cd6f55SDamien Regad * @return array list of userinfo (refer getUserData for internal userinfo details) 167*24cd6f55SDamien Regad */ 168*24cd6f55SDamien Regad //public function retrieveUsers($start = 0, $limit = -1, $filter = null) { 169*24cd6f55SDamien Regad // FIXME implement 170*24cd6f55SDamien Regad // return array(); 171*24cd6f55SDamien Regad //} 172*24cd6f55SDamien Regad 173*24cd6f55SDamien Regad /** 174*24cd6f55SDamien Regad * Return a count of the number of user which meet $filter criteria 175*24cd6f55SDamien Regad * [should be implemented whenever retrieveUsers is implemented] 176*24cd6f55SDamien Regad * 177*24cd6f55SDamien Regad * Set getUserCount capability when implemented 178*24cd6f55SDamien Regad * 179*24cd6f55SDamien Regad * @param array $filter array of field/pattern pairs, empty array for no filter 180*24cd6f55SDamien Regad * @return int 181*24cd6f55SDamien Regad */ 182*24cd6f55SDamien Regad //public function getUserCount($filter = array()) { 183*24cd6f55SDamien Regad // FIXME implement 184*24cd6f55SDamien Regad // return 0; 185*24cd6f55SDamien Regad //} 186*24cd6f55SDamien Regad 187*24cd6f55SDamien Regad /** 188*24cd6f55SDamien Regad * Define a group [implement only where required/possible] 189*24cd6f55SDamien Regad * 190*24cd6f55SDamien Regad * Set addGroup capability when implemented 191*24cd6f55SDamien Regad * 192*24cd6f55SDamien Regad * @param string $group 193*24cd6f55SDamien Regad * @return bool 194*24cd6f55SDamien Regad */ 195*24cd6f55SDamien Regad //public function addGroup($group) { 196*24cd6f55SDamien Regad // FIXME implement 197*24cd6f55SDamien Regad // return false; 198*24cd6f55SDamien Regad //} 199*24cd6f55SDamien Regad 200*24cd6f55SDamien Regad /** 201*24cd6f55SDamien Regad * Retrieve groups [implement only where required/possible] 202*24cd6f55SDamien Regad * 203*24cd6f55SDamien Regad * Set getGroups capability when implemented 204*24cd6f55SDamien Regad * 205*24cd6f55SDamien Regad * @param int $start 206*24cd6f55SDamien Regad * @param int $limit 207*24cd6f55SDamien Regad * @return array 208*24cd6f55SDamien Regad */ 209*24cd6f55SDamien Regad //public function retrieveGroups($start = 0, $limit = 0) { 210*24cd6f55SDamien Regad // FIXME implement 211*24cd6f55SDamien Regad // return array(); 212*24cd6f55SDamien Regad //} 213*24cd6f55SDamien Regad 214*24cd6f55SDamien Regad /** 215*24cd6f55SDamien Regad * Return case sensitivity of the backend 216*24cd6f55SDamien Regad * 217*24cd6f55SDamien Regad * When your backend is caseinsensitive (eg. you can login with USER and 218*24cd6f55SDamien Regad * user) then you need to overwrite this method and return false 219*24cd6f55SDamien Regad * 220*24cd6f55SDamien Regad * @return bool 221*24cd6f55SDamien Regad */ 222*24cd6f55SDamien Regad public function isCaseSensitive() { 223*24cd6f55SDamien Regad return true; 224*24cd6f55SDamien Regad } 225*24cd6f55SDamien Regad 226*24cd6f55SDamien Regad /** 227*24cd6f55SDamien Regad * Sanitize a given username 228*24cd6f55SDamien Regad * 229*24cd6f55SDamien Regad * This function is applied to any user name that is given to 230*24cd6f55SDamien Regad * the backend and should also be applied to any user name within 231*24cd6f55SDamien Regad * the backend before returning it somewhere. 232*24cd6f55SDamien Regad * 233*24cd6f55SDamien Regad * This should be used to enforce username restrictions. 234*24cd6f55SDamien Regad * 235*24cd6f55SDamien Regad * @param string $user username 236*24cd6f55SDamien Regad * @return string the cleaned username 237*24cd6f55SDamien Regad */ 238*24cd6f55SDamien Regad public function cleanUser($user) { 239*24cd6f55SDamien Regad return $user; 240*24cd6f55SDamien Regad } 241*24cd6f55SDamien Regad 242*24cd6f55SDamien Regad /** 243*24cd6f55SDamien Regad * Sanitize a given groupname 244*24cd6f55SDamien Regad * 245*24cd6f55SDamien Regad * This function is applied to any groupname that is given to 246*24cd6f55SDamien Regad * the backend and should also be applied to any groupname within 247*24cd6f55SDamien Regad * the backend before returning it somewhere. 248*24cd6f55SDamien Regad * 249*24cd6f55SDamien Regad * This should be used to enforce groupname restrictions. 250*24cd6f55SDamien Regad * 251*24cd6f55SDamien Regad * Groupnames are to be passed without a leading '@' here. 252*24cd6f55SDamien Regad * 253*24cd6f55SDamien Regad * @param string $group groupname 254*24cd6f55SDamien Regad * @return string the cleaned groupname 255*24cd6f55SDamien Regad */ 256*24cd6f55SDamien Regad public function cleanGroup($group) { 257*24cd6f55SDamien Regad return $group; 258*24cd6f55SDamien Regad } 259*24cd6f55SDamien Regad 260*24cd6f55SDamien Regad /** 261*24cd6f55SDamien Regad * Check Session Cache validity [implement only where required/possible] 262*24cd6f55SDamien Regad * 263*24cd6f55SDamien Regad * DokuWiki caches user info in the user's session for the timespan defined 264*24cd6f55SDamien Regad * in $conf['auth_security_timeout']. 265*24cd6f55SDamien Regad * 266*24cd6f55SDamien Regad * This makes sure slow authentication backends do not slow down DokuWiki. 267*24cd6f55SDamien Regad * This also means that changes to the user database will not be reflected 268*24cd6f55SDamien Regad * on currently logged in users. 269*24cd6f55SDamien Regad * 270*24cd6f55SDamien Regad * To accommodate for this, the user manager plugin will touch a reference 271*24cd6f55SDamien Regad * file whenever a change is submitted. This function compares the filetime 272*24cd6f55SDamien Regad * of this reference file with the time stored in the session. 273*24cd6f55SDamien Regad * 274*24cd6f55SDamien Regad * This reference file mechanism does not reflect changes done directly in 275*24cd6f55SDamien Regad * the backend's database through other means than the user manager plugin. 276*24cd6f55SDamien Regad * 277*24cd6f55SDamien Regad * Fast backends might want to return always false, to force rechecks on 278*24cd6f55SDamien Regad * each page load. Others might want to use their own checking here. If 279*24cd6f55SDamien Regad * unsure, do not override. 280*24cd6f55SDamien Regad * 281*24cd6f55SDamien Regad * @param string $user - The username 282*24cd6f55SDamien Regad * @return bool 283*24cd6f55SDamien Regad */ 284*24cd6f55SDamien Regad //public function useSessionCache($user) { 285*24cd6f55SDamien Regad // FIXME implement 286*24cd6f55SDamien Regad //} 287*24cd6f55SDamien Regad} 288*24cd6f55SDamien Regad 289*24cd6f55SDamien Regad// vim:ts=4:sw=4:et: