174b4d4a4SAndreas Gohr<?php 274b4d4a4SAndreas Gohr 374b4d4a4SAndreas Gohrnamespace dokuwiki\plugin\oauth; 474b4d4a4SAndreas Gohr 574b4d4a4SAndreas Gohr/** 674b4d4a4SAndreas Gohr * Singleton to manage all oAuth related session and cookie data 774b4d4a4SAndreas Gohr */ 874b4d4a4SAndreas Gohrclass Session 974b4d4a4SAndreas Gohr{ 1074b4d4a4SAndreas Gohr /** @var Session */ 1174b4d4a4SAndreas Gohr protected static $instance = null; 1274b4d4a4SAndreas Gohr 1374b4d4a4SAndreas Gohr /** 1474b4d4a4SAndreas Gohr * hidden constructor 1574b4d4a4SAndreas Gohr */ 1674b4d4a4SAndreas Gohr protected function __construct() 1774b4d4a4SAndreas Gohr { 1874b4d4a4SAndreas Gohr } 1974b4d4a4SAndreas Gohr 2074b4d4a4SAndreas Gohr /** 2174b4d4a4SAndreas Gohr * Get Singleton Instance 2274b4d4a4SAndreas Gohr * 2374b4d4a4SAndreas Gohr * @return Session 2474b4d4a4SAndreas Gohr */ 2574b4d4a4SAndreas Gohr public static function getInstance() 2674b4d4a4SAndreas Gohr { 2774b4d4a4SAndreas Gohr if (self::$instance === null) { 2874b4d4a4SAndreas Gohr self::$instance = new Session(); 2974b4d4a4SAndreas Gohr } 3074b4d4a4SAndreas Gohr return self::$instance; 3174b4d4a4SAndreas Gohr } 3274b4d4a4SAndreas Gohr 3374b4d4a4SAndreas Gohr /** 3431039e80SAndreas Gohr * Set the environment needed to verify a login in progress 3574b4d4a4SAndreas Gohr * 3631039e80SAndreas Gohr * @param string $servicename the name of the service used 3731039e80SAndreas Gohr * @param string $id pageID to return to after login 3874b4d4a4SAndreas Gohr * @return void 3974b4d4a4SAndreas Gohr */ 40*28002081SAndreas Gohr public function setLoginData($servicename, $id) 4174b4d4a4SAndreas Gohr { 4231039e80SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['oauth'] = [ 4331039e80SAndreas Gohr 'servicename' => $servicename, 4431039e80SAndreas Gohr 'id' => $id, 4531039e80SAndreas Gohr ]; 4674b4d4a4SAndreas Gohr } 4774b4d4a4SAndreas Gohr 4874b4d4a4SAndreas Gohr /** 4931039e80SAndreas Gohr * Get the current login environment 5074b4d4a4SAndreas Gohr * 51*28002081SAndreas Gohr * @return false|array Either [servicename=>*, id=>*] or false 5274b4d4a4SAndreas Gohr */ 5374b4d4a4SAndreas Gohr public function getLoginData() 5474b4d4a4SAndreas Gohr { 5531039e80SAndreas Gohr if (isset($_SESSION[DOKU_COOKIE]['auth']['oauth'])) { 5631039e80SAndreas Gohr return $_SESSION[DOKU_COOKIE]['auth']['oauth']; 5774b4d4a4SAndreas Gohr } 5874b4d4a4SAndreas Gohr return false; 5974b4d4a4SAndreas Gohr } 6074b4d4a4SAndreas Gohr 6174b4d4a4SAndreas Gohr /** 6231039e80SAndreas Gohr * Clear login environment after login 6331039e80SAndreas Gohr * 6474b4d4a4SAndreas Gohr * @return void 6574b4d4a4SAndreas Gohr */ 6674b4d4a4SAndreas Gohr public function clearLoginData() 6774b4d4a4SAndreas Gohr { 6831039e80SAndreas Gohr if (isset($_SESSION[DOKU_COOKIE]['auth']['oauth'])) { 6931039e80SAndreas Gohr unset($_SESSION[DOKU_COOKIE]['auth']['oauth']); 7074b4d4a4SAndreas Gohr } 7174b4d4a4SAndreas Gohr } 7274b4d4a4SAndreas Gohr 7374b4d4a4SAndreas Gohr /** 7474b4d4a4SAndreas Gohr * This basically duplicates what DokuWiki does when a user is logged in 7574b4d4a4SAndreas Gohr * 7674b4d4a4SAndreas Gohr * @param array $userdata 7774b4d4a4SAndreas Gohr * @param bool $resettime Set a new session time? False only when restoring from session 7874b4d4a4SAndreas Gohr * @return void 7974b4d4a4SAndreas Gohr * @throws Exception 8074b4d4a4SAndreas Gohr */ 8174b4d4a4SAndreas Gohr public function setUser($userdata, $resettime = true) 8274b4d4a4SAndreas Gohr { 8374b4d4a4SAndreas Gohr global $USERINFO; 8474b4d4a4SAndreas Gohr 8574b4d4a4SAndreas Gohr if ( 8674b4d4a4SAndreas Gohr !isset($userdata['user']) or 8774b4d4a4SAndreas Gohr !isset($userdata['name']) or 8874b4d4a4SAndreas Gohr !isset($userdata['mail']) or 8974b4d4a4SAndreas Gohr !isset($userdata['grps']) or 9074b4d4a4SAndreas Gohr !is_array($userdata['grps']) 9174b4d4a4SAndreas Gohr ) { 9274b4d4a4SAndreas Gohr throw new Exception('Missing user data, cannot save to session'); 9374b4d4a4SAndreas Gohr } 9474b4d4a4SAndreas Gohr 9574b4d4a4SAndreas Gohr $USERINFO = $userdata; 9674b4d4a4SAndreas Gohr $_SERVER['REMOTE_USER'] = $userdata['user']; 9774b4d4a4SAndreas Gohr 9874b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['user'] = $userdata['user']; 9974b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['pass'] = $userdata['pass']; 10074b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 10174b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); 10274b4d4a4SAndreas Gohr if ($resettime) { 10374b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); 10474b4d4a4SAndreas Gohr } 10574b4d4a4SAndreas Gohr } 10674b4d4a4SAndreas Gohr 10774b4d4a4SAndreas Gohr /** 10874b4d4a4SAndreas Gohr * The user data currently saved in the session if any 10974b4d4a4SAndreas Gohr * 11074b4d4a4SAndreas Gohr * @return false|array 11174b4d4a4SAndreas Gohr */ 11274b4d4a4SAndreas Gohr public function getUser() 11374b4d4a4SAndreas Gohr { 11474b4d4a4SAndreas Gohr if (isset($_SESSION[DOKU_COOKIE]['auth']['info'])) { 11574b4d4a4SAndreas Gohr return $_SESSION[DOKU_COOKIE]['auth']['info']; 11674b4d4a4SAndreas Gohr } 11774b4d4a4SAndreas Gohr return false; 11874b4d4a4SAndreas Gohr } 11974b4d4a4SAndreas Gohr 12074b4d4a4SAndreas Gohr /** 12174b4d4a4SAndreas Gohr * Set oAuth info to cookie 12274b4d4a4SAndreas Gohr * 12374b4d4a4SAndreas Gohr * We use the same cookie as standard DokuWiki, but write different info. 12474b4d4a4SAndreas Gohr * 12574b4d4a4SAndreas Gohr * @param string $servicename 126*28002081SAndreas Gohr * @param string $storageId 12774b4d4a4SAndreas Gohr * @return void 12874b4d4a4SAndreas Gohr */ 129*28002081SAndreas Gohr public function setCookie($servicename, $storageId) 13074b4d4a4SAndreas Gohr { 13174b4d4a4SAndreas Gohr global $conf; 13274b4d4a4SAndreas Gohr $validityPeriodInSeconds = 60 * 60 * 24 * 365; 133*28002081SAndreas Gohr $cookie = "$servicename|oauth|$storageId"; 13474b4d4a4SAndreas Gohr $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; 13574b4d4a4SAndreas Gohr $time = time() + $validityPeriodInSeconds; 13674b4d4a4SAndreas Gohr setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); 13774b4d4a4SAndreas Gohr } 13874b4d4a4SAndreas Gohr 13974b4d4a4SAndreas Gohr /** 14074b4d4a4SAndreas Gohr * Get oAuth info from cookie 14174b4d4a4SAndreas Gohr * 142*28002081SAndreas Gohr * @return array|false Either [servicename=>?, storageID=>?] or false if no oauth data in cookie 14374b4d4a4SAndreas Gohr */ 14474b4d4a4SAndreas Gohr public function getCookie() 14574b4d4a4SAndreas Gohr { 14674b4d4a4SAndreas Gohr if (!isset($_COOKIE[DOKU_COOKIE])) return false; 147*28002081SAndreas Gohr list($servicename, $oauth, $storageId) = explode('|', $_COOKIE[DOKU_COOKIE]); 14874b4d4a4SAndreas Gohr if ($oauth !== 'oauth') return false; 149*28002081SAndreas Gohr return ['servicename' => $servicename, 'storageId' => $storageId]; 15074b4d4a4SAndreas Gohr } 15174b4d4a4SAndreas Gohr 15274b4d4a4SAndreas Gohr /** 15374b4d4a4SAndreas Gohr * Is any auth data in the session currently trustworthy? 15474b4d4a4SAndreas Gohr * @return bool 15574b4d4a4SAndreas Gohr */ 15674b4d4a4SAndreas Gohr public function isValid() 15774b4d4a4SAndreas Gohr { 15874b4d4a4SAndreas Gohr global $conf; 15974b4d4a4SAndreas Gohr 16074b4d4a4SAndreas Gohr if (!isset($_SESSION[DOKU_COOKIE]['auth']['buid'])) return false; 16174b4d4a4SAndreas Gohr if (!isset($_SESSION[DOKU_COOKIE]['auth']['time'])) return false; 16274b4d4a4SAndreas Gohr if ($_SESSION[DOKU_COOKIE]['auth']['buid'] != auth_browseruid()) return false; 16374b4d4a4SAndreas Gohr if ($_SESSION[DOKU_COOKIE]['auth']['time'] < time() - $conf['auth_security_timeout']) return false; 16474b4d4a4SAndreas Gohr 16574b4d4a4SAndreas Gohr return true; 16674b4d4a4SAndreas Gohr } 16774b4d4a4SAndreas Gohr 16874b4d4a4SAndreas Gohr /** 16974b4d4a4SAndreas Gohr * Clear the session from auth related data 17074b4d4a4SAndreas Gohr * @return void 17174b4d4a4SAndreas Gohr */ 17274b4d4a4SAndreas Gohr public function clear() 17374b4d4a4SAndreas Gohr { 174e170f465SAndreas Gohr //FIXME clear cookie? 17574b4d4a4SAndreas Gohr $this->clearLoginData(); 176e170f465SAndreas Gohr 17774b4d4a4SAndreas Gohr } 17874b4d4a4SAndreas Gohr} 179