xref: /plugin/oauth/Session.php (revision 31039e801164b90e1ac576c29d30e0b65609bc63) 
174b4d4a4SAndreas Gohr<?php
274b4d4a4SAndreas Gohr
374b4d4a4SAndreas Gohrnamespace dokuwiki\plugin\oauth;
474b4d4a4SAndreas Gohr
574b4d4a4SAndreas Gohr/**
674b4d4a4SAndreas Gohr * Singleton to manage all oAuth related session and cookie data
774b4d4a4SAndreas Gohr */
874b4d4a4SAndreas Gohrclass Session
974b4d4a4SAndreas Gohr{
1074b4d4a4SAndreas Gohr    /** @var Session */
1174b4d4a4SAndreas Gohr    protected static $instance = null;
1274b4d4a4SAndreas Gohr
1374b4d4a4SAndreas Gohr    /**
1474b4d4a4SAndreas Gohr     * hidden constructor
1574b4d4a4SAndreas Gohr     */
1674b4d4a4SAndreas Gohr    protected function __construct()
1774b4d4a4SAndreas Gohr    {
1874b4d4a4SAndreas Gohr    }
1974b4d4a4SAndreas Gohr
2074b4d4a4SAndreas Gohr    /**
2174b4d4a4SAndreas Gohr     * Get Singleton Instance
2274b4d4a4SAndreas Gohr     *
2374b4d4a4SAndreas Gohr     * @return Session
2474b4d4a4SAndreas Gohr     */
2574b4d4a4SAndreas Gohr    public static function getInstance()
2674b4d4a4SAndreas Gohr    {
2774b4d4a4SAndreas Gohr        if (self::$instance === null) {
2874b4d4a4SAndreas Gohr            self::$instance = new Session();
2974b4d4a4SAndreas Gohr        }
3074b4d4a4SAndreas Gohr        return self::$instance;
3174b4d4a4SAndreas Gohr    }
3274b4d4a4SAndreas Gohr
3374b4d4a4SAndreas Gohr    /**
34*31039e80SAndreas Gohr     * Set the environment needed to verify a login in progress
3574b4d4a4SAndreas Gohr     *
36*31039e80SAndreas Gohr     * @param string $servicename the name of the service used
37*31039e80SAndreas Gohr     * @param string $guid the GUID assigned to the user
38*31039e80SAndreas Gohr     * @param string $id pageID to return to after login
3974b4d4a4SAndreas Gohr     * @return void
4074b4d4a4SAndreas Gohr     */
41*31039e80SAndreas Gohr    public function setLoginData($servicename, $guid, $id)
4274b4d4a4SAndreas Gohr    {
43*31039e80SAndreas Gohr        $_SESSION[DOKU_COOKIE]['auth']['oauth'] = [
44*31039e80SAndreas Gohr            'servicename' => $servicename,
45*31039e80SAndreas Gohr            'guid' => $guid,
46*31039e80SAndreas Gohr            'id' => $id,
47*31039e80SAndreas Gohr        ];
4874b4d4a4SAndreas Gohr    }
4974b4d4a4SAndreas Gohr
5074b4d4a4SAndreas Gohr    /**
51*31039e80SAndreas Gohr     * Get the current login environment
5274b4d4a4SAndreas Gohr     *
53*31039e80SAndreas Gohr     * @return false|array Either [servicename=>*,guid=>*, id=>*] or false
5474b4d4a4SAndreas Gohr     */
5574b4d4a4SAndreas Gohr    public function getLoginData()
5674b4d4a4SAndreas Gohr    {
57*31039e80SAndreas Gohr        if (isset($_SESSION[DOKU_COOKIE]['auth']['oauth'])) {
58*31039e80SAndreas Gohr            return $_SESSION[DOKU_COOKIE]['auth']['oauth'];
5974b4d4a4SAndreas Gohr        }
6074b4d4a4SAndreas Gohr        return false;
6174b4d4a4SAndreas Gohr    }
6274b4d4a4SAndreas Gohr
6374b4d4a4SAndreas Gohr    /**
64*31039e80SAndreas Gohr     * Clear login environment after login
65*31039e80SAndreas Gohr     *
6674b4d4a4SAndreas Gohr     * @return void
6774b4d4a4SAndreas Gohr     */
6874b4d4a4SAndreas Gohr    public function clearLoginData()
6974b4d4a4SAndreas Gohr    {
70*31039e80SAndreas Gohr        if (isset($_SESSION[DOKU_COOKIE]['auth']['oauth'])) {
71*31039e80SAndreas Gohr            unset($_SESSION[DOKU_COOKIE]['auth']['oauth']);
7274b4d4a4SAndreas Gohr        }
7374b4d4a4SAndreas Gohr    }
7474b4d4a4SAndreas Gohr
7574b4d4a4SAndreas Gohr    /**
7674b4d4a4SAndreas Gohr     * This basically duplicates what DokuWiki does when a user is logged in
7774b4d4a4SAndreas Gohr     *
7874b4d4a4SAndreas Gohr     * @param array $userdata
7974b4d4a4SAndreas Gohr     * @param bool $resettime Set a new session time? False only when restoring from session
8074b4d4a4SAndreas Gohr     * @return void
8174b4d4a4SAndreas Gohr     * @throws Exception
8274b4d4a4SAndreas Gohr     */
8374b4d4a4SAndreas Gohr    public function setUser($userdata, $resettime = true)
8474b4d4a4SAndreas Gohr    {
8574b4d4a4SAndreas Gohr        global $USERINFO;
8674b4d4a4SAndreas Gohr
8774b4d4a4SAndreas Gohr        if (
8874b4d4a4SAndreas Gohr            !isset($userdata['user']) or
8974b4d4a4SAndreas Gohr            !isset($userdata['name']) or
9074b4d4a4SAndreas Gohr            !isset($userdata['mail']) or
9174b4d4a4SAndreas Gohr            !isset($userdata['grps']) or
9274b4d4a4SAndreas Gohr            !is_array($userdata['grps'])
9374b4d4a4SAndreas Gohr        ) {
9474b4d4a4SAndreas Gohr            throw new Exception('Missing user data, cannot save to session');
9574b4d4a4SAndreas Gohr        }
9674b4d4a4SAndreas Gohr
9774b4d4a4SAndreas Gohr        $USERINFO = $userdata;
9874b4d4a4SAndreas Gohr        $_SERVER['REMOTE_USER'] = $userdata['user'];
9974b4d4a4SAndreas Gohr
10074b4d4a4SAndreas Gohr        $_SESSION[DOKU_COOKIE]['auth']['user'] = $userdata['user'];
10174b4d4a4SAndreas Gohr        $_SESSION[DOKU_COOKIE]['auth']['pass'] = $userdata['pass'];
10274b4d4a4SAndreas Gohr        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
10374b4d4a4SAndreas Gohr        $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
10474b4d4a4SAndreas Gohr        if ($resettime) {
10574b4d4a4SAndreas Gohr            $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
10674b4d4a4SAndreas Gohr        }
10774b4d4a4SAndreas Gohr    }
10874b4d4a4SAndreas Gohr
10974b4d4a4SAndreas Gohr    /**
11074b4d4a4SAndreas Gohr     * The user data currently saved in the session if any
11174b4d4a4SAndreas Gohr     *
11274b4d4a4SAndreas Gohr     * @return false|array
11374b4d4a4SAndreas Gohr     */
11474b4d4a4SAndreas Gohr    public function getUser()
11574b4d4a4SAndreas Gohr    {
11674b4d4a4SAndreas Gohr        if (isset($_SESSION[DOKU_COOKIE]['auth']['info'])) {
11774b4d4a4SAndreas Gohr            return $_SESSION[DOKU_COOKIE]['auth']['info'];
11874b4d4a4SAndreas Gohr        }
11974b4d4a4SAndreas Gohr        return false;
12074b4d4a4SAndreas Gohr    }
12174b4d4a4SAndreas Gohr
12274b4d4a4SAndreas Gohr    /**
12374b4d4a4SAndreas Gohr     * Set oAuth info to cookie
12474b4d4a4SAndreas Gohr     *
12574b4d4a4SAndreas Gohr     * We use the same cookie as standard DokuWiki, but write different info.
12674b4d4a4SAndreas Gohr     *
12774b4d4a4SAndreas Gohr     * @param string $servicename
12874b4d4a4SAndreas Gohr     * @param string $guid
12974b4d4a4SAndreas Gohr     * @return void
13074b4d4a4SAndreas Gohr     */
13174b4d4a4SAndreas Gohr    public function setCookie($servicename, $guid)
13274b4d4a4SAndreas Gohr    {
13374b4d4a4SAndreas Gohr        global $conf;
13474b4d4a4SAndreas Gohr        $validityPeriodInSeconds = 60 * 60 * 24 * 365;
13574b4d4a4SAndreas Gohr        $cookie = "$servicename|oauth|$guid";
13674b4d4a4SAndreas Gohr        $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
13774b4d4a4SAndreas Gohr        $time = time() + $validityPeriodInSeconds;
13874b4d4a4SAndreas Gohr        setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
13974b4d4a4SAndreas Gohr    }
14074b4d4a4SAndreas Gohr
14174b4d4a4SAndreas Gohr    /**
14274b4d4a4SAndreas Gohr     * Get oAuth info from cookie
14374b4d4a4SAndreas Gohr     *
14474b4d4a4SAndreas Gohr     * @return array|false Either [servicename=>?, guid=>?] or false if no oauth data in cookie
14574b4d4a4SAndreas Gohr     */
14674b4d4a4SAndreas Gohr    public function getCookie()
14774b4d4a4SAndreas Gohr    {
14874b4d4a4SAndreas Gohr        if (!isset($_COOKIE[DOKU_COOKIE])) return false;
14974b4d4a4SAndreas Gohr        list($servicename, $oauth, $guid) = explode('|', $_COOKIE[DOKU_COOKIE]);
15074b4d4a4SAndreas Gohr        if ($oauth !== 'oauth') return false;
15174b4d4a4SAndreas Gohr        return ['servicename' => $servicename, 'guid' => $guid];
15274b4d4a4SAndreas Gohr    }
15374b4d4a4SAndreas Gohr
15474b4d4a4SAndreas Gohr    /**
15574b4d4a4SAndreas Gohr     * Is any auth data in the session currently trustworthy?
15674b4d4a4SAndreas Gohr     * @return bool
15774b4d4a4SAndreas Gohr     */
15874b4d4a4SAndreas Gohr    public function isValid()
15974b4d4a4SAndreas Gohr    {
16074b4d4a4SAndreas Gohr        global $conf;
16174b4d4a4SAndreas Gohr
16274b4d4a4SAndreas Gohr        if (!isset($_SESSION[DOKU_COOKIE]['auth']['buid'])) return false;
16374b4d4a4SAndreas Gohr        if (!isset($_SESSION[DOKU_COOKIE]['auth']['time'])) return false;
16474b4d4a4SAndreas Gohr        if ($_SESSION[DOKU_COOKIE]['auth']['buid'] != auth_browseruid()) return false;
16574b4d4a4SAndreas Gohr        if ($_SESSION[DOKU_COOKIE]['auth']['time'] < time() - $conf['auth_security_timeout']) return false;
16674b4d4a4SAndreas Gohr
16774b4d4a4SAndreas Gohr        return true;
16874b4d4a4SAndreas Gohr    }
16974b4d4a4SAndreas Gohr
17074b4d4a4SAndreas Gohr    /**
17174b4d4a4SAndreas Gohr     * Clear the session from auth related data
17274b4d4a4SAndreas Gohr     * @return void
17374b4d4a4SAndreas Gohr     */
17474b4d4a4SAndreas Gohr    public function clear()
17574b4d4a4SAndreas Gohr    {
176e170f465SAndreas Gohr        //FIXME clear cookie?
17774b4d4a4SAndreas Gohr        $this->clearLoginData();
178e170f465SAndreas Gohr
17974b4d4a4SAndreas Gohr    }
18074b4d4a4SAndreas Gohr}
181