174b4d4a4SAndreas Gohr<?php 274b4d4a4SAndreas Gohr 374b4d4a4SAndreas Gohrnamespace dokuwiki\plugin\oauth; 474b4d4a4SAndreas Gohr 574b4d4a4SAndreas Gohr/** 674b4d4a4SAndreas Gohr * Singleton to manage all oAuth related session and cookie data 774b4d4a4SAndreas Gohr */ 874b4d4a4SAndreas Gohrclass Session 974b4d4a4SAndreas Gohr{ 1074b4d4a4SAndreas Gohr /** @var Session */ 1174b4d4a4SAndreas Gohr protected static $instance = null; 1274b4d4a4SAndreas Gohr 1374b4d4a4SAndreas Gohr /** 1474b4d4a4SAndreas Gohr * hidden constructor 1574b4d4a4SAndreas Gohr */ 1674b4d4a4SAndreas Gohr protected function __construct() 1774b4d4a4SAndreas Gohr { 1874b4d4a4SAndreas Gohr } 1974b4d4a4SAndreas Gohr 2074b4d4a4SAndreas Gohr /** 2174b4d4a4SAndreas Gohr * Get Singleton Instance 2274b4d4a4SAndreas Gohr * 2374b4d4a4SAndreas Gohr * @return Session 2474b4d4a4SAndreas Gohr */ 2574b4d4a4SAndreas Gohr public static function getInstance() 2674b4d4a4SAndreas Gohr { 2774b4d4a4SAndreas Gohr if (self::$instance === null) { 2874b4d4a4SAndreas Gohr self::$instance = new Session(); 2974b4d4a4SAndreas Gohr } 3074b4d4a4SAndreas Gohr return self::$instance; 3174b4d4a4SAndreas Gohr } 3274b4d4a4SAndreas Gohr 3374b4d4a4SAndreas Gohr /** 3474b4d4a4SAndreas Gohr * Set a service and guid for a login in progress 3574b4d4a4SAndreas Gohr * 3674b4d4a4SAndreas Gohr * @param string $servicename 3774b4d4a4SAndreas Gohr * @param string $guid 3874b4d4a4SAndreas Gohr * @return void 3974b4d4a4SAndreas Gohr */ 4074b4d4a4SAndreas Gohr public function setLoginData($servicename, $guid) 4174b4d4a4SAndreas Gohr { 4274b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['oauth']['service'] = $servicename; 4374b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['oauth']['guid'] = $guid; 4474b4d4a4SAndreas Gohr } 4574b4d4a4SAndreas Gohr 4674b4d4a4SAndreas Gohr /** 4774b4d4a4SAndreas Gohr * Get currently used login service 4874b4d4a4SAndreas Gohr * 4974b4d4a4SAndreas Gohr * @return false|array Either [servicename=>*,guid=>*] or false 5074b4d4a4SAndreas Gohr */ 5174b4d4a4SAndreas Gohr public function getLoginData() 5274b4d4a4SAndreas Gohr { 5374b4d4a4SAndreas Gohr if ( 5474b4d4a4SAndreas Gohr isset($_SESSION[DOKU_COOKIE]['auth']['oauth']['service']) and 5574b4d4a4SAndreas Gohr isset($_SESSION[DOKU_COOKIE]['auth']['oauth']['guid']) 5674b4d4a4SAndreas Gohr 5774b4d4a4SAndreas Gohr ) { 5874b4d4a4SAndreas Gohr return [ 5974b4d4a4SAndreas Gohr 'servicename' => $_SESSION[DOKU_COOKIE]['auth']['oauth']['service'], 6074b4d4a4SAndreas Gohr 'guid' => $_SESSION[DOKU_COOKIE]['auth']['oauth']['guid'], 6174b4d4a4SAndreas Gohr ]; 6274b4d4a4SAndreas Gohr } 6374b4d4a4SAndreas Gohr return false; 6474b4d4a4SAndreas Gohr } 6574b4d4a4SAndreas Gohr 6674b4d4a4SAndreas Gohr /** 6774b4d4a4SAndreas Gohr * Remove login service from session 6874b4d4a4SAndreas Gohr * @return void 6974b4d4a4SAndreas Gohr */ 7074b4d4a4SAndreas Gohr public function clearLoginData() 7174b4d4a4SAndreas Gohr { 7274b4d4a4SAndreas Gohr if (isset($_SESSION[DOKU_COOKIE]['auth']['oauth']['service'])) { 7374b4d4a4SAndreas Gohr unset($_SESSION[DOKU_COOKIE]['auth']['oauth']['service']); 7474b4d4a4SAndreas Gohr } 7574b4d4a4SAndreas Gohr if (isset($_SESSION[DOKU_COOKIE]['auth']['oauth']['guid'])) { 7674b4d4a4SAndreas Gohr unset($_SESSION[DOKU_COOKIE]['auth']['oauth']['guid']); 7774b4d4a4SAndreas Gohr } 7874b4d4a4SAndreas Gohr } 7974b4d4a4SAndreas Gohr 8074b4d4a4SAndreas Gohr /** 8174b4d4a4SAndreas Gohr * This basically duplicates what DokuWiki does when a user is logged in 8274b4d4a4SAndreas Gohr * 8374b4d4a4SAndreas Gohr * @param array $userdata 8474b4d4a4SAndreas Gohr * @param bool $resettime Set a new session time? False only when restoring from session 8574b4d4a4SAndreas Gohr * @return void 8674b4d4a4SAndreas Gohr * @throws Exception 8774b4d4a4SAndreas Gohr */ 8874b4d4a4SAndreas Gohr public function setUser($userdata, $resettime = true) 8974b4d4a4SAndreas Gohr { 9074b4d4a4SAndreas Gohr global $USERINFO; 9174b4d4a4SAndreas Gohr 9274b4d4a4SAndreas Gohr if ( 9374b4d4a4SAndreas Gohr !isset($userdata['user']) or 9474b4d4a4SAndreas Gohr !isset($userdata['name']) or 9574b4d4a4SAndreas Gohr !isset($userdata['mail']) or 9674b4d4a4SAndreas Gohr !isset($userdata['grps']) or 9774b4d4a4SAndreas Gohr !is_array($userdata['grps']) 9874b4d4a4SAndreas Gohr ) { 9974b4d4a4SAndreas Gohr throw new Exception('Missing user data, cannot save to session'); 10074b4d4a4SAndreas Gohr } 10174b4d4a4SAndreas Gohr 10274b4d4a4SAndreas Gohr $USERINFO = $userdata; 10374b4d4a4SAndreas Gohr $_SERVER['REMOTE_USER'] = $userdata['user']; 10474b4d4a4SAndreas Gohr 10574b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['user'] = $userdata['user']; 10674b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['pass'] = $userdata['pass']; 10774b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 10874b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); 10974b4d4a4SAndreas Gohr if ($resettime) { 11074b4d4a4SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); 11174b4d4a4SAndreas Gohr } 11274b4d4a4SAndreas Gohr } 11374b4d4a4SAndreas Gohr 11474b4d4a4SAndreas Gohr /** 11574b4d4a4SAndreas Gohr * The user data currently saved in the session if any 11674b4d4a4SAndreas Gohr * 11774b4d4a4SAndreas Gohr * @return false|array 11874b4d4a4SAndreas Gohr */ 11974b4d4a4SAndreas Gohr public function getUser() 12074b4d4a4SAndreas Gohr { 12174b4d4a4SAndreas Gohr if (isset($_SESSION[DOKU_COOKIE]['auth']['info'])) { 12274b4d4a4SAndreas Gohr return $_SESSION[DOKU_COOKIE]['auth']['info']; 12374b4d4a4SAndreas Gohr } 12474b4d4a4SAndreas Gohr return false; 12574b4d4a4SAndreas Gohr } 12674b4d4a4SAndreas Gohr 12774b4d4a4SAndreas Gohr /** 12874b4d4a4SAndreas Gohr * Set oAuth info to cookie 12974b4d4a4SAndreas Gohr * 13074b4d4a4SAndreas Gohr * We use the same cookie as standard DokuWiki, but write different info. 13174b4d4a4SAndreas Gohr * 13274b4d4a4SAndreas Gohr * @param string $servicename 13374b4d4a4SAndreas Gohr * @param string $guid 13474b4d4a4SAndreas Gohr * @return void 13574b4d4a4SAndreas Gohr */ 13674b4d4a4SAndreas Gohr public function setCookie($servicename, $guid) 13774b4d4a4SAndreas Gohr { 13874b4d4a4SAndreas Gohr global $conf; 13974b4d4a4SAndreas Gohr $validityPeriodInSeconds = 60 * 60 * 24 * 365; 14074b4d4a4SAndreas Gohr $cookie = "$servicename|oauth|$guid"; 14174b4d4a4SAndreas Gohr $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; 14274b4d4a4SAndreas Gohr $time = time() + $validityPeriodInSeconds; 14374b4d4a4SAndreas Gohr setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); 14474b4d4a4SAndreas Gohr } 14574b4d4a4SAndreas Gohr 14674b4d4a4SAndreas Gohr /** 14774b4d4a4SAndreas Gohr * Get oAuth info from cookie 14874b4d4a4SAndreas Gohr * 14974b4d4a4SAndreas Gohr * @return array|false Either [servicename=>?, guid=>?] or false if no oauth data in cookie 15074b4d4a4SAndreas Gohr */ 15174b4d4a4SAndreas Gohr public function getCookie() 15274b4d4a4SAndreas Gohr { 15374b4d4a4SAndreas Gohr if (!isset($_COOKIE[DOKU_COOKIE])) return false; 15474b4d4a4SAndreas Gohr list($servicename, $oauth, $guid) = explode('|', $_COOKIE[DOKU_COOKIE]); 15574b4d4a4SAndreas Gohr if ($oauth !== 'oauth') return false; 15674b4d4a4SAndreas Gohr return ['servicename' => $servicename, 'guid' => $guid]; 15774b4d4a4SAndreas Gohr } 15874b4d4a4SAndreas Gohr 15974b4d4a4SAndreas Gohr /** 16074b4d4a4SAndreas Gohr * Is any auth data in the session currently trustworthy? 16174b4d4a4SAndreas Gohr * @return bool 16274b4d4a4SAndreas Gohr */ 16374b4d4a4SAndreas Gohr public function isValid() 16474b4d4a4SAndreas Gohr { 16574b4d4a4SAndreas Gohr global $conf; 16674b4d4a4SAndreas Gohr 16774b4d4a4SAndreas Gohr if (!isset($_SESSION[DOKU_COOKIE]['auth']['buid'])) return false; 16874b4d4a4SAndreas Gohr if (!isset($_SESSION[DOKU_COOKIE]['auth']['time'])) return false; 16974b4d4a4SAndreas Gohr if ($_SESSION[DOKU_COOKIE]['auth']['buid'] != auth_browseruid()) return false; 17074b4d4a4SAndreas Gohr if ($_SESSION[DOKU_COOKIE]['auth']['time'] < time() - $conf['auth_security_timeout']) return false; 17174b4d4a4SAndreas Gohr 17274b4d4a4SAndreas Gohr return true; 17374b4d4a4SAndreas Gohr } 17474b4d4a4SAndreas Gohr 17574b4d4a4SAndreas Gohr /** 17674b4d4a4SAndreas Gohr * Clear the session from auth related data 17774b4d4a4SAndreas Gohr * @return void 17874b4d4a4SAndreas Gohr */ 17974b4d4a4SAndreas Gohr public function clear() 18074b4d4a4SAndreas Gohr { 181*e170f465SAndreas Gohr //FIXME clear cookie? 18274b4d4a4SAndreas Gohr $this->clearLoginData(); 183*e170f465SAndreas Gohr 18474b4d4a4SAndreas Gohr } 18574b4d4a4SAndreas Gohr} 186