137d2401aSAnna Dabrowska<?php 237d2401aSAnna Dabrowska 31fad6988SAndreas Gohruse dokuwiki\Form\Form; 4e170f465SAndreas Gohruse dokuwiki\plugin\oauth\OAuthManager; 537d2401aSAnna Dabrowskause OAuth\Common\Http\Exception\TokenResponseException; 637d2401aSAnna Dabrowska 737d2401aSAnna Dabrowska/** 837d2401aSAnna Dabrowska * DokuWiki Plugin oauth (Action Component) 937d2401aSAnna Dabrowska * 1074b4d4a4SAndreas Gohr * This adds buttons to the login page and initializes the oAuth flow by redirecting the user 1174b4d4a4SAndreas Gohr * to the third party service 1274b4d4a4SAndreas Gohr * 1337d2401aSAnna Dabrowska * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 1437d2401aSAnna Dabrowska * @author Andreas Gohr <andi@splitbrain.org> 1537d2401aSAnna Dabrowska */ 1637d2401aSAnna Dabrowskaclass action_plugin_oauth_login extends DokuWiki_Action_Plugin 1737d2401aSAnna Dabrowska{ 1837d2401aSAnna Dabrowska /** @var helper_plugin_oauth */ 1937d2401aSAnna Dabrowska protected $hlp; 2037d2401aSAnna Dabrowska 2137d2401aSAnna Dabrowska /** 2237d2401aSAnna Dabrowska * Constructor 2337d2401aSAnna Dabrowska * 2437d2401aSAnna Dabrowska * Initializes the helper 2537d2401aSAnna Dabrowska */ 2637d2401aSAnna Dabrowska public function __construct() 2737d2401aSAnna Dabrowska { 2837d2401aSAnna Dabrowska $this->hlp = plugin_load('helper', 'oauth'); 2937d2401aSAnna Dabrowska } 3037d2401aSAnna Dabrowska 3137d2401aSAnna Dabrowska /** 3237d2401aSAnna Dabrowska * Registers a callback function for a given event 3337d2401aSAnna Dabrowska * 3437d2401aSAnna Dabrowska * @param Doku_Event_Handler $controller DokuWiki's event controller object 3537d2401aSAnna Dabrowska * @return void 3637d2401aSAnna Dabrowska */ 3737d2401aSAnna Dabrowska public function register(Doku_Event_Handler $controller) 3837d2401aSAnna Dabrowska { 3937d2401aSAnna Dabrowska global $conf; 4037d2401aSAnna Dabrowska if ($conf['authtype'] != 'oauth') return; 4137d2401aSAnna Dabrowska 4237d2401aSAnna Dabrowska $conf['profileconfirm'] = false; // password confirmation doesn't work with oauth only users 4337d2401aSAnna Dabrowska 4437d2401aSAnna Dabrowska $controller->register_hook('DOKUWIKI_STARTED', 'BEFORE', $this, 'handleStart'); 451fad6988SAndreas Gohr $controller->register_hook('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handleOldLoginForm'); // @deprecated 461fad6988SAndreas Gohr $controller->register_hook('FORM_LOGIN_OUTPUT', 'BEFORE', $this, 'handleLoginForm'); 4737d2401aSAnna Dabrowska $controller->register_hook('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handleDoLogin'); 48*542bb44dSAndreas Gohr $controller->register_hook('ACTION_DENIED_TPLCONTENT', 'BEFORE', $this, 'handleDeniedForm'); 4937d2401aSAnna Dabrowska } 5037d2401aSAnna Dabrowska 5137d2401aSAnna Dabrowska /** 5237d2401aSAnna Dabrowska * Start an oAuth login or restore environment after successful login 5337d2401aSAnna Dabrowska * 5437d2401aSAnna Dabrowska * @param Doku_Event $event 5537d2401aSAnna Dabrowska * @return void 5637d2401aSAnna Dabrowska */ 5737d2401aSAnna Dabrowska public function handleStart(Doku_Event $event) 5837d2401aSAnna Dabrowska { 5937d2401aSAnna Dabrowska global $INPUT; 6037d2401aSAnna Dabrowska 6137d2401aSAnna Dabrowska // see if a login needs to be started 6237d2401aSAnna Dabrowska $servicename = $INPUT->str('oauthlogin'); 636d9a8a49SAndreas Gohr if (!$servicename) return; 646d9a8a49SAndreas Gohr 656d9a8a49SAndreas Gohr try { 66e170f465SAndreas Gohr $om = new OAuthManager(); 676d9a8a49SAndreas Gohr $om->startFlow($servicename); 686d9a8a49SAndreas Gohr } catch (TokenResponseException|Exception $e) { 696d9a8a49SAndreas Gohr $this->hlp->showException($e, 'login failed'); 706d9a8a49SAndreas Gohr } 7137d2401aSAnna Dabrowska } 7237d2401aSAnna Dabrowska 7337d2401aSAnna Dabrowska /** 74d9be1cb5SAnna Dabrowska * Add the oAuth login links to login form 7537d2401aSAnna Dabrowska * 7637d2401aSAnna Dabrowska * @param Doku_Event $event event object by reference 7737d2401aSAnna Dabrowska * @return void 7874b4d4a4SAndreas Gohr * @deprecated can be removed in the future 7937d2401aSAnna Dabrowska */ 801fad6988SAndreas Gohr public function handleOldLoginForm(Doku_Event $event) 8137d2401aSAnna Dabrowska { 8237d2401aSAnna Dabrowska /** @var Doku_Form $form */ 8337d2401aSAnna Dabrowska $form = $event->data; 841fad6988SAndreas Gohr $html = $this->prepareLoginButtons(); 851fad6988SAndreas Gohr if (!$html) return; 861fad6988SAndreas Gohr 8745fc651dSAnna Dabrowska // remove login form if single service is set 8845fc651dSAnna Dabrowska $singleService = $this->getConf('singleService'); 8945fc651dSAnna Dabrowska if ($singleService) { 9045fc651dSAnna Dabrowska $form->_content = []; 9145fc651dSAnna Dabrowska } 9245fc651dSAnna Dabrowska 931fad6988SAndreas Gohr $form->_content[] = form_openfieldset( 941fad6988SAndreas Gohr [ 951fad6988SAndreas Gohr '_legend' => $this->getLang('loginwith'), 961fad6988SAndreas Gohr 'class' => 'plugin_oauth', 971fad6988SAndreas Gohr ] 981fad6988SAndreas Gohr ); 991fad6988SAndreas Gohr $form->_content[] = $html; 1001fad6988SAndreas Gohr $form->_content[] = form_closefieldset(); 1011fad6988SAndreas Gohr } 1021fad6988SAndreas Gohr 1031fad6988SAndreas Gohr /** 1041fad6988SAndreas Gohr * Add the oAuth login links to login form 1051fad6988SAndreas Gohr * 1061fad6988SAndreas Gohr * @param Doku_Event $event event object by reference 1071fad6988SAndreas Gohr * @return void 10874b4d4a4SAndreas Gohr * @deprecated can be removed in the future 1091fad6988SAndreas Gohr */ 1101fad6988SAndreas Gohr public function handleLoginForm(Doku_Event $event) 1111fad6988SAndreas Gohr { 1121fad6988SAndreas Gohr /** @var Form $form */ 1131fad6988SAndreas Gohr $form = $event->data; 1141fad6988SAndreas Gohr $html = $this->prepareLoginButtons(); 1151fad6988SAndreas Gohr if (!$html) return; 1161fad6988SAndreas Gohr 11745fc651dSAnna Dabrowska // remove login form if single service is set 11845fc651dSAnna Dabrowska $singleService = $this->getConf('singleService'); 11945fc651dSAnna Dabrowska if ($singleService) { 12045fc651dSAnna Dabrowska do { 12145fc651dSAnna Dabrowska $form->removeElement(0); 12245fc651dSAnna Dabrowska } while ($form->elementCount() > 0); 12345fc651dSAnna Dabrowska } 12445fc651dSAnna Dabrowska 1251fad6988SAndreas Gohr $form->addFieldsetOpen($this->getLang('loginwith'))->addClass('plugin_oauth'); 1261fad6988SAndreas Gohr $form->addHTML($html); 1271fad6988SAndreas Gohr $form->addFieldsetClose(); 1281fad6988SAndreas Gohr } 1291fad6988SAndreas Gohr 1301fad6988SAndreas Gohr /** 1311fad6988SAndreas Gohr * Create HTML for the various login buttons 1321fad6988SAndreas Gohr * 1331fad6988SAndreas Gohr * @return string the HTML 1341fad6988SAndreas Gohr */ 13574b4d4a4SAndreas Gohr protected function prepareLoginButtons() 13674b4d4a4SAndreas Gohr { 13737d2401aSAnna Dabrowska $html = ''; 13837d2401aSAnna Dabrowska 13937d2401aSAnna Dabrowska $validDomains = $this->hlp->getValidDomains(); 14037d2401aSAnna Dabrowska 14137d2401aSAnna Dabrowska if (count($validDomains) > 0) { 1426f3a59e8SAndreas Gohr $html .= '<p class="plugin-oauth-emailrestriction">' . sprintf( 1436f3a59e8SAndreas Gohr $this->getLang('eMailRestricted'), 1446f3a59e8SAndreas Gohr '<b>' . join(', ', $validDomains) . '</b>' 1456f3a59e8SAndreas Gohr ) . '</p>'; 14637d2401aSAnna Dabrowska } 14737d2401aSAnna Dabrowska 148ef19de6cSAndreas Gohr $html .= '<div>'; 14937d2401aSAnna Dabrowska foreach ($this->hlp->listServices() as $service) { 15037d2401aSAnna Dabrowska $html .= $service->loginButton(); 15137d2401aSAnna Dabrowska } 152ef19de6cSAndreas Gohr $html .= '</div>'; 15337d2401aSAnna Dabrowska 1541fad6988SAndreas Gohr return $html; 15537d2401aSAnna Dabrowska } 15637d2401aSAnna Dabrowska 15737d2401aSAnna Dabrowska /** 15837d2401aSAnna Dabrowska * When singleservice is wanted, do not show login, but execute login right away 15937d2401aSAnna Dabrowska * 16037d2401aSAnna Dabrowska * @param Doku_Event $event 16137d2401aSAnna Dabrowska * @return bool 16237d2401aSAnna Dabrowska */ 16337d2401aSAnna Dabrowska public function handleDoLogin(Doku_Event $event) 16437d2401aSAnna Dabrowska { 16537d2401aSAnna Dabrowska global $ID; 166caf913c3SAndreas Gohr global $INPUT; 16737d2401aSAnna Dabrowska 168caf913c3SAndreas Gohr if ($event->data != 'login' && $event->data != 'denied') return true; 16937d2401aSAnna Dabrowska 17037d2401aSAnna Dabrowska $singleService = $this->getConf('singleService'); 17137d2401aSAnna Dabrowska if (!$singleService) return true; 17237d2401aSAnna Dabrowska 173caf913c3SAndreas Gohr if ($INPUT->server->str('REMOTE_USER') !== '') { 174caf913c3SAndreas Gohr // already logged in 175caf913c3SAndreas Gohr return true; 176caf913c3SAndreas Gohr } 177caf913c3SAndreas Gohr 17837d2401aSAnna Dabrowska $enabledServices = $this->hlp->listServices(); 17937d2401aSAnna Dabrowska if (count($enabledServices) !== 1) { 18037d2401aSAnna Dabrowska msg($this->getLang('wrongConfig'), -1); 18137d2401aSAnna Dabrowska return false; 18237d2401aSAnna Dabrowska } 18337d2401aSAnna Dabrowska 18437d2401aSAnna Dabrowska $service = array_shift($enabledServices); 18537d2401aSAnna Dabrowska 18637d2401aSAnna Dabrowska $url = wl($ID, ['oauthlogin' => $service->getServiceID()], true, '&'); 18737d2401aSAnna Dabrowska send_redirect($url); 18837d2401aSAnna Dabrowska return true; // never reached 18937d2401aSAnna Dabrowska } 19037d2401aSAnna Dabrowska 191*542bb44dSAndreas Gohr /** 192*542bb44dSAndreas Gohr * Do not show a login form on restricted pages when SingleService is enabled 193*542bb44dSAndreas Gohr * 194*542bb44dSAndreas Gohr * This can happen when the user is already logged in, but still doesn't have enough permissions 195*542bb44dSAndreas Gohr * 196*542bb44dSAndreas Gohr * @param Doku_Event $event 197*542bb44dSAndreas Gohr * @return void 198*542bb44dSAndreas Gohr */ 199*542bb44dSAndreas Gohr public function handleDeniedForm(Doku_Event $event) 200*542bb44dSAndreas Gohr { 201*542bb44dSAndreas Gohr if ($this->getConf('singleService')) { 202*542bb44dSAndreas Gohr $event->preventDefault(); 203*542bb44dSAndreas Gohr $event->stopPropagation(); 204*542bb44dSAndreas Gohr } 205*542bb44dSAndreas Gohr } 20637d2401aSAnna Dabrowska} 207