180852c15SAndreas Gohr<?php 280852c15SAndreas Gohr/** 380852c15SAndreas Gohr * DokuWiki Plugin oauth (Auth Component) 480852c15SAndreas Gohr * 580852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 680852c15SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 780852c15SAndreas Gohr */ 880852c15SAndreas Gohr 980852c15SAndreas Gohr// must be run within Dokuwiki 1080852c15SAndreas Gohrif(!defined('DOKU_INC')) die(); 1180852c15SAndreas Gohr 12f10e09e2SAndreas Gohrclass auth_plugin_oauth extends auth_plugin_authplain { 1380852c15SAndreas Gohr 1480852c15SAndreas Gohr public function __construct() { 15f10e09e2SAndreas Gohr parent::__construct(); 1680852c15SAndreas Gohr 1780852c15SAndreas Gohr 18f10e09e2SAndreas Gohr $this->cando['external'] = true; 1980852c15SAndreas Gohr } 2080852c15SAndreas Gohr 2180852c15SAndreas Gohr 22f10e09e2SAndreas Gohr function trustExternal($user, $pass, $sticky = false) { 23a7a8f46aSAndreas Gohr global $INPUT; 24a7a8f46aSAndreas Gohr global $conf; 25a7a8f46aSAndreas Gohr global $USERINFO; 2680852c15SAndreas Gohr 27a7a8f46aSAndreas Gohr $servicename = $INPUT->str('oa'); 2880852c15SAndreas Gohr 29a7a8f46aSAndreas Gohr // check session for existing oAuth login data 30a7a8f46aSAndreas Gohr $session = $_SESSION[DOKU_COOKIE]['auth']; 31a7a8f46aSAndreas Gohr if(!$servicename && isset($session['oauth'])) { 32a7a8f46aSAndreas Gohr $servicename = $session['oauth']; 33a7a8f46aSAndreas Gohr // check if session data is still considered valid 34a7a8f46aSAndreas Gohr if( ($session['time'] >= time() - $conf['auth_security_timeout']) && 35a7a8f46aSAndreas Gohr ($session['buid'] == auth_browseruid())) { 3680852c15SAndreas Gohr 37a7a8f46aSAndreas Gohr $_SERVER['REMOTE_USER'] = $session['user']; 38a7a8f46aSAndreas Gohr $USERINFO = $session['info']; 3980852c15SAndreas Gohr return true; 40f10e09e2SAndreas Gohr } 4180852c15SAndreas Gohr } 4280852c15SAndreas Gohr 43a7a8f46aSAndreas Gohr // either we're in oauth login or a previous log needs to be rechecked 44a7a8f46aSAndreas Gohr if($servicename) { 45a7a8f46aSAndreas Gohr /** @var helper_plugin_oauth $hlp */ 46a7a8f46aSAndreas Gohr $hlp = plugin_load('helper', 'oauth'); 47a7a8f46aSAndreas Gohr $service = $hlp->loadService($servicename); 48a7a8f46aSAndreas Gohr if(is_null($service)) return false; 49a7a8f46aSAndreas Gohr 50a7a8f46aSAndreas Gohr // get the token 51a7a8f46aSAndreas Gohr if($service->checkToken()) { 52a7a8f46aSAndreas Gohr $uinfo = $service->getUser(); 53a7a8f46aSAndreas Gohr $this->setUserSession($uinfo, $servicename); 54*38378fbbSAndreas Gohr 55*38378fbbSAndreas Gohr 56*38378fbbSAndreas Gohr 57*38378fbbSAndreas Gohr 58a7a8f46aSAndreas Gohr return true; 59a7a8f46aSAndreas Gohr } 60a7a8f46aSAndreas Gohr 61a7a8f46aSAndreas Gohr return false; // something went wrong during oAuth login 6280852c15SAndreas Gohr } 6380852c15SAndreas Gohr 6480852c15SAndreas Gohr 65a7a8f46aSAndreas Gohr // do the "normal" plain auth login via form 66a7a8f46aSAndreas Gohr return auth_login($user, $pass, $sticky); 67a7a8f46aSAndreas Gohr } 6880852c15SAndreas Gohr 69a7a8f46aSAndreas Gohr /** 70a7a8f46aSAndreas Gohr * @param array $data 71a7a8f46aSAndreas Gohr * @param string $service 72a7a8f46aSAndreas Gohr */ 73a7a8f46aSAndreas Gohr protected function setUserSession($data, $service) { 74a7a8f46aSAndreas Gohr global $USERINFO; 75a7a8f46aSAndreas Gohr global $conf; 76a7a8f46aSAndreas Gohr 77a7a8f46aSAndreas Gohr // set up groups 78a7a8f46aSAndreas Gohr if(!is_array($data['grps'])) { 79a7a8f46aSAndreas Gohr $data['grps'] = array(); 80a7a8f46aSAndreas Gohr } 81a7a8f46aSAndreas Gohr $data['grps'][] = $conf['defaultgroup']; 82a7a8f46aSAndreas Gohr $data['grps'][] = $this->cleanGroup($service); 8380852c15SAndreas Gohr 84f10e09e2SAndreas Gohr $USERINFO = $data; 85f10e09e2SAndreas Gohr $_SERVER['REMOTE_USER'] = $data['user']; 86f10e09e2SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['user'] = $data['user']; 87f10e09e2SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['pass'] = $data['pass']; 88f10e09e2SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 89a7a8f46aSAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); 90a7a8f46aSAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); 91a7a8f46aSAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['oauth'] = $service; 9280852c15SAndreas Gohr } 9380852c15SAndreas Gohr 94*38378fbbSAndreas Gohr protected function getUserByEmail($mail) { 95*38378fbbSAndreas Gohr $mail = strtolower($mail); 96*38378fbbSAndreas Gohr } 97*38378fbbSAndreas Gohr 98*38378fbbSAndreas Gohr public function createUser($user, $pwd, $name, $mail, $grps = null) { 99*38378fbbSAndreas Gohr $mail = strtolower($mail); 100*38378fbbSAndreas Gohr 101*38378fbbSAndreas Gohr //FIXME check for duplicate mail 102*38378fbbSAndreas Gohr return parent::createUser($user, $pwd, $name, $mail, $grps); 103*38378fbbSAndreas Gohr } 104*38378fbbSAndreas Gohr 105*38378fbbSAndreas Gohr public function modifyUser($user, $changes) { 106*38378fbbSAndreas Gohr $mail = strtolower($mail); 107*38378fbbSAndreas Gohr 108*38378fbbSAndreas Gohr //FIXME check for duplicate mail 109*38378fbbSAndreas Gohr return parent::modifyUser($user, $changes); 110*38378fbbSAndreas Gohr } 111*38378fbbSAndreas Gohr 11280852c15SAndreas Gohr} 11380852c15SAndreas Gohr 11480852c15SAndreas Gohr// vim:ts=4:sw=4:et: