xref: /plugin/oauth/auth.php (revision 568565b9c13906b0ff5271c86f062599a97c74d5) 
180852c15SAndreas Gohr<?php
23e7ac5b1SAndreas Gohr
3e170f465SAndreas Gohruse dokuwiki\plugin\oauth\OAuthManager;
4e170f465SAndreas Gohruse dokuwiki\plugin\oauth\Session;
5e170f465SAndreas Gohruse dokuwiki\Subscriptions\RegistrationSubscriptionSender;
6e170f465SAndreas Gohruse OAuth\Common\Exception\Exception as OAuthException;
7e170f465SAndreas Gohr
880852c15SAndreas Gohr/**
980852c15SAndreas Gohr * DokuWiki Plugin oauth (Auth Component)
1080852c15SAndreas Gohr *
1180852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
1280852c15SAndreas Gohr * @author  Andreas Gohr <andi@splitbrain.org>
1380852c15SAndreas Gohr */
143e7ac5b1SAndreas Gohrclass auth_plugin_oauth extends auth_plugin_authplain
153e7ac5b1SAndreas Gohr{
16e170f465SAndreas Gohr    /** @var helper_plugin_oauth */
17e170f465SAndreas Gohr    protected $hlp;
18e170f465SAndreas Gohr
19a1fa007aSNaoto Kobayashi    /** @var OAuthManager */
20a1fa007aSNaoto Kobayashi    protected $om;
21a1fa007aSNaoto Kobayashi
22e170f465SAndreas Gohr    // region standard auth methods
2380852c15SAndreas Gohr
243e7ac5b1SAndreas Gohr    /** @inheritDoc */
253e7ac5b1SAndreas Gohr    public function __construct()
263e7ac5b1SAndreas Gohr    {
27f10e09e2SAndreas Gohr        parent::__construct();
28f10e09e2SAndreas Gohr        $this->cando['external'] = true;
29e170f465SAndreas Gohr        $this->hlp = $this->loadHelper('oauth');
3080852c15SAndreas Gohr    }
3180852c15SAndreas Gohr
323e7ac5b1SAndreas Gohr    /** @inheritDoc */
33311a6606SAnna Dabrowska    public function trustExternal($user, $pass, $sticky = false)
343e7ac5b1SAndreas Gohr    {
35a02a5d81SAnna Dabrowska        global $INPUT;
36438dcc52SMichael Grosse
378523e9d0SAndreas Gohr        // handle redirects from farmer to animal wiki instances
388523e9d0SAndreas Gohr        if ($INPUT->has('state') && plugin_load('helper', 'farmer')) {
39d9be1cb5SAnna Dabrowska            $this->handleFarmState($INPUT->str('state'));
40438dcc52SMichael Grosse        }
4180852c15SAndreas Gohr
4274b4d4a4SAndreas Gohr        try {
4374b4d4a4SAndreas Gohr            // either oauth or "normal" plain auth login via form
44a1fa007aSNaoto Kobayashi            $this->om = new OAuthManager();
45*568565b9SAndreas Gohr            if ($this->om->continueFlow()) return true;
46*568565b9SAndreas Gohr            return null; // triggers the normal auth_login()
47e170f465SAndreas Gohr        } catch (OAuthException $e) {
48e170f465SAndreas Gohr            $this->hlp->showException($e);
4928002081SAndreas Gohr            auth_logoff(); // clears all session and cookie data
5074b4d4a4SAndreas Gohr            return false;
51a7a8f46aSAndreas Gohr        }
52a7a8f46aSAndreas Gohr    }
5380852c15SAndreas Gohr
54f2e164b0SMichael Große    /**
55311a6606SAnna Dabrowska     * Enhance function to check against duplicate emails
56311a6606SAnna Dabrowska     *
57e170f465SAndreas Gohr     * @inheritdoc
58311a6606SAnna Dabrowska     */
59311a6606SAnna Dabrowska    public function createUser($user, $pwd, $name, $mail, $grps = null)
60311a6606SAnna Dabrowska    {
61311a6606SAnna Dabrowska        if ($this->getUserByEmail($mail)) {
62311a6606SAnna Dabrowska            msg($this->getLang('emailduplicate'), -1);
63311a6606SAnna Dabrowska            return false;
64311a6606SAnna Dabrowska        }
65311a6606SAnna Dabrowska
66311a6606SAnna Dabrowska        return parent::createUser($user, $pwd, $name, $mail, $grps);
67311a6606SAnna Dabrowska    }
68311a6606SAnna Dabrowska
69311a6606SAnna Dabrowska    /**
70311a6606SAnna Dabrowska     * Enhance function to check against duplicate emails
71311a6606SAnna Dabrowska     *
72e170f465SAndreas Gohr     * @inheritdoc
73311a6606SAnna Dabrowska     */
74311a6606SAnna Dabrowska    public function modifyUser($user, $changes)
75311a6606SAnna Dabrowska    {
76311a6606SAnna Dabrowska        global $conf;
77311a6606SAnna Dabrowska
78311a6606SAnna Dabrowska        if (isset($changes['mail'])) {
79311a6606SAnna Dabrowska            $found = $this->getUserByEmail($changes['mail']);
80311a6606SAnna Dabrowska            if ($found && $found != $user) {
81311a6606SAnna Dabrowska                msg($this->getLang('emailduplicate'), -1);
82311a6606SAnna Dabrowska                return false;
83311a6606SAnna Dabrowska            }
84311a6606SAnna Dabrowska        }
85311a6606SAnna Dabrowska
86311a6606SAnna Dabrowska        $ok = parent::modifyUser($user, $changes);
87311a6606SAnna Dabrowska
88311a6606SAnna Dabrowska        // refresh session cache
89311a6606SAnna Dabrowska        touch($conf['cachedir'] . '/sessionpurge');
90311a6606SAnna Dabrowska        return $ok;
91311a6606SAnna Dabrowska    }
92311a6606SAnna Dabrowska
93311a6606SAnna Dabrowska    /**
94311a6606SAnna Dabrowska     * Unset additional stuff in session on logout
95311a6606SAnna Dabrowska     */
96311a6606SAnna Dabrowska    public function logOff()
97311a6606SAnna Dabrowska    {
98311a6606SAnna Dabrowska        parent::logOff();
99a1fa007aSNaoto Kobayashi        if (isset($this->om)) {
100a1fa007aSNaoto Kobayashi            $this->om->logout();
101a1fa007aSNaoto Kobayashi        }
102e170f465SAndreas Gohr        (Session::getInstance())->clear();
103311a6606SAnna Dabrowska    }
104311a6606SAnna Dabrowska
105e170f465SAndreas Gohr    // endregion
106e170f465SAndreas Gohr
107311a6606SAnna Dabrowska    /**
108e170f465SAndreas Gohr     * Register a new user logged in by oauth
109f2e164b0SMichael Große     *
110e170f465SAndreas Gohr     * It ensures the username is unique, by adding a number if needed.
111e170f465SAndreas Gohr     * Default and service name groups are set here.
112e170f465SAndreas Gohr     * Registration notifications are triggered.
113a02a5d81SAnna Dabrowska     *
114e170f465SAndreas Gohr     * @param array $userinfo This will be updated with the new username
115b2b9fbc7SMichael Große     * @param string $servicename
116b2b9fbc7SMichael Große     *
117b2b9fbc7SMichael Große     * @return bool
118e170f465SAndreas Gohr     * @todo - should this be part of the OAuthManager class instead?
119b2b9fbc7SMichael Große     */
120e170f465SAndreas Gohr    public function registerOAuthUser(&$userinfo, $servicename)
1213e7ac5b1SAndreas Gohr    {
122b2b9fbc7SMichael Große        global $conf;
123a02a5d81SAnna Dabrowska        $user = $userinfo['user'];
124b2b9fbc7SMichael Große        $count = '';
125b2b9fbc7SMichael Große        while ($this->getUserData($user . $count)) {
126b2b9fbc7SMichael Große            if ($count) {
127b2b9fbc7SMichael Große                $count++;
128b2b9fbc7SMichael Große            } else {
129b2b9fbc7SMichael Große                $count = 1;
130b2b9fbc7SMichael Große            }
131b2b9fbc7SMichael Große        }
132b2b9fbc7SMichael Große        $user = $user . $count;
133a02a5d81SAnna Dabrowska        $userinfo['user'] = $user;
134e170f465SAndreas Gohr        $groups_on_creation = [];
135b2b9fbc7SMichael Große        $groups_on_creation[] = $conf['defaultgroup'];
136b2b9fbc7SMichael Große        $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group
137a02a5d81SAnna Dabrowska        $userinfo['grps'] = array_merge((array)$userinfo['grps'], $groups_on_creation);
138b2b9fbc7SMichael Große
139e170f465SAndreas Gohr        // the password set here will remain unknown to the user
140b2b9fbc7SMichael Große        $ok = $this->triggerUserMod(
141b2b9fbc7SMichael Große            'create',
142e170f465SAndreas Gohr            [
143e170f465SAndreas Gohr                $user,
144e170f465SAndreas Gohr                auth_pwgen($user),
145e170f465SAndreas Gohr                $userinfo['name'],
146e170f465SAndreas Gohr                $userinfo['mail'],
1474928b245SAndreas Gohr                $userinfo['grps'],
148e170f465SAndreas Gohr            ]
149b2b9fbc7SMichael Große        );
150b2b9fbc7SMichael Große        if (!$ok) {
151b2b9fbc7SMichael Große            return false;
152b2b9fbc7SMichael Große        }
153b2b9fbc7SMichael Große
154e170f465SAndreas Gohr        // send notification about the new user
155e170f465SAndreas Gohr        $subscriptionSender = new RegistrationSubscriptionSender();
156e170f465SAndreas Gohr        $subscriptionSender->sendRegister($user, $userinfo['name'], $userinfo['mail']);
157e170f465SAndreas Gohr
158b2b9fbc7SMichael Große        return true;
159b2b9fbc7SMichael Große    }
160b2b9fbc7SMichael Große
161b2b9fbc7SMichael Große    /**
162a02a5d81SAnna Dabrowska     * Find a user by email address
163b2b9fbc7SMichael Große     *
164b2b9fbc7SMichael Große     * @param $mail
165b2b9fbc7SMichael Große     * @return bool|string
166b2b9fbc7SMichael Große     */
16774b4d4a4SAndreas Gohr    public function getUserByEmail($mail)
1683e7ac5b1SAndreas Gohr    {
1698b214edcSAndreas Gohr        if ($this->users === null) {
1708b214edcSAndreas Gohr            $this->loadUserData();
1718b214edcSAndreas Gohr        }
172b2b9fbc7SMichael Große        $mail = strtolower($mail);
173b2b9fbc7SMichael Große
174a02a5d81SAnna Dabrowska        foreach ($this->users as $user => $userinfo) {
175a02a5d81SAnna Dabrowska            if (strtolower($userinfo['mail']) == $mail) return $user;
176b2b9fbc7SMichael Große        }
177b2b9fbc7SMichael Große
178b2b9fbc7SMichael Große        return false;
179b2b9fbc7SMichael Große    }
180b2b9fbc7SMichael Große
181b2b9fbc7SMichael Große    /**
1822a8b22d5SAndreas Gohr     * Fall back to plain auth strings
1832a8b22d5SAndreas Gohr     *
1842a8b22d5SAndreas Gohr     * @inheritdoc
1852a8b22d5SAndreas Gohr     */
1862a8b22d5SAndreas Gohr    public function getLang($id)
1872a8b22d5SAndreas Gohr    {
1882a8b22d5SAndreas Gohr        $result = parent::getLang($id);
1892a8b22d5SAndreas Gohr        if ($result) return $result;
1902a8b22d5SAndreas Gohr
1912a8b22d5SAndreas Gohr        $parent = new auth_plugin_authplain();
1922a8b22d5SAndreas Gohr        return $parent->getLang($id);
1932a8b22d5SAndreas Gohr    }
1942a8b22d5SAndreas Gohr
1952a8b22d5SAndreas Gohr    /**
196b8ca6a42SAnna Dabrowska     * Farmer plugin support
197b8ca6a42SAnna Dabrowska     *
198b8ca6a42SAnna Dabrowska     * When coming back to farmer instance via OAUTH redirectURI, we need to redirect again
199b8ca6a42SAnna Dabrowska     * to a proper animal instance detected from $state
200b2b9fbc7SMichael Große     *
201311a6606SAnna Dabrowska     * @param $state
202b2b9fbc7SMichael Große     */
203e170f465SAndreas Gohr    protected function handleFarmState($state)
2043e7ac5b1SAndreas Gohr    {
205311a6606SAnna Dabrowska        /** @var \helper_plugin_farmer $farmer */
206311a6606SAnna Dabrowska        $farmer = plugin_load('helper', 'farmer', false, true);
207311a6606SAnna Dabrowska        $data = json_decode(base64_decode(urldecode($state)));
208311a6606SAnna Dabrowska        if (empty($data->animal) || $farmer->getAnimal() == $data->animal) {
209311a6606SAnna Dabrowska            return;
210827232fcSMichael Große        }
211311a6606SAnna Dabrowska        $animal = $data->animal;
212311a6606SAnna Dabrowska        $allAnimals = $farmer->getAllAnimals();
213311a6606SAnna Dabrowska        if (!in_array($animal, $allAnimals)) {
214311a6606SAnna Dabrowska            msg('Animal ' . $animal . ' does not exist!');
215311a6606SAnna Dabrowska            return;
216827232fcSMichael Große        }
217311a6606SAnna Dabrowska        global $INPUT;
218311a6606SAnna Dabrowska        $url = $farmer->getAnimalURL($animal) . '/doku.php?' . $INPUT->server->str('QUERY_STRING');
219311a6606SAnna Dabrowska        send_redirect($url);
220b2b9fbc7SMichael Große    }
221b2b9fbc7SMichael Große}
222