180852c15SAndreas Gohr<?php 23e7ac5b1SAndreas Gohr 380852c15SAndreas Gohr/** 480852c15SAndreas Gohr * DokuWiki Plugin oauth (Auth Component) 580852c15SAndreas Gohr * 680852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 780852c15SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 880852c15SAndreas Gohr */ 93e7ac5b1SAndreas Gohrclass auth_plugin_oauth extends auth_plugin_authplain 103e7ac5b1SAndreas Gohr{ 1180852c15SAndreas Gohr 123e7ac5b1SAndreas Gohr /** @inheritDoc */ 133e7ac5b1SAndreas Gohr public function __construct() 143e7ac5b1SAndreas Gohr { 15f10e09e2SAndreas Gohr parent::__construct(); 1680852c15SAndreas Gohr 17f10e09e2SAndreas Gohr $this->cando['external'] = true; 1880852c15SAndreas Gohr } 1980852c15SAndreas Gohr 203e7ac5b1SAndreas Gohr /** @inheritDoc */ 21311a6606SAnna Dabrowska public function trustExternal($user, $pass, $sticky = false) 223e7ac5b1SAndreas Gohr { 23a02a5d81SAnna Dabrowska global $INPUT; 24438dcc52SMichael Grosse 25b8ca6a42SAnna Dabrowska // handle redirects from farmer to animal wiki instances 26438dcc52SMichael Grosse if ($INPUT->has('state') && plugin_load('helper', 'farmer', false, true)) { 27d9be1cb5SAnna Dabrowska $this->handleFarmState($INPUT->str('state')); 28438dcc52SMichael Grosse } 2980852c15SAndreas Gohr 30*74b4d4a4SAndreas Gohr $om = new \dokuwiki\plugin\oauth\OAuthManager(); 31*74b4d4a4SAndreas Gohr try { 32*74b4d4a4SAndreas Gohr // either oauth or "normal" plain auth login via form 33*74b4d4a4SAndreas Gohr return $om->continueFlow() || auth_login($user, $pass, $sticky); 34*74b4d4a4SAndreas Gohr } catch (\OAuth\Common\Exception\Exception|\dokuwiki\plugin\oauth\Exception $e) { 35*74b4d4a4SAndreas Gohr msg(hsc($e->getMessage()), -1); 36*74b4d4a4SAndreas Gohr return false; 37a7a8f46aSAndreas Gohr } 38a7a8f46aSAndreas Gohr } 3980852c15SAndreas Gohr 40f2e164b0SMichael Große /** 41311a6606SAnna Dabrowska * Enhance function to check against duplicate emails 42311a6606SAnna Dabrowska * 43311a6606SAnna Dabrowska * @param string $user 44311a6606SAnna Dabrowska * @param string $pwd 45311a6606SAnna Dabrowska * @param string $name 46311a6606SAnna Dabrowska * @param string $mail 47311a6606SAnna Dabrowska * @param null $grps 48311a6606SAnna Dabrowska * @return bool|null|string 49311a6606SAnna Dabrowska */ 50311a6606SAnna Dabrowska public function createUser($user, $pwd, $name, $mail, $grps = null) 51311a6606SAnna Dabrowska { 52311a6606SAnna Dabrowska if ($this->getUserByEmail($mail)) { 53311a6606SAnna Dabrowska msg($this->getLang('emailduplicate'), -1); 54311a6606SAnna Dabrowska return false; 55311a6606SAnna Dabrowska } 56311a6606SAnna Dabrowska 57311a6606SAnna Dabrowska return parent::createUser($user, $pwd, $name, $mail, $grps); 58311a6606SAnna Dabrowska } 59311a6606SAnna Dabrowska 60311a6606SAnna Dabrowska /** 61311a6606SAnna Dabrowska * Enhance function to check against duplicate emails 62311a6606SAnna Dabrowska * 63311a6606SAnna Dabrowska * @param string $user 64311a6606SAnna Dabrowska * @param array $changes 65311a6606SAnna Dabrowska * @return bool 66311a6606SAnna Dabrowska */ 67311a6606SAnna Dabrowska public function modifyUser($user, $changes) 68311a6606SAnna Dabrowska { 69311a6606SAnna Dabrowska global $conf; 70311a6606SAnna Dabrowska 71311a6606SAnna Dabrowska if (isset($changes['mail'])) { 72311a6606SAnna Dabrowska $found = $this->getUserByEmail($changes['mail']); 73311a6606SAnna Dabrowska if ($found && $found != $user) { 74311a6606SAnna Dabrowska msg($this->getLang('emailduplicate'), -1); 75311a6606SAnna Dabrowska return false; 76311a6606SAnna Dabrowska } 77311a6606SAnna Dabrowska } 78311a6606SAnna Dabrowska 79311a6606SAnna Dabrowska $ok = parent::modifyUser($user, $changes); 80311a6606SAnna Dabrowska 81311a6606SAnna Dabrowska // refresh session cache 82311a6606SAnna Dabrowska touch($conf['cachedir'] . '/sessionpurge'); 83311a6606SAnna Dabrowska 84311a6606SAnna Dabrowska return $ok; 85311a6606SAnna Dabrowska } 86311a6606SAnna Dabrowska 87311a6606SAnna Dabrowska /** 88311a6606SAnna Dabrowska * Unset additional stuff in session on logout 89311a6606SAnna Dabrowska */ 90311a6606SAnna Dabrowska public function logOff() 91311a6606SAnna Dabrowska { 92311a6606SAnna Dabrowska parent::logOff(); 93311a6606SAnna Dabrowska 94311a6606SAnna Dabrowska $this->cleanLogout(); 95311a6606SAnna Dabrowska } 96311a6606SAnna Dabrowska 97311a6606SAnna Dabrowska /** 98a02a5d81SAnna Dabrowska * check if auth data is present in session and is still considered valid 99f2e164b0SMichael Große * 100f2e164b0SMichael Große * @return bool 101f2e164b0SMichael Große */ 102a02a5d81SAnna Dabrowska protected function sessionLogin() 1033e7ac5b1SAndreas Gohr { 104a02a5d81SAnna Dabrowska global $USERINFO; 105a02a5d81SAnna Dabrowska $session = $_SESSION[DOKU_COOKIE]['auth']; 106b8ca6a42SAnna Dabrowska // FIXME session can be null at this point (e.g. coming from sprintdoc svg.php) 107b8ca6a42SAnna Dabrowska // FIXME and so the subsequent check for non-GET non-doku.php requests is not performed 108a02a5d81SAnna Dabrowska if (isset($session['oauth']) && $this->isSessionValid($session)) { 109a02a5d81SAnna Dabrowska $_SERVER['REMOTE_USER'] = $session['user']; 110a02a5d81SAnna Dabrowska $USERINFO = $session['info']; 111f2e164b0SMichael Große return true; 112f2e164b0SMichael Große } 113f2e164b0SMichael Große return false; 114f2e164b0SMichael Große } 115f2e164b0SMichael Große 116a02a5d81SAnna Dabrowska /** 117a02a5d81SAnna Dabrowska * Use cookie data to log in 118a02a5d81SAnna Dabrowska */ 119a02a5d81SAnna Dabrowska protected function cookieLogin() 120a02a5d81SAnna Dabrowska { 121d9be1cb5SAnna Dabrowska // FIXME SessionManager access? 122a02a5d81SAnna Dabrowska if (isset($_COOKIE[DOKU_COOKIE])) { 123a02a5d81SAnna Dabrowska list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]); 124a02a5d81SAnna Dabrowska $auth = base64_decode($auth, true); 125a02a5d81SAnna Dabrowska $servicename = base64_decode($servicename, true); 126a02a5d81SAnna Dabrowska if ($auth === 'oauth') { 127b8ca6a42SAnna Dabrowska $this->relogin($servicename); 128a02a5d81SAnna Dabrowska } 129a02a5d81SAnna Dabrowska } 130a02a5d81SAnna Dabrowska } 131a02a5d81SAnna Dabrowska 132a02a5d81SAnna Dabrowska /** 133a02a5d81SAnna Dabrowska * Use the OAuth service 134a02a5d81SAnna Dabrowska * 135a02a5d81SAnna Dabrowska * @param $servicename 136b2b9fbc7SMichael Große * @param $sticky 137a02a5d81SAnna Dabrowska * @param $page 138a02a5d81SAnna Dabrowska * @param $params 139a02a5d81SAnna Dabrowska * @param $existingLoginProcess 140a02a5d81SAnna Dabrowska * @return bool 141a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Exception\Exception 142a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Http\Exception\TokenResponseException 143a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Storage\Exception\TokenNotFoundException 144a02a5d81SAnna Dabrowska */ 145a02a5d81SAnna Dabrowska protected function serviceLogin($servicename, $sticky, $page, $params, $existingLoginProcess) 146a02a5d81SAnna Dabrowska { 147a02a5d81SAnna Dabrowska $service = $this->getService($servicename); 148a02a5d81SAnna Dabrowska if (is_null($service)) { 149a02a5d81SAnna Dabrowska $this->cleanLogout(); 150a02a5d81SAnna Dabrowska return false; 151a02a5d81SAnna Dabrowska } 152a02a5d81SAnna Dabrowska 153a02a5d81SAnna Dabrowska if ($service->checkToken()) { 154a02a5d81SAnna Dabrowska if (!$this->processLogin($sticky, $service, $servicename, $page, $params)) { 155a02a5d81SAnna Dabrowska $this->cleanLogout(); 156a02a5d81SAnna Dabrowska return false; 157a02a5d81SAnna Dabrowska } 158a02a5d81SAnna Dabrowska return true; 159a02a5d81SAnna Dabrowska } else { 160a02a5d81SAnna Dabrowska if ($existingLoginProcess) { 161a02a5d81SAnna Dabrowska msg($this->getLang('oauth login failed'), 0); 162a02a5d81SAnna Dabrowska $this->cleanLogout(); 163a02a5d81SAnna Dabrowska return false; 164a02a5d81SAnna Dabrowska } else { 165a02a5d81SAnna Dabrowska // first time here 166b8ca6a42SAnna Dabrowska $this->relogin($servicename); 167a02a5d81SAnna Dabrowska } 168a02a5d81SAnna Dabrowska } 169a02a5d81SAnna Dabrowska 170a02a5d81SAnna Dabrowska $this->cleanLogout(); 171a02a5d81SAnna Dabrowska return false; // something went wrong during oAuth login 172a02a5d81SAnna Dabrowska } 173a02a5d81SAnna Dabrowska 174a02a5d81SAnna Dabrowska /** 175b8ca6a42SAnna Dabrowska * Relogin using auth info read from session / cookie 176b8ca6a42SAnna Dabrowska * 177a02a5d81SAnna Dabrowska * @param string $servicename 178a02a5d81SAnna Dabrowska * @return void|false 179a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Http\Exception\TokenResponseException 180a02a5d81SAnna Dabrowska */ 181b8ca6a42SAnna Dabrowska protected function relogin($servicename) 182a02a5d81SAnna Dabrowska { 183a02a5d81SAnna Dabrowska $service = $this->getService($servicename); 184a02a5d81SAnna Dabrowska if (is_null($service)) return false; 185a02a5d81SAnna Dabrowska 186a02a5d81SAnna Dabrowska $this->writeSession($servicename); 187a02a5d81SAnna Dabrowska $service->login(); 188a02a5d81SAnna Dabrowska } 189a02a5d81SAnna Dabrowska 190a02a5d81SAnna Dabrowska /** 191a02a5d81SAnna Dabrowska * @param bool $sticky 192a02a5d81SAnna Dabrowska * @param \dokuwiki\plugin\oauth\Service $service 1939928f5efSMichael Große * @param string $servicename 194b2b9fbc7SMichael Große * @param string $page 195188ba446SMichael Große * @param array $params 196f07c7607SMichael Große * 197f07c7607SMichael Große * @return bool 198a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Exception\Exception 199f07c7607SMichael Große */ 200a02a5d81SAnna Dabrowska protected function processLogin($sticky, $service, $servicename, $page, $params = []) 2013e7ac5b1SAndreas Gohr { 202a02a5d81SAnna Dabrowska $userinfo = $service->getUser(); 203a02a5d81SAnna Dabrowska $ok = $this->processUserinfo($userinfo, $servicename); 204f07c7607SMichael Große if (!$ok) { 205f07c7607SMichael Große return false; 206f07c7607SMichael Große } 207a02a5d81SAnna Dabrowska $this->setUserSession($userinfo, $servicename); 208a02a5d81SAnna Dabrowska $this->setUserCookie($userinfo['user'], $sticky, $servicename); 209b2b9fbc7SMichael Große if (isset($page)) { 210188ba446SMichael Große if (!empty($params['id'])) unset($params['id']); 211188ba446SMichael Große send_redirect(wl($page, $params, false, '&')); 212b2b9fbc7SMichael Große } 213f07c7607SMichael Große return true; 214f07c7607SMichael Große } 215f07c7607SMichael Große 2169928f5efSMichael Große /** 217a02a5d81SAnna Dabrowska * process the user and update the user info array 2189928f5efSMichael Große * 219a02a5d81SAnna Dabrowska * @param array $userinfo User info received from authentication 220a02a5d81SAnna Dabrowska * @param string $servicename Auth service 2219928f5efSMichael Große * 2229928f5efSMichael Große * @return bool 2239928f5efSMichael Große */ 224a02a5d81SAnna Dabrowska protected function processUserinfo(&$userinfo, $servicename) 2253e7ac5b1SAndreas Gohr { 226a02a5d81SAnna Dabrowska $userinfo['user'] = $this->cleanUser((string)$userinfo['user']); 227a02a5d81SAnna Dabrowska if (!$userinfo['name']) $userinfo['name'] = $userinfo['user']; 2289928f5efSMichael Große 229a02a5d81SAnna Dabrowska if (!$userinfo['user'] || !$userinfo['mail']) { 2309928f5efSMichael Große msg("$servicename did not provide the needed user info. Can't log you in", -1); 2319928f5efSMichael Große return false; 2329928f5efSMichael Große } 2339928f5efSMichael Große 2349928f5efSMichael Große // see if the user is known already 235a02a5d81SAnna Dabrowska $localUser = $this->getUserByEmail($userinfo['mail']); 236a02a5d81SAnna Dabrowska if ($localUser) { 237a02a5d81SAnna Dabrowska $localUserInfo = $this->getUserData($localUser); 2389928f5efSMichael Große // check if the user allowed access via this service 239a02a5d81SAnna Dabrowska if (!in_array($this->cleanGroup($servicename), $localUserInfo['grps'])) { 2409928f5efSMichael Große msg(sprintf($this->getLang('authnotenabled'), $servicename), -1); 2419928f5efSMichael Große return false; 2429928f5efSMichael Große } 243a02a5d81SAnna Dabrowska $userinfo['user'] = $localUser; 244a02a5d81SAnna Dabrowska $userinfo['name'] = $localUserInfo['name']; 245a02a5d81SAnna Dabrowska $userinfo['grps'] = array_merge((array)$userinfo['grps'], $localUserInfo['grps']); 246d313403cSAnna Dabrowska } elseif (actionOK('register') || $this->getConf('register-on-auth')) { 247a02a5d81SAnna Dabrowska $ok = $this->addUser($userinfo, $servicename); 2489928f5efSMichael Große if (!$ok) { 2499928f5efSMichael Große msg('something went wrong creating your user account. please try again later.', -1); 2509928f5efSMichael Große return false; 2519928f5efSMichael Große } 2529928f5efSMichael Große } else { 2539928f5efSMichael Große msg($this->getLang('addUser not possible'), -1); 2549928f5efSMichael Große return false; 2559928f5efSMichael Große } 2569928f5efSMichael Große return true; 2579928f5efSMichael Große } 2589928f5efSMichael Große 2599928f5efSMichael Große /** 260b2b9fbc7SMichael Große * new user, create him - making sure the login is unique by adding a number if needed 261b2b9fbc7SMichael Große * 262a02a5d81SAnna Dabrowska * @param array $userinfo user info received from the oAuth service 263b2b9fbc7SMichael Große * @param string $servicename 264b2b9fbc7SMichael Große * 265b2b9fbc7SMichael Große * @return bool 266b2b9fbc7SMichael Große */ 267*74b4d4a4SAndreas Gohr public function addUser(&$userinfo, $servicename) 2683e7ac5b1SAndreas Gohr { 269b2b9fbc7SMichael Große global $conf; 270a02a5d81SAnna Dabrowska $user = $userinfo['user']; 271b2b9fbc7SMichael Große $count = ''; 272b2b9fbc7SMichael Große while ($this->getUserData($user . $count)) { 273b2b9fbc7SMichael Große if ($count) { 274b2b9fbc7SMichael Große $count++; 275b2b9fbc7SMichael Große } else { 276b2b9fbc7SMichael Große $count = 1; 277b2b9fbc7SMichael Große } 278b2b9fbc7SMichael Große } 279b2b9fbc7SMichael Große $user = $user . $count; 280a02a5d81SAnna Dabrowska $userinfo['user'] = $user; 281b2b9fbc7SMichael Große $groups_on_creation = array(); 282b2b9fbc7SMichael Große $groups_on_creation[] = $conf['defaultgroup']; 283b2b9fbc7SMichael Große $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group 284a02a5d81SAnna Dabrowska $userinfo['grps'] = array_merge((array)$userinfo['grps'], $groups_on_creation); 285b2b9fbc7SMichael Große 286b2b9fbc7SMichael Große $ok = $this->triggerUserMod( 287b2b9fbc7SMichael Große 'create', 288a02a5d81SAnna Dabrowska array($user, auth_pwgen($user), $userinfo['name'], $userinfo['mail'], $groups_on_creation,) 289b2b9fbc7SMichael Große ); 290b2b9fbc7SMichael Große if (!$ok) { 291b2b9fbc7SMichael Große return false; 292b2b9fbc7SMichael Große } 293b2b9fbc7SMichael Große 294*74b4d4a4SAndreas Gohr // send notification about the new user FIXME is this needed? can't we simply call createUser? 295b2b9fbc7SMichael Große $subscription = new Subscription(); 296a02a5d81SAnna Dabrowska $subscription->send_register($user, $userinfo['name'], $userinfo['mail']); 297b2b9fbc7SMichael Große return true; 298b2b9fbc7SMichael Große } 299b2b9fbc7SMichael Große 300b2b9fbc7SMichael Große /** 301a02a5d81SAnna Dabrowska * Find a user by email address 302b2b9fbc7SMichael Große * 303b2b9fbc7SMichael Große * @param $mail 304b2b9fbc7SMichael Große * @return bool|string 305b2b9fbc7SMichael Große */ 306*74b4d4a4SAndreas Gohr public function getUserByEmail($mail) 3073e7ac5b1SAndreas Gohr { 3088b214edcSAndreas Gohr if ($this->users === null) { 3098b214edcSAndreas Gohr if (is_callable([$this, '_loadUserData'])) { 3108b214edcSAndreas Gohr $this->_loadUserData(); 3118b214edcSAndreas Gohr } else { 3128b214edcSAndreas Gohr $this->loadUserData(); 3138b214edcSAndreas Gohr } 3148b214edcSAndreas Gohr } 315b2b9fbc7SMichael Große $mail = strtolower($mail); 316b2b9fbc7SMichael Große 317a02a5d81SAnna Dabrowska foreach ($this->users as $user => $userinfo) { 318a02a5d81SAnna Dabrowska if (strtolower($userinfo['mail']) == $mail) return $user; 319b2b9fbc7SMichael Große } 320b2b9fbc7SMichael Große 321b2b9fbc7SMichael Große return false; 322b2b9fbc7SMichael Große } 323b2b9fbc7SMichael Große 324b2b9fbc7SMichael Große /** 325a02a5d81SAnna Dabrowska * unset auth cookies and session information 326a02a5d81SAnna Dabrowska */ 327a02a5d81SAnna Dabrowska private function cleanLogout() 328a02a5d81SAnna Dabrowska { 329a02a5d81SAnna Dabrowska if (isset($_SESSION[DOKU_COOKIE]['oauth-done'])) { 330a02a5d81SAnna Dabrowska unset($_SESSION[DOKU_COOKIE]['oauth-done']); 331a02a5d81SAnna Dabrowska } 332a02a5d81SAnna Dabrowska if (isset($_SESSION[DOKU_COOKIE]['auth'])) { 333a02a5d81SAnna Dabrowska unset($_SESSION[DOKU_COOKIE]['auth']); 334a02a5d81SAnna Dabrowska } 335a02a5d81SAnna Dabrowska $this->setUserCookie('', true, '', -60); 336a02a5d81SAnna Dabrowska } 337a02a5d81SAnna Dabrowska 338a02a5d81SAnna Dabrowska /** 339a02a5d81SAnna Dabrowska * Save user and auth data 340a02a5d81SAnna Dabrowska * 341b2b9fbc7SMichael Große * @param array $data 342b2b9fbc7SMichael Große * @param string $service 343b2b9fbc7SMichael Große */ 3443e7ac5b1SAndreas Gohr protected function setUserSession($data, $service) 3453e7ac5b1SAndreas Gohr { 346b2b9fbc7SMichael Große global $USERINFO; 347b2b9fbc7SMichael Große 348b2b9fbc7SMichael Große // set up groups 349b2b9fbc7SMichael Große if (!is_array($data['grps'])) { 350b2b9fbc7SMichael Große $data['grps'] = array(); 351b2b9fbc7SMichael Große } 352b2b9fbc7SMichael Große $data['grps'][] = $this->cleanGroup($service); 353b2b9fbc7SMichael Große $data['grps'] = array_unique($data['grps']); 354b2b9fbc7SMichael Große 355b2b9fbc7SMichael Große $USERINFO = $data; 356b2b9fbc7SMichael Große $_SERVER['REMOTE_USER'] = $data['user']; 357d9be1cb5SAnna Dabrowska 358d9be1cb5SAnna Dabrowska // FIXME this is not handled by SessionManager because auth.php accesses the data directly 359b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['user'] = $data['user']; 360b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['pass'] = $data['pass']; 361b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 362b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); 363b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); 364b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['oauth'] = $service; 365b2b9fbc7SMichael Große } 366b2b9fbc7SMichael Große 367b2b9fbc7SMichael Große /** 3689928f5efSMichael Große * @param string $user 369523e6571SMichael Große * @param bool $sticky 3709928f5efSMichael Große * @param string $servicename 371523e6571SMichael Große * @param int $validityPeriodInSeconds optional, per default 1 Year 3729928f5efSMichael Große */ 3733e7ac5b1SAndreas Gohr private function setUserCookie($user, $sticky, $servicename, $validityPeriodInSeconds = 31536000) 3743e7ac5b1SAndreas Gohr { 3759928f5efSMichael Große $cookie = base64_encode($user) . '|' . ((int)$sticky) . '|' . base64_encode('oauth') . '|' . base64_encode($servicename); 3769928f5efSMichael Große $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; 377523e6571SMichael Große $time = $sticky ? (time() + $validityPeriodInSeconds) : 0; 3789928f5efSMichael Große setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); 3799928f5efSMichael Große } 3809928f5efSMichael Große 381827232fcSMichael Große /** 382a02a5d81SAnna Dabrowska * @param array $session cookie auth session 383a02a5d81SAnna Dabrowska * 384a02a5d81SAnna Dabrowska * @return bool 385b2b9fbc7SMichael Große */ 386a02a5d81SAnna Dabrowska protected function isSessionValid($session) 3873e7ac5b1SAndreas Gohr { 388a02a5d81SAnna Dabrowska /** @var helper_plugin_oauth $hlp */ 389a02a5d81SAnna Dabrowska $hlp = plugin_load('helper', 'oauth'); 390a02a5d81SAnna Dabrowska if ($hlp->validBrowserID($session)) { 391a02a5d81SAnna Dabrowska if (!$hlp->isSessionTimedOut($session)) { 392a02a5d81SAnna Dabrowska return true; 393a02a5d81SAnna Dabrowska } elseif (!($hlp->isGETRequest() && $hlp->isDokuPHP())) { 394a02a5d81SAnna Dabrowska // only force a recheck on a timed-out session during a GET request on the main script doku.php 395a02a5d81SAnna Dabrowska return true; 396af2a4e8fSMichael Große } 397af2a4e8fSMichael Große } 398a02a5d81SAnna Dabrowska return false; 399a02a5d81SAnna Dabrowska } 400a02a5d81SAnna Dabrowska 401a02a5d81SAnna Dabrowska /** 402a02a5d81SAnna Dabrowska * Save login info in session 403a02a5d81SAnna Dabrowska * 404a02a5d81SAnna Dabrowska * @param string $servicename 405a02a5d81SAnna Dabrowska */ 406a02a5d81SAnna Dabrowska protected function writeSession($servicename) 407a02a5d81SAnna Dabrowska { 408a02a5d81SAnna Dabrowska global $INPUT; 409a02a5d81SAnna Dabrowska 410d9be1cb5SAnna Dabrowska // used to be in 'oauth-inprogress' 411d9be1cb5SAnna Dabrowska self::$sessionManager->setServiceName($servicename); 412d9be1cb5SAnna Dabrowska self::$sessionManager->setPid($INPUT->str('id')); 413d9be1cb5SAnna Dabrowska self::$sessionManager->setParams($_GET); 414b8ca6a42SAnna Dabrowska 415d9be1cb5SAnna Dabrowska // used to be in 'oauth-done' 416d9be1cb5SAnna Dabrowska self::$sessionManager->setRequest($_REQUEST); 417a02a5d81SAnna Dabrowska 418a02a5d81SAnna Dabrowska if (is_array($INPUT->post->param('do'))) { 419a02a5d81SAnna Dabrowska $doPost = key($INPUT->post->arr('do')); 420a02a5d81SAnna Dabrowska } else { 421a02a5d81SAnna Dabrowska $doPost = $INPUT->post->str('do'); 422a02a5d81SAnna Dabrowska } 423a02a5d81SAnna Dabrowska $doGet = $INPUT->get->str('do'); 424a02a5d81SAnna Dabrowska if (!empty($doPost)) { 425d9be1cb5SAnna Dabrowska self::$sessionManager->setDo($doPost); 426a02a5d81SAnna Dabrowska } elseif (!empty($doGet)) { 427d9be1cb5SAnna Dabrowska self::$sessionManager->setDo($doGet); 428a02a5d81SAnna Dabrowska } 429d9be1cb5SAnna Dabrowska self::$sessionManager->saveState(); 430b2b9fbc7SMichael Große } 431b2b9fbc7SMichael Große 432b2b9fbc7SMichael Große /** 433b8ca6a42SAnna Dabrowska * Farmer plugin support 434b8ca6a42SAnna Dabrowska * 435b8ca6a42SAnna Dabrowska * When coming back to farmer instance via OAUTH redirectURI, we need to redirect again 436b8ca6a42SAnna Dabrowska * to a proper animal instance detected from $state 437b2b9fbc7SMichael Große * 438311a6606SAnna Dabrowska * @param $state 439b2b9fbc7SMichael Große */ 440d9be1cb5SAnna Dabrowska private function handleFarmState($state) 4413e7ac5b1SAndreas Gohr { 442311a6606SAnna Dabrowska /** @var \helper_plugin_farmer $farmer */ 443311a6606SAnna Dabrowska $farmer = plugin_load('helper', 'farmer', false, true); 444311a6606SAnna Dabrowska $data = json_decode(base64_decode(urldecode($state))); 445311a6606SAnna Dabrowska if (empty($data->animal) || $farmer->getAnimal() == $data->animal) { 446311a6606SAnna Dabrowska return; 447827232fcSMichael Große } 448311a6606SAnna Dabrowska $animal = $data->animal; 449311a6606SAnna Dabrowska $allAnimals = $farmer->getAllAnimals(); 450311a6606SAnna Dabrowska if (!in_array($animal, $allAnimals)) { 451311a6606SAnna Dabrowska msg('Animal ' . $animal . ' does not exist!'); 452311a6606SAnna Dabrowska return; 453827232fcSMichael Große } 454311a6606SAnna Dabrowska global $INPUT; 455311a6606SAnna Dabrowska $url = $farmer->getAnimalURL($animal) . '/doku.php?' . $INPUT->server->str('QUERY_STRING'); 456311a6606SAnna Dabrowska send_redirect($url); 457b2b9fbc7SMichael Große } 458b2b9fbc7SMichael Große} 459b2b9fbc7SMichael Große 46080852c15SAndreas Gohr// vim:ts=4:sw=4:et: 461