xref: /plugin/oauth/auth.php (revision 74b4d4a4cf1d79813740d8ba18696e5fb2b4089b)
180852c15SAndreas Gohr<?php
23e7ac5b1SAndreas Gohr
380852c15SAndreas Gohr/**
480852c15SAndreas Gohr * DokuWiki Plugin oauth (Auth Component)
580852c15SAndreas Gohr *
680852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
780852c15SAndreas Gohr * @author  Andreas Gohr <andi@splitbrain.org>
880852c15SAndreas Gohr */
93e7ac5b1SAndreas Gohrclass auth_plugin_oauth extends auth_plugin_authplain
103e7ac5b1SAndreas Gohr{
1180852c15SAndreas Gohr
123e7ac5b1SAndreas Gohr    /** @inheritDoc */
133e7ac5b1SAndreas Gohr    public function __construct()
143e7ac5b1SAndreas Gohr    {
15f10e09e2SAndreas Gohr        parent::__construct();
1680852c15SAndreas Gohr
17f10e09e2SAndreas Gohr        $this->cando['external'] = true;
1880852c15SAndreas Gohr    }
1980852c15SAndreas Gohr
203e7ac5b1SAndreas Gohr    /** @inheritDoc */
21311a6606SAnna Dabrowska    public function trustExternal($user, $pass, $sticky = false)
223e7ac5b1SAndreas Gohr    {
23a02a5d81SAnna Dabrowska        global $INPUT;
24438dcc52SMichael Grosse
25b8ca6a42SAnna Dabrowska        // handle redirects from farmer to animal wiki instances
26438dcc52SMichael Grosse        if ($INPUT->has('state') && plugin_load('helper', 'farmer', false, true)) {
27d9be1cb5SAnna Dabrowska            $this->handleFarmState($INPUT->str('state'));
28438dcc52SMichael Grosse        }
2980852c15SAndreas Gohr
30*74b4d4a4SAndreas Gohr        $om = new \dokuwiki\plugin\oauth\OAuthManager();
31*74b4d4a4SAndreas Gohr        try {
32*74b4d4a4SAndreas Gohr            // either oauth or "normal" plain auth login via form
33*74b4d4a4SAndreas Gohr            return $om->continueFlow() || auth_login($user, $pass, $sticky);
34*74b4d4a4SAndreas Gohr        } catch (\OAuth\Common\Exception\Exception|\dokuwiki\plugin\oauth\Exception $e) {
35*74b4d4a4SAndreas Gohr            msg(hsc($e->getMessage()), -1);
36*74b4d4a4SAndreas Gohr            return false;
37a7a8f46aSAndreas Gohr        }
38a7a8f46aSAndreas Gohr    }
3980852c15SAndreas Gohr
40f2e164b0SMichael Große    /**
41311a6606SAnna Dabrowska     * Enhance function to check against duplicate emails
42311a6606SAnna Dabrowska     *
43311a6606SAnna Dabrowska     * @param string $user
44311a6606SAnna Dabrowska     * @param string $pwd
45311a6606SAnna Dabrowska     * @param string $name
46311a6606SAnna Dabrowska     * @param string $mail
47311a6606SAnna Dabrowska     * @param null $grps
48311a6606SAnna Dabrowska     * @return bool|null|string
49311a6606SAnna Dabrowska     */
50311a6606SAnna Dabrowska    public function createUser($user, $pwd, $name, $mail, $grps = null)
51311a6606SAnna Dabrowska    {
52311a6606SAnna Dabrowska        if ($this->getUserByEmail($mail)) {
53311a6606SAnna Dabrowska            msg($this->getLang('emailduplicate'), -1);
54311a6606SAnna Dabrowska            return false;
55311a6606SAnna Dabrowska        }
56311a6606SAnna Dabrowska
57311a6606SAnna Dabrowska        return parent::createUser($user, $pwd, $name, $mail, $grps);
58311a6606SAnna Dabrowska    }
59311a6606SAnna Dabrowska
60311a6606SAnna Dabrowska    /**
61311a6606SAnna Dabrowska     * Enhance function to check against duplicate emails
62311a6606SAnna Dabrowska     *
63311a6606SAnna Dabrowska     * @param string $user
64311a6606SAnna Dabrowska     * @param array $changes
65311a6606SAnna Dabrowska     * @return bool
66311a6606SAnna Dabrowska     */
67311a6606SAnna Dabrowska    public function modifyUser($user, $changes)
68311a6606SAnna Dabrowska    {
69311a6606SAnna Dabrowska        global $conf;
70311a6606SAnna Dabrowska
71311a6606SAnna Dabrowska        if (isset($changes['mail'])) {
72311a6606SAnna Dabrowska            $found = $this->getUserByEmail($changes['mail']);
73311a6606SAnna Dabrowska            if ($found && $found != $user) {
74311a6606SAnna Dabrowska                msg($this->getLang('emailduplicate'), -1);
75311a6606SAnna Dabrowska                return false;
76311a6606SAnna Dabrowska            }
77311a6606SAnna Dabrowska        }
78311a6606SAnna Dabrowska
79311a6606SAnna Dabrowska        $ok = parent::modifyUser($user, $changes);
80311a6606SAnna Dabrowska
81311a6606SAnna Dabrowska        // refresh session cache
82311a6606SAnna Dabrowska        touch($conf['cachedir'] . '/sessionpurge');
83311a6606SAnna Dabrowska
84311a6606SAnna Dabrowska        return $ok;
85311a6606SAnna Dabrowska    }
86311a6606SAnna Dabrowska
87311a6606SAnna Dabrowska    /**
88311a6606SAnna Dabrowska     * Unset additional stuff in session on logout
89311a6606SAnna Dabrowska     */
90311a6606SAnna Dabrowska    public function logOff()
91311a6606SAnna Dabrowska    {
92311a6606SAnna Dabrowska        parent::logOff();
93311a6606SAnna Dabrowska
94311a6606SAnna Dabrowska        $this->cleanLogout();
95311a6606SAnna Dabrowska    }
96311a6606SAnna Dabrowska
97311a6606SAnna Dabrowska    /**
98a02a5d81SAnna Dabrowska     * check if auth data is present in session and is still considered valid
99f2e164b0SMichael Große     *
100f2e164b0SMichael Große     * @return bool
101f2e164b0SMichael Große     */
102a02a5d81SAnna Dabrowska    protected function sessionLogin()
1033e7ac5b1SAndreas Gohr    {
104a02a5d81SAnna Dabrowska        global $USERINFO;
105a02a5d81SAnna Dabrowska        $session = $_SESSION[DOKU_COOKIE]['auth'];
106b8ca6a42SAnna Dabrowska        // FIXME session can be null at this point (e.g. coming from sprintdoc svg.php)
107b8ca6a42SAnna Dabrowska        // FIXME and so the subsequent check for non-GET non-doku.php requests is not performed
108a02a5d81SAnna Dabrowska        if (isset($session['oauth']) && $this->isSessionValid($session)) {
109a02a5d81SAnna Dabrowska            $_SERVER['REMOTE_USER'] = $session['user'];
110a02a5d81SAnna Dabrowska            $USERINFO = $session['info'];
111f2e164b0SMichael Große            return true;
112f2e164b0SMichael Große        }
113f2e164b0SMichael Große        return false;
114f2e164b0SMichael Große    }
115f2e164b0SMichael Große
116a02a5d81SAnna Dabrowska    /**
117a02a5d81SAnna Dabrowska     * Use cookie data to log in
118a02a5d81SAnna Dabrowska     */
119a02a5d81SAnna Dabrowska    protected function cookieLogin()
120a02a5d81SAnna Dabrowska    {
121d9be1cb5SAnna Dabrowska        // FIXME SessionManager access?
122a02a5d81SAnna Dabrowska        if (isset($_COOKIE[DOKU_COOKIE])) {
123a02a5d81SAnna Dabrowska            list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]);
124a02a5d81SAnna Dabrowska            $auth = base64_decode($auth, true);
125a02a5d81SAnna Dabrowska            $servicename = base64_decode($servicename, true);
126a02a5d81SAnna Dabrowska            if ($auth === 'oauth') {
127b8ca6a42SAnna Dabrowska                $this->relogin($servicename);
128a02a5d81SAnna Dabrowska            }
129a02a5d81SAnna Dabrowska        }
130a02a5d81SAnna Dabrowska    }
131a02a5d81SAnna Dabrowska
132a02a5d81SAnna Dabrowska    /**
133a02a5d81SAnna Dabrowska     * Use the OAuth service
134a02a5d81SAnna Dabrowska     *
135a02a5d81SAnna Dabrowska     * @param $servicename
136b2b9fbc7SMichael Große     * @param $sticky
137a02a5d81SAnna Dabrowska     * @param $page
138a02a5d81SAnna Dabrowska     * @param $params
139a02a5d81SAnna Dabrowska     * @param $existingLoginProcess
140a02a5d81SAnna Dabrowska     * @return bool
141a02a5d81SAnna Dabrowska     * @throws \OAuth\Common\Exception\Exception
142a02a5d81SAnna Dabrowska     * @throws \OAuth\Common\Http\Exception\TokenResponseException
143a02a5d81SAnna Dabrowska     * @throws \OAuth\Common\Storage\Exception\TokenNotFoundException
144a02a5d81SAnna Dabrowska     */
145a02a5d81SAnna Dabrowska    protected function serviceLogin($servicename, $sticky, $page, $params, $existingLoginProcess)
146a02a5d81SAnna Dabrowska    {
147a02a5d81SAnna Dabrowska        $service = $this->getService($servicename);
148a02a5d81SAnna Dabrowska        if (is_null($service)) {
149a02a5d81SAnna Dabrowska            $this->cleanLogout();
150a02a5d81SAnna Dabrowska            return false;
151a02a5d81SAnna Dabrowska        }
152a02a5d81SAnna Dabrowska
153a02a5d81SAnna Dabrowska        if ($service->checkToken()) {
154a02a5d81SAnna Dabrowska            if (!$this->processLogin($sticky, $service, $servicename, $page, $params)) {
155a02a5d81SAnna Dabrowska                $this->cleanLogout();
156a02a5d81SAnna Dabrowska                return false;
157a02a5d81SAnna Dabrowska            }
158a02a5d81SAnna Dabrowska            return true;
159a02a5d81SAnna Dabrowska        } else {
160a02a5d81SAnna Dabrowska            if ($existingLoginProcess) {
161a02a5d81SAnna Dabrowska                msg($this->getLang('oauth login failed'), 0);
162a02a5d81SAnna Dabrowska                $this->cleanLogout();
163a02a5d81SAnna Dabrowska                return false;
164a02a5d81SAnna Dabrowska            } else {
165a02a5d81SAnna Dabrowska                // first time here
166b8ca6a42SAnna Dabrowska                $this->relogin($servicename);
167a02a5d81SAnna Dabrowska            }
168a02a5d81SAnna Dabrowska        }
169a02a5d81SAnna Dabrowska
170a02a5d81SAnna Dabrowska        $this->cleanLogout();
171a02a5d81SAnna Dabrowska        return false; // something went wrong during oAuth login
172a02a5d81SAnna Dabrowska    }
173a02a5d81SAnna Dabrowska
174a02a5d81SAnna Dabrowska    /**
175b8ca6a42SAnna Dabrowska     * Relogin using auth info read from session / cookie
176b8ca6a42SAnna Dabrowska     *
177a02a5d81SAnna Dabrowska     * @param string $servicename
178a02a5d81SAnna Dabrowska     * @return void|false
179a02a5d81SAnna Dabrowska     * @throws \OAuth\Common\Http\Exception\TokenResponseException
180a02a5d81SAnna Dabrowska     */
181b8ca6a42SAnna Dabrowska    protected function relogin($servicename)
182a02a5d81SAnna Dabrowska    {
183a02a5d81SAnna Dabrowska        $service = $this->getService($servicename);
184a02a5d81SAnna Dabrowska        if (is_null($service)) return false;
185a02a5d81SAnna Dabrowska
186a02a5d81SAnna Dabrowska        $this->writeSession($servicename);
187a02a5d81SAnna Dabrowska        $service->login();
188a02a5d81SAnna Dabrowska    }
189a02a5d81SAnna Dabrowska
190a02a5d81SAnna Dabrowska    /**
191a02a5d81SAnna Dabrowska     * @param bool $sticky
192a02a5d81SAnna Dabrowska     * @param \dokuwiki\plugin\oauth\Service $service
1939928f5efSMichael Große     * @param string $servicename
194b2b9fbc7SMichael Große     * @param string $page
195188ba446SMichael Große     * @param array $params
196f07c7607SMichael Große     *
197f07c7607SMichael Große     * @return bool
198a02a5d81SAnna Dabrowska     * @throws \OAuth\Common\Exception\Exception
199f07c7607SMichael Große     */
200a02a5d81SAnna Dabrowska    protected function processLogin($sticky, $service, $servicename, $page, $params = [])
2013e7ac5b1SAndreas Gohr    {
202a02a5d81SAnna Dabrowska        $userinfo = $service->getUser();
203a02a5d81SAnna Dabrowska        $ok = $this->processUserinfo($userinfo, $servicename);
204f07c7607SMichael Große        if (!$ok) {
205f07c7607SMichael Große            return false;
206f07c7607SMichael Große        }
207a02a5d81SAnna Dabrowska        $this->setUserSession($userinfo, $servicename);
208a02a5d81SAnna Dabrowska        $this->setUserCookie($userinfo['user'], $sticky, $servicename);
209b2b9fbc7SMichael Große        if (isset($page)) {
210188ba446SMichael Große            if (!empty($params['id'])) unset($params['id']);
211188ba446SMichael Große            send_redirect(wl($page, $params, false, '&'));
212b2b9fbc7SMichael Große        }
213f07c7607SMichael Große        return true;
214f07c7607SMichael Große    }
215f07c7607SMichael Große
2169928f5efSMichael Große    /**
217a02a5d81SAnna Dabrowska     * process the user and update the user info array
2189928f5efSMichael Große     *
219a02a5d81SAnna Dabrowska     * @param array $userinfo User info received from authentication
220a02a5d81SAnna Dabrowska     * @param string $servicename Auth service
2219928f5efSMichael Große     *
2229928f5efSMichael Große     * @return bool
2239928f5efSMichael Große     */
224a02a5d81SAnna Dabrowska    protected function processUserinfo(&$userinfo, $servicename)
2253e7ac5b1SAndreas Gohr    {
226a02a5d81SAnna Dabrowska        $userinfo['user'] = $this->cleanUser((string)$userinfo['user']);
227a02a5d81SAnna Dabrowska        if (!$userinfo['name']) $userinfo['name'] = $userinfo['user'];
2289928f5efSMichael Große
229a02a5d81SAnna Dabrowska        if (!$userinfo['user'] || !$userinfo['mail']) {
2309928f5efSMichael Große            msg("$servicename did not provide the needed user info. Can't log you in", -1);
2319928f5efSMichael Große            return false;
2329928f5efSMichael Große        }
2339928f5efSMichael Große
2349928f5efSMichael Große        // see if the user is known already
235a02a5d81SAnna Dabrowska        $localUser = $this->getUserByEmail($userinfo['mail']);
236a02a5d81SAnna Dabrowska        if ($localUser) {
237a02a5d81SAnna Dabrowska            $localUserInfo = $this->getUserData($localUser);
2389928f5efSMichael Große            // check if the user allowed access via this service
239a02a5d81SAnna Dabrowska            if (!in_array($this->cleanGroup($servicename), $localUserInfo['grps'])) {
2409928f5efSMichael Große                msg(sprintf($this->getLang('authnotenabled'), $servicename), -1);
2419928f5efSMichael Große                return false;
2429928f5efSMichael Große            }
243a02a5d81SAnna Dabrowska            $userinfo['user'] = $localUser;
244a02a5d81SAnna Dabrowska            $userinfo['name'] = $localUserInfo['name'];
245a02a5d81SAnna Dabrowska            $userinfo['grps'] = array_merge((array)$userinfo['grps'], $localUserInfo['grps']);
246d313403cSAnna Dabrowska        } elseif (actionOK('register') || $this->getConf('register-on-auth')) {
247a02a5d81SAnna Dabrowska            $ok = $this->addUser($userinfo, $servicename);
2489928f5efSMichael Große            if (!$ok) {
2499928f5efSMichael Große                msg('something went wrong creating your user account. please try again later.', -1);
2509928f5efSMichael Große                return false;
2519928f5efSMichael Große            }
2529928f5efSMichael Große        } else {
2539928f5efSMichael Große            msg($this->getLang('addUser not possible'), -1);
2549928f5efSMichael Große            return false;
2559928f5efSMichael Große        }
2569928f5efSMichael Große        return true;
2579928f5efSMichael Große    }
2589928f5efSMichael Große
2599928f5efSMichael Große    /**
260b2b9fbc7SMichael Große     * new user, create him - making sure the login is unique by adding a number if needed
261b2b9fbc7SMichael Große     *
262a02a5d81SAnna Dabrowska     * @param array $userinfo user info received from the oAuth service
263b2b9fbc7SMichael Große     * @param string $servicename
264b2b9fbc7SMichael Große     *
265b2b9fbc7SMichael Große     * @return bool
266b2b9fbc7SMichael Große     */
267*74b4d4a4SAndreas Gohr    public function addUser(&$userinfo, $servicename)
2683e7ac5b1SAndreas Gohr    {
269b2b9fbc7SMichael Große        global $conf;
270a02a5d81SAnna Dabrowska        $user = $userinfo['user'];
271b2b9fbc7SMichael Große        $count = '';
272b2b9fbc7SMichael Große        while ($this->getUserData($user . $count)) {
273b2b9fbc7SMichael Große            if ($count) {
274b2b9fbc7SMichael Große                $count++;
275b2b9fbc7SMichael Große            } else {
276b2b9fbc7SMichael Große                $count = 1;
277b2b9fbc7SMichael Große            }
278b2b9fbc7SMichael Große        }
279b2b9fbc7SMichael Große        $user = $user . $count;
280a02a5d81SAnna Dabrowska        $userinfo['user'] = $user;
281b2b9fbc7SMichael Große        $groups_on_creation = array();
282b2b9fbc7SMichael Große        $groups_on_creation[] = $conf['defaultgroup'];
283b2b9fbc7SMichael Große        $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group
284a02a5d81SAnna Dabrowska        $userinfo['grps'] = array_merge((array)$userinfo['grps'], $groups_on_creation);
285b2b9fbc7SMichael Große
286b2b9fbc7SMichael Große        $ok = $this->triggerUserMod(
287b2b9fbc7SMichael Große            'create',
288a02a5d81SAnna Dabrowska            array($user, auth_pwgen($user), $userinfo['name'], $userinfo['mail'], $groups_on_creation,)
289b2b9fbc7SMichael Große        );
290b2b9fbc7SMichael Große        if (!$ok) {
291b2b9fbc7SMichael Große            return false;
292b2b9fbc7SMichael Große        }
293b2b9fbc7SMichael Große
294*74b4d4a4SAndreas Gohr        // send notification about the new user   FIXME is this needed? can't we simply call createUser?
295b2b9fbc7SMichael Große        $subscription = new Subscription();
296a02a5d81SAnna Dabrowska        $subscription->send_register($user, $userinfo['name'], $userinfo['mail']);
297b2b9fbc7SMichael Große        return true;
298b2b9fbc7SMichael Große    }
299b2b9fbc7SMichael Große
300b2b9fbc7SMichael Große    /**
301a02a5d81SAnna Dabrowska     * Find a user by email address
302b2b9fbc7SMichael Große     *
303b2b9fbc7SMichael Große     * @param $mail
304b2b9fbc7SMichael Große     * @return bool|string
305b2b9fbc7SMichael Große     */
306*74b4d4a4SAndreas Gohr    public function getUserByEmail($mail)
3073e7ac5b1SAndreas Gohr    {
3088b214edcSAndreas Gohr        if ($this->users === null) {
3098b214edcSAndreas Gohr            if (is_callable([$this, '_loadUserData'])) {
3108b214edcSAndreas Gohr                $this->_loadUserData();
3118b214edcSAndreas Gohr            } else {
3128b214edcSAndreas Gohr                $this->loadUserData();
3138b214edcSAndreas Gohr            }
3148b214edcSAndreas Gohr        }
315b2b9fbc7SMichael Große        $mail = strtolower($mail);
316b2b9fbc7SMichael Große
317a02a5d81SAnna Dabrowska        foreach ($this->users as $user => $userinfo) {
318a02a5d81SAnna Dabrowska            if (strtolower($userinfo['mail']) == $mail) return $user;
319b2b9fbc7SMichael Große        }
320b2b9fbc7SMichael Große
321b2b9fbc7SMichael Große        return false;
322b2b9fbc7SMichael Große    }
323b2b9fbc7SMichael Große
324b2b9fbc7SMichael Große    /**
325a02a5d81SAnna Dabrowska     * unset auth cookies and session information
326a02a5d81SAnna Dabrowska     */
327a02a5d81SAnna Dabrowska    private function cleanLogout()
328a02a5d81SAnna Dabrowska    {
329a02a5d81SAnna Dabrowska        if (isset($_SESSION[DOKU_COOKIE]['oauth-done'])) {
330a02a5d81SAnna Dabrowska            unset($_SESSION[DOKU_COOKIE]['oauth-done']);
331a02a5d81SAnna Dabrowska        }
332a02a5d81SAnna Dabrowska        if (isset($_SESSION[DOKU_COOKIE]['auth'])) {
333a02a5d81SAnna Dabrowska            unset($_SESSION[DOKU_COOKIE]['auth']);
334a02a5d81SAnna Dabrowska        }
335a02a5d81SAnna Dabrowska        $this->setUserCookie('', true, '', -60);
336a02a5d81SAnna Dabrowska    }
337a02a5d81SAnna Dabrowska
338a02a5d81SAnna Dabrowska    /**
339a02a5d81SAnna Dabrowska     * Save user and auth data
340a02a5d81SAnna Dabrowska     *
341b2b9fbc7SMichael Große     * @param array $data
342b2b9fbc7SMichael Große     * @param string $service
343b2b9fbc7SMichael Große     */
3443e7ac5b1SAndreas Gohr    protected function setUserSession($data, $service)
3453e7ac5b1SAndreas Gohr    {
346b2b9fbc7SMichael Große        global $USERINFO;
347b2b9fbc7SMichael Große
348b2b9fbc7SMichael Große        // set up groups
349b2b9fbc7SMichael Große        if (!is_array($data['grps'])) {
350b2b9fbc7SMichael Große            $data['grps'] = array();
351b2b9fbc7SMichael Große        }
352b2b9fbc7SMichael Große        $data['grps'][] = $this->cleanGroup($service);
353b2b9fbc7SMichael Große        $data['grps'] = array_unique($data['grps']);
354b2b9fbc7SMichael Große
355b2b9fbc7SMichael Große        $USERINFO = $data;
356b2b9fbc7SMichael Große        $_SERVER['REMOTE_USER'] = $data['user'];
357d9be1cb5SAnna Dabrowska
358d9be1cb5SAnna Dabrowska        // FIXME this is not handled by SessionManager because auth.php accesses the data directly
359b2b9fbc7SMichael Große        $_SESSION[DOKU_COOKIE]['auth']['user'] = $data['user'];
360b2b9fbc7SMichael Große        $_SESSION[DOKU_COOKIE]['auth']['pass'] = $data['pass'];
361b2b9fbc7SMichael Große        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
362b2b9fbc7SMichael Große        $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
363b2b9fbc7SMichael Große        $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
364b2b9fbc7SMichael Große        $_SESSION[DOKU_COOKIE]['auth']['oauth'] = $service;
365b2b9fbc7SMichael Große    }
366b2b9fbc7SMichael Große
367b2b9fbc7SMichael Große    /**
3689928f5efSMichael Große     * @param string $user
369523e6571SMichael Große     * @param bool $sticky
3709928f5efSMichael Große     * @param string $servicename
371523e6571SMichael Große     * @param int $validityPeriodInSeconds optional, per default 1 Year
3729928f5efSMichael Große     */
3733e7ac5b1SAndreas Gohr    private function setUserCookie($user, $sticky, $servicename, $validityPeriodInSeconds = 31536000)
3743e7ac5b1SAndreas Gohr    {
3759928f5efSMichael Große        $cookie = base64_encode($user) . '|' . ((int)$sticky) . '|' . base64_encode('oauth') . '|' . base64_encode($servicename);
3769928f5efSMichael Große        $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
377523e6571SMichael Große        $time = $sticky ? (time() + $validityPeriodInSeconds) : 0;
3789928f5efSMichael Große        setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
3799928f5efSMichael Große    }
3809928f5efSMichael Große
381827232fcSMichael Große    /**
382a02a5d81SAnna Dabrowska     * @param array $session cookie auth session
383a02a5d81SAnna Dabrowska     *
384a02a5d81SAnna Dabrowska     * @return bool
385b2b9fbc7SMichael Große     */
386a02a5d81SAnna Dabrowska    protected function isSessionValid($session)
3873e7ac5b1SAndreas Gohr    {
388a02a5d81SAnna Dabrowska        /** @var helper_plugin_oauth $hlp */
389a02a5d81SAnna Dabrowska        $hlp = plugin_load('helper', 'oauth');
390a02a5d81SAnna Dabrowska        if ($hlp->validBrowserID($session)) {
391a02a5d81SAnna Dabrowska            if (!$hlp->isSessionTimedOut($session)) {
392a02a5d81SAnna Dabrowska                return true;
393a02a5d81SAnna Dabrowska            } elseif (!($hlp->isGETRequest() && $hlp->isDokuPHP())) {
394a02a5d81SAnna Dabrowska                // only force a recheck on a timed-out session during a GET request on the main script doku.php
395a02a5d81SAnna Dabrowska                return true;
396af2a4e8fSMichael Große            }
397af2a4e8fSMichael Große        }
398a02a5d81SAnna Dabrowska        return false;
399a02a5d81SAnna Dabrowska    }
400a02a5d81SAnna Dabrowska
401a02a5d81SAnna Dabrowska    /**
402a02a5d81SAnna Dabrowska     * Save login info in session
403a02a5d81SAnna Dabrowska     *
404a02a5d81SAnna Dabrowska     * @param string $servicename
405a02a5d81SAnna Dabrowska     */
406a02a5d81SAnna Dabrowska    protected function writeSession($servicename)
407a02a5d81SAnna Dabrowska    {
408a02a5d81SAnna Dabrowska        global $INPUT;
409a02a5d81SAnna Dabrowska
410d9be1cb5SAnna Dabrowska        // used to be in 'oauth-inprogress'
411d9be1cb5SAnna Dabrowska        self::$sessionManager->setServiceName($servicename);
412d9be1cb5SAnna Dabrowska        self::$sessionManager->setPid($INPUT->str('id'));
413d9be1cb5SAnna Dabrowska        self::$sessionManager->setParams($_GET);
414b8ca6a42SAnna Dabrowska
415d9be1cb5SAnna Dabrowska        // used to be in 'oauth-done'
416d9be1cb5SAnna Dabrowska        self::$sessionManager->setRequest($_REQUEST);
417a02a5d81SAnna Dabrowska
418a02a5d81SAnna Dabrowska        if (is_array($INPUT->post->param('do'))) {
419a02a5d81SAnna Dabrowska            $doPost = key($INPUT->post->arr('do'));
420a02a5d81SAnna Dabrowska        } else {
421a02a5d81SAnna Dabrowska            $doPost = $INPUT->post->str('do');
422a02a5d81SAnna Dabrowska        }
423a02a5d81SAnna Dabrowska        $doGet = $INPUT->get->str('do');
424a02a5d81SAnna Dabrowska        if (!empty($doPost)) {
425d9be1cb5SAnna Dabrowska            self::$sessionManager->setDo($doPost);
426a02a5d81SAnna Dabrowska        } elseif (!empty($doGet)) {
427d9be1cb5SAnna Dabrowska            self::$sessionManager->setDo($doGet);
428a02a5d81SAnna Dabrowska        }
429d9be1cb5SAnna Dabrowska        self::$sessionManager->saveState();
430b2b9fbc7SMichael Große    }
431b2b9fbc7SMichael Große
432b2b9fbc7SMichael Große    /**
433b8ca6a42SAnna Dabrowska     * Farmer plugin support
434b8ca6a42SAnna Dabrowska     *
435b8ca6a42SAnna Dabrowska     * When coming back to farmer instance via OAUTH redirectURI, we need to redirect again
436b8ca6a42SAnna Dabrowska     * to a proper animal instance detected from $state
437b2b9fbc7SMichael Große     *
438311a6606SAnna Dabrowska     * @param $state
439b2b9fbc7SMichael Große     */
440d9be1cb5SAnna Dabrowska    private function handleFarmState($state)
4413e7ac5b1SAndreas Gohr    {
442311a6606SAnna Dabrowska        /** @var \helper_plugin_farmer $farmer */
443311a6606SAnna Dabrowska        $farmer = plugin_load('helper', 'farmer', false, true);
444311a6606SAnna Dabrowska        $data = json_decode(base64_decode(urldecode($state)));
445311a6606SAnna Dabrowska        if (empty($data->animal) || $farmer->getAnimal() == $data->animal) {
446311a6606SAnna Dabrowska            return;
447827232fcSMichael Große        }
448311a6606SAnna Dabrowska        $animal = $data->animal;
449311a6606SAnna Dabrowska        $allAnimals = $farmer->getAllAnimals();
450311a6606SAnna Dabrowska        if (!in_array($animal, $allAnimals)) {
451311a6606SAnna Dabrowska            msg('Animal ' . $animal . ' does not exist!');
452311a6606SAnna Dabrowska            return;
453827232fcSMichael Große        }
454311a6606SAnna Dabrowska        global $INPUT;
455311a6606SAnna Dabrowska        $url = $farmer->getAnimalURL($animal) . '/doku.php?' . $INPUT->server->str('QUERY_STRING');
456311a6606SAnna Dabrowska        send_redirect($url);
457b2b9fbc7SMichael Große    }
458b2b9fbc7SMichael Große}
459b2b9fbc7SMichael Große
46080852c15SAndreas Gohr// vim:ts=4:sw=4:et:
461